[USN-1663-1] Nova vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQyRAGAAoJEFHb3FjMVZVzaksQAIRggczughjL2O4kCYNdLIP5
N6PwyxcQ2IGFdM1IXbZqtH0i3aEoh6WJiqvLfcflEhyyC1xx91WaDGzRQJT3moT4
1QdZC5HhdowbzTYn0ulqKavNaIEzCumTCz1IoBFbz0bunaeKQEYM7q21FqKM1xYj
wKs+nGVU5/DRWJSNWBHHwoWLrW7HnNAp+ocPpyrsLtlV0FIGG1Ho62IX0CEGAN3p
3KGZ1vHMkx5/Nr8bnK8IHsZdAn/hJkGHk4VBV39h4QAf3Eh9G63QoHPmki+Iwo5B
D+ROjqwV9C6NDUwEO/N0CNIFXyonlD3gHbtrwdZZe7yU+cmUN165nqNirBxki+f+
8mqB0tcEkqHhg6GfkelMOJ+9GgSnZixputjD44C+AcJxMu4z4Sr/Sq/DqSOVGGZK
LN19/+7yShhu+pSbvPW/15elAgFlu+S3Mj9XzWN0bn8Fe2FGYNImDbtt7hqVfN4i
s9F/1pOTciyAn5iqBFzH8DonXgFzSQnsfkiYCRqWTxCe2bKMkUbknHamjS4v3LNI
+Rkp2HZVdfJfsab+sePqGekdHTBOLszQjtOAku8PyItyyA7l/zlLd0A08i6Lasv+
RLxcMftuIpkCLNvEoUADCgwFhsSKVCwFAMSgLx83eeCYUvIVpDZOlB+AC8Jn5mXQ
K0YLpvcgn7+wyVlC3Yu2
=WmhT
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1663-1
December 12, 2012

nova vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Nova could be made to expose sensitive information.

Software Description:
- nova: OpenStack Compute cloud infrastructure

Details:

Eric Windisch discovered that Nova did not properly clear LVM-backed images
before they were reallocated which could potentially lead to an information
leak. This issue only affected setups using libvirt LVM-backed instances.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-nova 2012.2-0ubuntu5.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1663-1
CVE-2012-5625

Package Information:
https://launchpad.net/ubuntu/+source/nova/2012.2-0ubuntu5.2