UbuntuUpdates.org

Package "nova-vncproxy"

Name: nova-vncproxy

Description:

OpenStack Compute - VNC proxy

Latest version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
Release: precise (12.04)
Level: updates
Repository: main
Head package: nova
Homepage: http://launchpad.net/nova

Links


Download "nova-vncproxy"


Other versions of "nova-vncproxy" in Precise

Repository Area Version
base main 2012.1-0ubuntu2
security main 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4

Changelog

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2 2013-02-21 22:06:49 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Nova modules to use it
    - CVE-2013-1664
 -- Jamie Strandboge <email address hidden> Tue, 19 Feb 2013 11:45:46 -0600

Source diff to previous version
CVE-2013-1664 Denial of service via xml entity parsing

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1 2013-01-30 00:07:06 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: fix lack of authentication on block device used for
    os-volume_boot
    - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
      validate we can access the volumes
    - CVE-2013-0208
 -- Jamie Strandboge <email address hidden> Wed, 23 Jan 2013 13:03:11 -0600

Source diff to previous version
CVE-2013-0208 Boot from volume allows access to random volumes

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1 2012-09-03 16:07:00 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1) precise-proposed; urgency=low

  * New upstream snapshot, fixes FTBFS in -proposed. (LP: #1041120)
  * Resynchronize with stable/essex (4d2a4afe):
    - [5d63601] Inappropriate exception handling on kvm live/block migration
      (LP: #917615)
    - [ae280ca] Deleted floating ips can cause instance delete to fail
      (LP: #1038266)

Source diff to previous version
1041120 Meta bug for tracking Openstack Stable Updates
917615 Inappropriate exception handling on kvm live/block migration
1038266 Deleted floating ips can cause instance delete to fail

Version: 2012.1+stable~20120612-3ee026e-0ubuntu1.3 2012-08-23 13:06:53 UTC

  nova (2012.1+stable~20120612-3ee026e-0ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: Prohibit file injection writing to host filesystem
    - debian/patches/CVE-2012-3447.patch: update to perform the file name
      canonicalization as the root user
    - CVE-2012-3447
 -- Jamie Strandboge <email address hidden> Fri, 17 Aug 2012 14:09:26 -0500

Source diff to previous version
CVE-2012-3447 virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitr

Version: 2012.1+stable~20120612-3ee026e-0ubuntu1.2 2012-07-11 19:06:40 UTC

  nova (2012.1+stable~20120612-3ee026e-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: scheduler affinity denial of service
    - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
      instead of once for each scheduler hint instance id.
 -- Steve Beattie <email address hidden> Thu, 05 Jul 2012 10:58:26 -0700

CVE-2012-3371 RESERVED



About   -   Send Feedback to @ubuntu_updates