UbuntuUpdates.org

Package "nova"

Name: nova

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OpenStack Compute - API frontend
  • OpenStack Compute - certificate management
  • OpenStack Compute - common files
  • OpenStack Compute - compute node base

Latest version: 1:2014.1.5-0ubuntu1.7
Release: trusty (14.04)
Level: updates
Repository: main

Links



Other versions of "nova" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
base universe 1:2014.1-0ubuntu1
security main 1:2014.1.5-0ubuntu1.7
security universe 1:2014.1.5-0ubuntu1.7
updates universe 1:2014.1.5-0ubuntu1.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2014.1.5-0ubuntu1.7 2017-10-11 16:06:56 UTC

  nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via instance deletion during migration
    - debian/patches/CVE-2015-3241-1.patch: check for resize path on
      libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/libvirt/driver.py.
    - debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in
      nova/openstack/common/processutils.py.
    - debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before
      deleting instance in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py,
      nova/virt/libvirt/utils.py.
    - CVE-2015-3241
  * SECURITY UPDATE: DoS via instance deletion during resize
    - debian/patches/CVE-2015-3280.patch: delete orphaned instance files
      from compute nodes in nova/compute/manager.py,
      nova/tests/compute/test_compute_mgr.py.
    - CVE-2015-3280
  * SECURITY UPDATE: DoS via crafted disk image
    - debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to
      execute() in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-2.patch: add support for missing process
      limits in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-3.patch: set address space & CPU time
      limits when running qemu-img in nova/virt/images.py,
      nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py.
    - CVE-2015-5162
  * SECURITY UPDATE: arbitrary file read via snapshot
    - debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt
      snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-2.patch: fix format conversion in
      libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/images.py, nova/virt/libvirt/imagebackend.py.
    - debian/patches/CVE-2015-7548-3.patch: fix backing file detection in
      libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-4.patch: disable live snapshot for
      rbd-backed instances in nova/virt/libvirt/driver.py.
    - CVE-2015-7548
  * SECURITY UPDATE: restriction bypass via security group changes
    - debian/patches/CVE-2015-7713.patch: don't expect meta attributes in
      object_compat that aren't in the db obj in nova/compute/manager.py,
      nova/tests/compute/test_compute.py.
    - CVE-2015-7713
  * SECURITY UPDATE: password disclosure via xen log files
    - debian/patches/CVE-2015-8749.patch: mask passwords in volume
      connection_data dict in nova/virt/xenapi/volume_utils.py.
    - CVE-2015-8749
  * SECURITY UPDATE: arbitrary file read via crafted qcow2 header
    - debian/patches/CVE-2016-2140-1.patch: always copy or recreate
      disk.info during a migration in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt
      disk.info in non-disk-image cases in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in
      nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py.
    - CVE-2016-2140
  * Thanks to Red Hat for the backports many of these patches are based on.

 -- Marc Deslauriers <email address hidden> Wed, 13 Sep 2017 14:30:17 -0400

Source diff to previous version
CVE-2015-3241 OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allow
CVE-2015-3280 OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allo
CVE-2015-5162 The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not prope
CVE-2015-7548 OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set t
CVE-2015-7713 OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote
CVE-2015-8749 The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the conne
CVE-2016-2140 The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images i

Version: 1:2014.1.5-0ubuntu1.6 2017-02-02 23:06:37 UTC

  nova (1:2014.1.5-0ubuntu1.6) trusty; urgency=medium

  * Allow evacuate for an instance in the Error state (LP: #1298061)
    - d/p/remove_useless_state_check.patch remove unnecessary task_state check
    - d/p/evacuate_error_vm.patch Allow evacuate from error state

 -- Liang Chen <email address hidden> Fri, 09 Sep 2016 17:41:48 +0800

Source diff to previous version
1298061 nova should allow evacuate for an instance in the Error state

Version: 1:2014.1.5-0ubuntu1.5 2016-07-04 11:06:32 UTC

  nova (1:2014.1.5-0ubuntu1.5) trusty; urgency=medium

  * Fix live migration usage of the wrong connector (LP: #1475411)
    - d/p/Fix-live-migrations-usage-of-the-wrong-connector-inf.patch
  * Fix wrong used ProcessExecutionError exception (LP: #1308839)
    - d/p/Fix-wrong-used-ProcessExecutionError-exception.patch
  * Clean up iSCSI multipath devices in Post Live Migration (LP: #1357368)
    - d/p/Clean-up-iSCSI-multipath-devices-in-Post-Live-Migrat.patch
  * Detach iSCSI latest path for latest disk (LP: #1374999)
    - d/p/Detach-iSCSI-latest-path-for-latest-disk.patch

 -- Billy Olsen <email address hidden> Fri, 29 Apr 2016 15:35:01 -0700

Source diff to previous version
1475411 During post_live_migration the nova libvirt driver assumes that the destination connection info is the same as the source, which is not always true
1308839 ProcessExecutionError exception is not defined in exception.py now
1357368 Source side post Live Migration Logic cannot disconnect multipath iSCSI devices cleanly
1374999 iSCSI volume detach does not correctly remove the multipath device descriptors

Version: 1:2014.1.5-0ubuntu1.4 2015-11-04 19:07:28 UTC

  nova (1:2014.1.5-0ubuntu1.4) trusty; urgency=medium

  * Protect against possible rpcapi mismatch on upgrade (LP: #1506257)
    - d/p/protect-against-upgrade-rpc-ver-mismatch.patch

 -- Edward Hope-Morley Thu, 22 Oct 2015 10:00:29 -0500

Source diff to previous version
1506257 [SRU] rpcapi version mismatch possible on upgrade

Version: 1:2014.1.5-0ubuntu1.3 2015-09-23 20:06:43 UTC

  nova (1:2014.1.5-0ubuntu1.3) trusty; urgency=medium

  * Attempting to attach the same volume multiple times can cause
    bdm record for existing attachment to be deleted. (LP: #1349888)
    - d/p/fix-creating-bdm-for-failed-volume-attachment.patch

 -- Edward Hope-Morley Tue, 08 Sep 2015 12:32:45 +0100

1349888 [SRU] Attempting to attach the same volume multiple times can cause bdm record for existing attachment to be deleted.



About   -   Send Feedback to @ubuntu_updates