Package: cinder Version: 2013.1.2-3 Severity: important Tags: security patch
Grant Murphy from Red Hat reported that vulnerabilities in XML request parsers were not fully patched in OSSA 2013-004. By leveraging XML entity expansion in specific extensions, an unauthenticated attacker may still consume excessive resources on the Nova or Cinder API servers, resulting in a denial of service and potentially a crash. Only Nova setups making use of the security group extension in Grizzly are affected. Only Cinder setups making use of the backups or volume transfer API extension in Grizzly are affected. I'll upload the fix soon. Thomas Goirand (zigo)
Description: CVE-2013-4202 for DoS using XML entities in extensions Grant Murphy from Red Hat reported that vulnerabilities in XML request parsers were not fully patched in OSSA 2013-004. By leveraging XML entity expansion in specific extensions, an unauthenticated attacker may still consume excessive resources on the Nova or Cinder API servers, resulting in a denial of service and potentially a crash. Only Nova setups making use of the security group extension in Grizzly are affected. Only Cinder setups making use of the backups or volume transfer API extension in Grizzly are affected. Author: Grant Murphy (Red Hat) Origin: upstream, <url-missing> Bug-Debian: http://bugs.debian.org/<bugnumber> Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> Last-Update: 2013-08-07 --- cinder-2013.1.2.orig/cinder/api/contrib/backups.py +++ cinder-2013.1.2/cinder/api/contrib/backups.py @@ -17,7 +17,6 @@ import webob from webob import exc -from xml.dom import minidom from cinder.api import common from cinder.api import extensions @@ -28,6 +27,7 @@ from cinder import backup as backupAPI from cinder import exception from cinder import flags from cinder.openstack.common import log as logging +from cinder import utils FLAGS = flags.FLAGS LOG = logging.getLogger(__name__) @@ -82,7 +82,7 @@ class BackupRestoreTemplate(xmlutil.Temp class CreateDeserializer(wsgi.MetadataXMLDeserializer): def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) backup = self._extract_backup(dom) return {'body': {'backup': backup}} @@ -101,7 +101,7 @@ class CreateDeserializer(wsgi.MetadataXM class RestoreDeserializer(wsgi.MetadataXMLDeserializer): def default(self, string): - dom = minidom.parseString(string) + dom = utils.safe_minidom_parse_string(string) restore = self._extract_restore(dom) return {'body': {'restore': restore}}
