UbuntuUpdates.org

Package "nova-ajax-console-proxy"

Name: nova-ajax-console-proxy

Description:

OpenStack Compute - AJAX console proxy - transitional package
Latest version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
Release: precise (12.04)
Level: security
Repository: universe
Head package: nova
Homepage: http://launchpad.net/nova

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nova-ajax-console-proxy"

All arch deb package
APT INSTALL

Other versions of "nova-ajax-console-proxy" in Precise

Repository Area Version
base universe 2012.1-0ubuntu2
updates universe 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4

Changelog

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1 2013-01-30 00:07:08 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: fix lack of authentication on block device used for
    os-volume_boot
    - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
      validate we can access the volumes
    - CVE-2013-0208
 -- Jamie Strandboge <email address hidden> Wed, 23 Jan 2013 13:03:11 -0600
Source diff to previous version
CVE-2013-0208 Boot from volume allows access to random volumes

Version: 2012.1+stable~20120612-3ee026e-0ubuntu1.3 2012-08-22 20:06:56 UTC

  nova (2012.1+stable~20120612-3ee026e-0ubuntu1.3) precise-security; urgency=low

  * SECURITY UPDATE: Prohibit file injection writing to host filesystem
    - debian/patches/CVE-2012-3447.patch: update to perform the file name
      canonicalization as the root user
    - CVE-2012-3447
 -- Jamie Strandboge <email address hidden> Fri, 17 Aug 2012 14:09:26 -0500
Source diff to previous version
CVE-2012-3447 virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitr

Version: 2012.1+stable~20120612-3ee026e-0ubuntu1.2 2012-07-11 18:06:40 UTC

  nova (2012.1+stable~20120612-3ee026e-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: scheduler affinity denial of service
    - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
      instead of once for each scheduler hint instance id.
 -- Steve Beattie <email address hidden> Thu, 05 Jul 2012 10:58:26 -0700
Source diff to previous version
CVE-2012-3371 RESERVED

Version: 2012.1+stable~20120612-3ee026e-0ubuntu1.1 2012-07-03 17:06:39 UTC

  nova (2012.1+stable~20120612-3ee026e-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary file injection/corruption
    - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
      be injected in arbitrary locations
    - CVE-2012-3360
    - CVE-2012-3361
 -- Steve Beattie <email address hidden> Mon, 02 Jul 2012 19:54:17 -0700
Source diff to previous version
CVE-2012-3360 arbitrary file corruption through directory traversal
CVE-2012-3361 arbitrary file injection through directory traversal

Version: 2012.1-0ubuntu2.3 2012-06-12 23:06:42 UTC

  nova (2012.1-0ubuntu2.3) precise-security; urgency=low

  * REGRESSION FIX: security group without protocol set failure (LP: #1010514)
    - debian/patches/CVE-2012-2654-regression.patch: only call .lower()
      when a protocol has been set.
 -- Steve Beattie <email address hidden> Mon, 11 Jun 2012 16:00:50 -0700
1010514 Source group based security group rule without pro...
CVE-2012-2654 RESERVED


About   -   Send Feedback to @ubuntu_updates