drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in openstack-nova
Name: |
Mangelnde Rechteprüfung in openstack-nova |
|
ID: |
FEDORA-2013-1816 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 17 |
|
Datum: |
So, 10. Februar 2013, 10:29 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0208 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
Name : openstack-nova Product : Fedora 17 Version : 2012.1.3 Release : 3.fc17 URL : http://openstack.org/projects/compute/ Summary : OpenStack Compute (nova) Description : OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects. OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.
------------------------------------------------------------------------------- - Update Information:
- disallow boot from arbitrary volumes (CVE-2013-0208)
- Disable image cache cleanup to avoid issues with shared storage
------------------------------------------------------------------------------- - ChangeLog:
* Tue Jan 29 2013 Pádraig Brady <pbrady@redhat.com> - 2012.1.3-3 - disallow boot from volume from specifying arbitrary volumes (CVE-2013-0208) * Thu Nov 29 2012 Nikola Dipanov <ndipanov@redhat.com> - 2012.1.3-2 - nova.conf default configuration tweak to prevent image deletion due to an imagecahce bug * Fri Oct 12 2012 Nikola Dipanov <ndipanov@redhat.com> - 2012.1.3-1 - Restore libvirt block storage connections on reboot - Fix libvirt volume attachment error logging - Ensure instances with deleted floating IPs can be deleted - Ensure can contact floating IP after instance snapshot - Fix tenant usage time accounting - Ensure correct disk definitions are used on volume attach/detach - Improve concurrency of long running tasks - Fix unmounting of LXC containers in the presence of symlinks - Fix external lock corruption in the presence of SELinux - Allow snapshotting images that are deleted in glance - Ensure the correct fixed IP is deallocated when deleting VMs * Fri Aug 10 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-15 - Fix package versions to ensure update dependencies are correct - Fix CA cert permissions issue introduced in 2012.1.1-10 * Wed Aug 8 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-13 - Log live migration errors - Prohibit host file corruption through file injection (CVE-2012-3447) * Mon Aug 6 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-12 - Fix group installation issue introduced in 2012.1.1-10 * Mon Jul 30 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-11 - Update from stable upstream including... - Fix metadata file injection with xen - Fix affinity filters when hints is None - Fix marker behavior for flavors - Handle local remote exceptions consistently - Fix qcow2 size on libvirt live block migration - Fix for API listing of os hosts - Avoid lazy loading errors on instance_type - Avoid casts in network manager to prevent races - Conditionally allow queries for deleted flavours - Fix wrong regex in cleanup_file_locks - Add net rules to VMs on compute service start - Tolerate parsing null connection info in BDM - Support EC2 CreateImage API for boot from volume - EC2 DescribeImages reports correct rootDeviceType - Reject EC2 CreateImage for instance store - Fix EC2 CreateImage no_reboot logic - Convert remaining network API casts to calls - Move where the fixed ip deallocation happens - Fix the qpid_heartbeat option so that it's effective * Fri Jul 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-10 - Split out into more sub packages * Fri Jul 20 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-4 - Enable auto cleanup of old cached instance images - Fix ram_allocation_ratio based over subscription - Expose over quota exceptions via native API - Return 413 status on over quota in the native API - Fix call to network_get_all_by_uuids - Fix libvirt get_memory_mb_total with xen - Use compute_api.get_all in affinity filters (CVE-2012-3371) - Use default qemu img cluster size in libvirt connect - Ensure libguestfs has completed before proceeding * Thu Jul 5 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-3 - Distinguish volume overlimit exceptions - Prohibit host file corruption through file injection (CVE-2012-3360, CVE-2012-3361) * Wed Jun 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-2 - Update to latest essex stable branch - Support injecting new .ssh/authorized_keys files to SELinux enabled guests * Fri Jun 22 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-1 - Update to essex stable release 2012.1.1 - Improve performance and stability of file injection * Mon Jun 11 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-10 - update performance and stability fixes from essex stable * Mon Jun 11 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-9 - fix an exception caused by the fix for CVE-2012-2654 - fix the encoding of the dns_domains table (requires a db sync) - fix a crash due to a nova services startup race (#825051) * Fri Jun 8 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-8 - Enable libguestfs image inspection * Wed Jun 6 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-7 - Sync up with Essex stable branch, including... - Fix for protocol case handling (#829440, CVE-2012-2654) * Wed May 16 2012 Alan Pevec <apevec@redhat.com> - 2012.1-6 - Remove m2crypto and other dependencies no loner needed by Essex * Wed May 16 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-5 - Sync up with Essex stable branch - Handle updated qemu-img info output - Remove redundant and outdated openstack-nova-db-setup * Wed May 9 2012 Alan Pevec <apevec@redhat.com> - 2012.1-4 - Remove the socat dependency no longer needed by Essex * Fri Apr 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-3 - Reference new Essex services at installation ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update openstack-nova' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|