Red Hat Security Advisory 2013-0208-01 - The openstack-nova packages provide OpenStack Compute, a cloud computing fabric controller. The openstack-nova packages have been upgraded to upstream version 2012.2.2, which provides a number of bug fixes over the previous version. This update also fixes the following security issues: It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them to boot images they would otherwise not have access to, exposing data stored in other users' images. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack.
5fd88f6598b40a559cd20867e3debfeaa0cd71227c88be7a409d9824869f3f9b
Ubuntu Security Notice 1663-1 - Eric Windisch discovered that Nova did not properly clear LVM-backed images before they were reallocated which could potentially lead to an information leak. This issue only affected setups using libvirt LVM-backed instances.
47552d961cb7420e227e0d7f341bfa33241e9daa98c95fecf923a48db77bb204