All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "nova-vncproxy"

Name: nova-vncproxy

Description:

OpenStack Compute - VNC proxy
Latest version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1
Release: precise (12.04)
Level: updates
Repository: main
Head package: nova
Homepage: http://launchpad.net/nova

Links

Save this URL for the latest version of "nova-vncproxy": http://www.ubuntuupdates.org/nova-vncproxy

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "nova-vncproxy"

All arch deb package APT INSTALL

Other versions of "nova-vncproxy" in Precise

RepositoryAreaVersion
base main 2012.1-0ubuntu2
security main 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1

Change Log

Version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1 2013-05-17 00:07:23 UTC

  nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: verify virtual size of QCOW2 images
    - CVE-2013-2096.patch: update nova/virt/libvirt/connection.py to check
      QCOW2 image size during root disk creation
    - CVE-2013-2096
 -- Jamie Strandboge <email address hidden> Wed, 15 May 2013 16:37:20 -0500
Source diff to previous version
CVE-2013-2096 fails to verify image virtual size

Version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1 2013-05-16 18:06:45 UTC

  nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed; urgency=low

  * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
    - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
    - [3bf5a58] snat rule too broad for some network configurations LP: 1048765
    - [efaacda] DOS by allocating all fixed ips LP: 1125468
    - [b683ced] Add nosehtmloutput as a test dependency.
    - [45274c8] Nova unit tests not running, but still passing for stable/essex
      LP: 1132835
    - [e02b459] vnc unit-test fixes
    - [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
    - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
    - [243d516] No authentication on block device used for os-volume_boot
      LP: 1069904
    - [80fefe5] use_single_default_gateway does not function correctly
      (LP: #1075859)
    - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
      attached (LP: #1079745)
    - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
      slow (LP: #1062314)
    - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
      fixed_ip (LP: #1017633)
    - [20f98c5] failed to allocate fixed ip because old deleted one exists
      (LP: #996482)
    - [75f6922] snapshot stays in saving state if the vm base image is deleted
      (LP: #921774)
    - [1076699] lock files may be removed in error dues to permissions issues
      (LP: #1051924)
    - [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
    - [4eebe76] At termination, LXC rootfs is not always unmounted before
      rmtree() is called (LP: #1046313)
    - [47dabb3] Heavily loaded nova-compute instances don't sent reports
      frequently enough (LP: #1045152)
    - [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
    - [4ac2dcc] nova usage-list returns wrong usage (LP: #1043999)
    - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
      (LP: #1040537)
    - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
      (LP: #1026210)
  * Dropped, superseeded by new snapshot:
    - debian/patches/CVE-2013-0335.patch: [48e81f1]
    - debian/patches/CVE-2013-1838.patch: [efaacda]
    - debian/patches/CVE-2013-1664.patch: [c0a10db]
    - debian/patches/CVE-2013-0208.patch: [243d516]
 -- Yolanda <email address hidden> Mon, 22 Apr 2013 12:37:08 +0200
Source diff to previous version
1089488 Meta bug for tracking Openstack Stable Updates
1075859 use_single_default_gateway does not function correctly
1079745 Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes attached
1062314 do_refresh_security_group_rules in nova.virt.firewall is very slow
1017633 deallocate_fixed_ip attempts to update an already deleted fixed_ip
996482 failed to allocate fixed ip because old deleted one exists
921774 snapshot stays in saving state if the vm base image is deleted
1051924 lock files may be removed in error dues to permissions issues
1050982 ensure_default_security_group() does not call sgh
1046313 At termination, LXC rootfs is not always unmounted before rmtree() is called
1045152 Heavily loaded nova-compute instances don't sent reports frequently enough
1004791 When attach volume lost attach when node restart
1043999 nova usage-list returns wrong usage
1040537 Bridge port's hairpin mode not set after resuming a machine
1026210 Nova flavor ephemeral space size reported incorrectly
CVE-2013-1664 Denial of service via xml entity parsing
CVE-2013-0335 VNC proxy can connect to the wrong VM
CVE-2013-1838 Nova DoS by allocating all Fixed IPs
CVE-2013-0208 Boot from volume allows access to random volumes

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4 2013-03-20 22:06:47 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
    - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
    - CVE-2013-1838
    - LP: #1125468
  * SECURITY UPDATE: fix VNC token validation
    - debian/patches/CVE-2013-0335*.patch: force console auth service to flush
      all tokens associated with an instance when it is deleted
    - CVE-2013-0335
    - LP: #1125378
 -- Jamie Strandboge <email address hidden> Wed, 20 Mar 2013 10:07:08 -0500
Source diff to previous version
1125468 DOS by allocating all fixed ips
1125378 VNC proxy can be made to connect to wrong VM
CVE-2013-1838 Nova DoS by allocating all Fixed IPs
CVE-2013-0335 VNC proxy can connect to the wrong VM

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2 2013-02-21 22:06:49 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Nova modules to use it
    - CVE-2013-1664
 -- Jamie Strandboge <email address hidden> Tue, 19 Feb 2013 11:45:46 -0600
Source diff to previous version
CVE-2013-1664 Denial of service via xml entity parsing

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1 2013-01-30 00:07:06 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: fix lack of authentication on block device used for
    os-volume_boot
    - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
      validate we can access the volumes
    - CVE-2013-0208
 -- Jamie Strandboge <email address hidden> Wed, 23 Jan 2013 13:03:11 -0600
CVE-2013-0208 Boot from volume allows access to random volumes


About   -   Changelog   -   Send Feedback
Site Meter