Publishing details
Changelog
nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via instance deletion during migration
- debian/patches/CVE-2015-3241-1.patch: check for resize path on
libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py,
nova/virt/libvirt/driver.py.
- debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in
nova/openstack/common/processutils.py.
- debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before
deleting instance in nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/test_libvirt_utils.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py,
nova/virt/libvirt/utils.py.
- CVE-2015-3241
* SECURITY UPDATE: DoS via instance deletion during resize
- debian/patches/CVE-2015-3280.patch: delete orphaned instance files
from compute nodes in nova/compute/manager.py,
nova/tests/compute/test_compute_mgr.py.
- CVE-2015-3280
* SECURITY UPDATE: DoS via crafted disk image
- debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to
execute() in nova/openstack/common/prlimit.py,
nova/openstack/common/processutils.py,
nova/tests/openstack_common/test_processutils.py.
- debian/patches/CVE-2015-5162-2.patch: add support for missing process
limits in nova/openstack/common/prlimit.py,
nova/openstack/common/processutils.py,
nova/tests/openstack_common/test_processutils.py.
- debian/patches/CVE-2015-5162-3.patch: set address space & CPU time
limits when running qemu-img in nova/virt/images.py,
nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/test_image_utils.py,
nova/tests/virt/libvirt/test_libvirt_utils.py.
- CVE-2015-5162
* SECURITY UPDATE: arbitrary file read via snapshot
- debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt
snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py,
nova/tests/virt/libvirt/test_image_utils.py,
nova/tests/virt/libvirt/test_libvirt_utils.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
- debian/patches/CVE-2015-7548-2.patch: fix format conversion in
libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py,
nova/virt/images.py, nova/virt/libvirt/imagebackend.py.
- debian/patches/CVE-2015-7548-3.patch: fix backing file detection in
libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
- debian/patches/CVE-2015-7548-4.patch: disable live snapshot for
rbd-backed instances in nova/virt/libvirt/driver.py.
- CVE-2015-7548
* SECURITY UPDATE: restriction bypass via security group changes
- debian/patches/CVE-2015-7713.patch: don't expect meta attributes in
object_compat that aren't in the db obj in nova/compute/manager.py,
nova/tests/compute/test_compute.py.
- CVE-2015-7713
* SECURITY UPDATE: password disclosure via xen log files
- debian/patches/CVE-2015-8749.patch: mask passwords in volume
connection_data dict in nova/virt/xenapi/volume_utils.py.
- CVE-2015-8749
* SECURITY UPDATE: arbitrary file read via crafted qcow2 header
- debian/patches/CVE-2016-2140-1.patch: always copy or recreate
disk.info during a migration in nova/virt/libvirt/driver.py,
nova/tests/virt/libvirt/test_libvirt.py.
- debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt
disk.info in non-disk-image cases in nova/virt/libvirt/driver.py,
nova/tests/virt/libvirt/test_libvirt.py.
- debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in
nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py.
- CVE-2016-2140
* Thanks to Red Hat for the backports many of these patches are based on.
-- Marc Deslauriers <email address hidden> Wed, 13 Sep 2017 14:30:17 -0400
Builds
Built packages
-
nova-ajax-console-proxy
OpenStack Compute - AJAX console proxy - transitional package
-
nova-api
OpenStack Compute - API frontend
-
nova-api-ec2
OpenStack Compute - EC2 API frontend
-
nova-api-metadata
OpenStack Compute - metadata API frontend
-
nova-api-os-compute
OpenStack Compute - OpenStack Compute API frontend
-
nova-api-os-volume
OpenStack Compute - OpenStack Volume API frontend
-
nova-baremetal
Openstack Compute - baremetal virt
-
nova-cells
Openstack Compute - cells
-
nova-cert
OpenStack Compute - certificate management
-
nova-common
OpenStack Compute - common files
-
nova-compute
OpenStack Compute - compute node base
-
nova-compute-kvm
OpenStack Compute - compute node (KVM)
-
nova-compute-libvirt
OpenStack Compute - compute node libvirt support
-
nova-compute-lxc
OpenStack Compute - compute node (LXC)
-
nova-compute-qemu
OpenStack Compute - compute node (QEmu)
-
nova-compute-vmware
OpenStack Compute - compute node (VMware)
-
nova-compute-xen
OpenStack Compute - compute node (Xen)
-
nova-conductor
OpenStack Compute - conductor service
-
nova-console
OpenStack Compute - Console
-
nova-consoleauth
OpenStack Compute - Console Authenticator
-
nova-doc
OpenStack Compute - documentation
-
nova-network
OpenStack Compute - Network manager
-
nova-novncproxy
OpenStack Compute - NoVNC proxy
-
nova-objectstore
OpenStack Compute - object store
-
nova-scheduler
OpenStack Compute - virtual machine scheduler
-
nova-spiceproxy
OpenStack Compute - spice html5 proxy
-
nova-volume
OpenStack Compute - storage
-
nova-xvpvncproxy
OpenStack Compute - XVP VNC proxy
-
python-nova
OpenStack Compute Python libraries
Package files