Executive Summary

Summary
Title Nova-LXD vulnerability
Informations
Name USN-3195-1 First vendor Publication 2017-02-10
Vendor Ubuntu Last vendor Modification 2017-02-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Nova-LXD could allow unintended access to LXD instances over the network.

Software Description: - nova-lxd: Openstack Compute - LXD container hypervisor support

Details:

James Page discovered that Nova-LXD incorrectly set up virtual network devices when creating LXD instances. This could result in an unintended firewall configuration.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS:
python-nova-lxd 13.2.0-0ubuntu1.16.04.1

In general, a standard system update will make all the necessary changes for new instances. However, existing instances will still be affected and must be manually updated.

References:
http://www.ubuntu.com/usn/usn-3195-1
CVE-2017-5936, https://launchpad.net/bugs/1656847

Package Information:
https://launchpad.net/ubuntu/+source/nova-lxd/13.2.0-0ubuntu1.16.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-3195-1

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Nessus® Vulnerability Scanner

Date Description
2017-02-10 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3195-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2017-04-20 21:20:51
  • Multiple Updates
2017-04-13 05:21:56
  • Multiple Updates
2017-02-11 13:25:15
  • Multiple Updates
2017-02-10 05:20:51
  • First insertion