drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in Octavia
Name: |
Mangelnde Prüfung von Zertifikaten in Octavia |
|
ID: |
USN-4153-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 19.04 |
|
Datum: |
Do, 10. Oktober 2019, 16:32 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17134 |
|
Applikationen: |
octavia |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4594822083995921315== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qTe3r7EjsPPYNs52e3grH83PTNL06mChE"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qTe3r7EjsPPYNs52e3grH83PTNL06mChE Content-Type: multipart/mixed; boundary="3IG8zHU0VcBFPJwFTRcK01hFeW3OV0IHy"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <eb6084b0-4fa3-a1ae-7fb4-596bbf9267eb@canonical.com> Subject: [USN-4153-1] Octavia vulnerability
--3IG8zHU0VcBFPJwFTRcK01hFeW3OV0IHy Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4153-1 October 10, 2019
octavia vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
Summary:
Octavia could allow unintended access to network services.
Software Description: - octavia: OpenStack Load Balancer Service
Details:
Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: amphora-agent 4.0.0-0ubuntu1.2 octavia-common 4.0.0-0ubuntu1.2 python3-octavia 4.0.0-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4153-1 CVE-2019-17134
Package Information: https://launchpad.net/ubuntu/+source/octavia/4.0.0-0ubuntu1.2
--3IG8zHU0VcBFPJwFTRcK01hFeW3OV0IHy--
--qTe3r7EjsPPYNs52e3grH83PTNL06mChE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2fMv0ACgkQZWnYVadE vpNs4g//Zmg/FGtFszAAkpd+/IGPtOLgMhp5GQ4QCG0F/ujGz+iu1krlwgZRUQtN UmFIQlqrzfBo6F7cwox3MOm9KrVHbAZ5uXQ92zRYRfaVaIbsLRgogZvIgn9Ga+Te zDRCbIKToj80HHmJho+qGTVtdmOfiuEJfdUddriG9jBlIkECsoijGC/vfhjdwDnp 4VlB2i+0YStJUdMXOWLCwXRw+qAVPx3Eh5ORnsDWyQKEOLYyPrReWyX8k7x6fIv8 pAVzU2SvEdZaithYa1DOyzE1HDSQlz/sODpKoSJH8vCFvA1+zFrY+A28BMMsBadd ZiRyWReOhrgbvS7xSsy1DHyC7Sk6Wfiuls+g7vxiM++qz4C4ybVh4gHRkyJa1D5F 2+4PLvH3C5u+yOEyj/Ch/ztlkM6sbkuMLUaLtFwgcbbdbEwEAkoc5m0yoTN3xUdA ZtUf9EYbfh1BOU/hWqvl/eAoz3TQ+bN1E/QD9+D3ImfUv3mgZPoAdI8vyUHdqR7H kBekweUN51kSnQ+gVeOrs3ycQlGxPmHiw/JxKnCYusU1lakJ9/E9bMeqVyCpB7lv +z2oPMo24wdzNdzR/d4+DaE5Tk0OeUk2Kr41vknd2MxdSIlPQ6JDnIhB5f6dbYFU hPsuwd0JTeApFCYs9wsch+y92zKYNQtq3G4eKbkqdwUSqgbtKcI= =2F7e -----END PGP SIGNATURE-----
--qTe3r7EjsPPYNs52e3grH83PTNL06mChE--
--===============4594822083995921315== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============4594822083995921315==--
|
|
|
|