Package "nova-placement-api"

Name: nova-placement-api


OpenStack Compute - placement API frontend

Latest version: 2:17.0.13-0ubuntu5.3
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: nova
Homepage: http://launchpad.net/nova


Download "nova-placement-api"

Other versions of "nova-placement-api" in Bionic

Repository Area Version
base universe 2:17.0.1-0ubuntu1
security universe 2:17.0.13-0ubuntu5.3


Version: 2:17.0.13-0ubuntu5.3 2023-02-13 14:07:05 UTC

  nova (2:17.0.13-0ubuntu5.3) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2015-9543.patch: Mask the token used to allow
      access to consoles
    - CVE-2015-9543
  * SECURITY UPDATE: machine takeover vulnerability
    - debian/patches/CVE-2020-17376.patch: libvirt: Provide
      VIR_MIGRATE_PARAM_PERSIST_XML during live migration
    - CVE-2020-17376
  * SECURITY UPDATE: open redirect vulnerability
    - debian/patches/CVE-2021-3654-*.patch: Reject open redirection in the
      console proxy
    - CVE-2021-3654

 -- Nishit Majithia <email address hidden> Fri, 10 Feb 2023 14:20:43 +0530

Source diff to previous version
CVE-2015-9543 An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. A
CVE-2020-17376 An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a so
CVE-2021-3654 A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Version: 2:17.0.13-0ubuntu5.2 2023-02-09 15:07:02 UTC

  nova (2:17.0.13-0ubuntu5.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access
    - debian/patches/CVE-2022-47951.patch: Check VMDK create-type
      against an allowed list.
    - CVE-2022-47951

 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 08:21:41 -0500

Source diff to previous version
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:17.0.13-0ubuntu5 2022-10-05 06:06:25 UTC

  nova (2:17.0.13-0ubuntu5) bionic; urgency=medium

  * Fixes API to disallow source compute service/node deletion while instances
    are pending a resize confirm/revert (LP: #1852610).
   - d/p/0001-lp1852610_Add_functional_recreate_test_for_bug_1829479_and_bug_1817833.patch
   - d/p/0002-lp1852610_Add_functional_recreate_test_for_bug_1852610.patch
   - d/p/0003-lp1852610_Add_functional_recreate_revert_resize_test_for_bug_1852610.patch
   - d/p/0004-lp1852610_api_allows_source_compute_service.patch

 -- Brett Milford <email address hidden> Thu, 23 Jun 2022 16:41:00 +1000

Source diff to previous version
1852610 [SRU] API allows source compute service/node deletion while instances are pending a resize confirm/revert

Version: 2:17.0.13-0ubuntu4 2021-10-20 22:06:22 UTC

  nova (2:17.0.13-0ubuntu4) bionic; urgency=medium

  * d/p/libvirt-Ignore-DiskNotFound-during-update_available.patch: Ignore
    DiskNotFound during update_available_resource (LP: #1774249).

 -- Alin-Gabriel Serdean <email address hidden> Tue, 21 Sep 2021 18:29:56 +0000

Source diff to previous version

Version: 2:17.0.13-0ubuntu3 2021-08-30 09:06:26 UTC

  nova (2:17.0.13-0ubuntu3) bionic; urgency=medium

  * Force refresh instance info_cache during heal (LP: #1751923):
    - d/p/0001-Force-refresh-instance-info_cache-during-heal.patch
    - d/p/0002-remove-deprecated-test_list_vifs_neutron_notimplemented.patch

 -- Jorge Niedbalski <email address hidden> Mon, 17 May 2021 14:25:43 -0400

1751923 [SRU]_heal_instance_info_cache periodic task bases on port list from nova db, not from neutron server

About   -   Send Feedback to @ubuntu_updates