drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in openstack-nova
Name: |
Überschreiben von Dateien in openstack-nova |
|
ID: |
FEDORA-2012-11756 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 17 |
|
Datum: |
Di, 21. August 2012, 14:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3447 |
|
Applikationen: |
OpenStack |
|
Originalnachricht |
Name : openstack-nova Product : Fedora 17 Version : 2012.1.1 Release : 15.fc17 URL : http://openstack.org/projects/compute/ Summary : OpenStack Compute (nova) Description : OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects. OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.
------------------------------------------------------------------------------- - Update Information:
- Fix package dependencies for updates - Fix CA cert permissions issue introduced in 2012.1.1-10 - Split out into more sub packages
- Update from stable upstream including...
- Fix metadata file injection with xen
- Fix affinity filters when hints is None
- Fix marker behavior for flavors
- Handle local remote exceptions consistently
- Fix qcow2 size on libvirt live block migration
- Fix for API listing of os hosts
- Avoid lazy loading errors on instance_type
- Avoid casts in network manager to prevent races
- Conditionally allow queries for deleted flavours
- Fix wrong regex in cleanup_file_locks
- Add net rules to VMs on compute service start
- Tolerate parsing null connection info in BDM
- Support EC2 CreateImage API for boot from volume
- EC2 DescribeImages reports correct rootDeviceType
- Reject EC2 CreateImage for instance store
- Fix EC2 CreateImage no_reboot logic
- Convert remaining network API casts to calls
- Move where the fixed ip deallocation happens
- Fix the qpid_heartbeat option so that it's effective
- Prohibit host file corruption through file injection (CVE-2012-3447)
------------------------------------------------------------------------------- - ChangeLog:
* Fri Aug 10 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-15 - Fix package versions to ensure update dependencies are correct - Fix CA cert permissions issue introduced in 2012.1.1-10 * Wed Aug 8 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-13 - Log live migration errors - Prohibit host file corruption through file injection (CVE-2012-3447) * Mon Aug 6 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-12 - Fix group installation issue introduced in 2012.1.1-10 * Mon Jul 30 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-11 - Update from stable upstream including... - Fix metadata file injection with xen - Fix affinity filters when hints is None - Fix marker behavior for flavors - Handle local remote exceptions consistently - Fix qcow2 size on libvirt live block migration - Fix for API listing of os hosts - Avoid lazy loading errors on instance_type - Avoid casts in network manager to prevent races - Conditionally allow queries for deleted flavours - Fix wrong regex in cleanup_file_locks - Add net rules to VMs on compute service start - Tolerate parsing null connection info in BDM - Support EC2 CreateImage API for boot from volume - EC2 DescribeImages reports correct rootDeviceType - Reject EC2 CreateImage for instance store - Fix EC2 CreateImage no_reboot logic - Convert remaining network API casts to calls - Move where the fixed ip deallocation happens - Fix the qpid_heartbeat option so that it's effective * Fri Jul 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-10 - Split out into more sub packages * Fri Jul 20 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-4 - Enable auto cleanup of old cached instance images - Fix ram_allocation_ratio based over subscription - Expose over quota exceptions via native API - Return 413 status on over quota in the native API - Fix call to network_get_all_by_uuids - Fix libvirt get_memory_mb_total with xen - Use compute_api.get_all in affinity filters (CVE-2012-3371) - Use default qemu img cluster size in libvirt connect - Ensure libguestfs has completed before proceeding * Thu Jul 5 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-3 - Distinguish volume overlimit exceptions - Prohibit host file corruption through file injection (CVE-2012-3360, CVE-2012-3361) * Wed Jun 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-2 - Update to latest essex stable branch - Support injecting new .ssh/authorized_keys files to SELinux enabled guests * Fri Jun 22 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-1 - Update to essex stable release 2012.1.1 - Improve performance and stability of file injection * Mon Jun 11 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-10 - update performance and stability fixes from essex stable * Mon Jun 11 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-9 - fix an exception caused by the fix for CVE-2012-2654 - fix the encoding of the dns_domains table (requires a db sync) - fix a crash due to a nova services startup race (#825051) * Fri Jun 8 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-8 - Enable libguestfs image inspection * Wed Jun 6 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-7 - Sync up with Essex stable branch, including... - Fix for protocol case handling (#829440, CVE-2012-2654) * Wed May 16 2012 Alan Pevec <apevec@redhat.com> - 2012.1-6 - Remove m2crypto and other dependencies no loner needed by Essex * Wed May 16 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-5 - Sync up with Essex stable branch - Handle updated qemu-img info output - Remove redundant and outdated openstack-nova-db-setup * Wed May 9 2012 Alan Pevec <apevec@redhat.com> - 2012.1-4 - Remove the socat dependency no longer needed by Essex * Fri Apr 27 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-3 - Reference new Essex services at installation ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #846624 - CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption (incomplete fix for CVE-2012-3361) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=846624 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update openstack-nova' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|