drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenStack
Name: |
Mehrere Probleme in OpenStack |
|
ID: |
USN-3449-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS |
|
Datum: |
Mi, 11. Oktober 2017, 19:05 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0811813201588306005== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BhkWn0DK7TLM45B59A7CNK5KkGaWHN7r5"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BhkWn0DK7TLM45B59A7CNK5KkGaWHN7r5 Content-Type: multipart/mixed; boundary="607LP8B0sMNsixRhPlxtQ5aSDwrrNBJlL"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <5f8d2f1d-a2f9-c586-1698-a924de86abed@canonical.com> Subject: [USN-3449-1] OpenStack Nova vulnerabilities
--607LP8B0sMNsixRhPlxtQ5aSDwrrNBJlL Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3449-1 October 11, 2017
nova vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenStack Nova.
Software Description: - nova: OpenStack Compute cloud infrastructure
Details:
George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-3241)
George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleting instances. A remote authenticated user could use this issue to consume disk resources, resulting in a denial of service. (CVE-2015-3280)
It was discovered that OpenStack Nova incorrectly limited qemu-img calls. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. (CVE-2015-5162)
Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots. A remote authenticated user could use this issue to read arbitrary files. (CVE-2015-7548)
Sreekumar S. and Suntao discovered that OpenStack Nova incorrectly applied security group changes. A remote attacker could possibly use this issue to bypass intended restriction changes by leveraging an instance that was running when the change was made. (CVE-2015-7713)
Matt Riedemann discovered that OpenStack Nova incorrectly handled logging. A local attacker could possibly use this issue to obtain sensitive information from log files. (CVE-2015-8749)
Matthew Booth discovered that OpenStack Nova incorrectly handled certain qcow2 headers. A remote authenticated user could possibly use this issue to read arbitrary files. (CVE-2016-2140)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: python-nova 1:2014.1.5-0ubuntu1.7
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3449-1 CVE-2015-3241, CVE-2015-3280, CVE-2015-5162, CVE-2015-7548, CVE-2015-7713, CVE-2015-8749, CVE-2016-2140
Package Information: https://launchpad.net/ubuntu/+source/nova/1:2014.1.5-0ubuntu1.7
--607LP8B0sMNsixRhPlxtQ5aSDwrrNBJlL--
--BhkWn0DK7TLM45B59A7CNK5KkGaWHN7r5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZ3huHAAoJEGVp2FWnRL6T05gQALg0HW0Hk1XDpKPqTQEoBct1 Z6hSGlwLeNJJ2BEGyJcnx1Zgswe1GP5NjcqxEy4Hrhhxeuvaq7gjD15M9IPmcvJS 8n7gTTX2x5wENSm/TMTk7VxZ7iWk5Cay5i8HgfwQ/jQhjiZquMlqi+XUbvsyNAtu J1FVRsAcDopm8J0xazAWBcoEcCsnVv3qYyUdWjmMkacb7KRXgFxFjkaxC2YzACfm nEyeyBhHF+UPt9HezVjSNndkVeZwWuSKkRLAE2sSfJukSbFioytaXDB0LwjBJPnk 3CqdfCQ7OacxzoyMgORLrrmN6MlNfAOqlKx7BEA1yQxDp1f2nyeWHgYN3DwJzDHS V2KNotnS5Lmk4Ot6juys5Zrn7Wr8lr7cgdqwBkDzglpsCq7NyklIKOlvfz/fdgXB ABrjqx9SVA3vgkuhTwKyVtNZLBbTXnuOcyzUUvj2drxExiQiq8JlBZTAEvLfXREB sEvprxsiIGqKVJrxBd3iZT7Ky0cUDFf1IHocudFpM1aMzfccJ4BUjqqX9ArkJnGz hZKHKM7ik6D6Jiq23WkQ7M5GYS56s2QEFUQurBPl/Cs5KKjCK/xJ69btuyR+Nfad f87oYhjwM5tWGG3tgV8UYr6VswiweMK6TzGYDhmEkWDeI9H3nsAMBLivYqd+nKCU C65CjVIX+BftGfaqLljV =hRLD -----END PGP SIGNATURE-----
--BhkWn0DK7TLM45B59A7CNK5KkGaWHN7r5--
--===============0811813201588306005== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============0811813201588306005==--
|
|
|
|