UbuntuUpdates.org

Package "nova-api-os-compute"

Name: nova-api-os-compute

Description:

OpenStack Compute - OpenStack Compute API frontend

Latest version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
Release: precise (12.04)
Level: security
Repository: universe
Head package: nova
Homepage: http://launchpad.net/nova

Links


Download "nova-api-os-compute"


Other versions of "nova-api-os-compute" in Precise

Repository Area Version
base universe 2012.1-0ubuntu2
updates universe 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4

Changelog

Version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4 2014-06-17 22:06:55 UTC

  nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
    - debian/patches/CVE-2013-6491.patch: set the right parameter in
      nova/rpc/impl_qpid.py
    - LP: #1158807
    - CVE-2013-6491
  * SECURITY UPDATE: information disclosure via incorrect KVM live block
    migration
    - debian/patches/CVE-2013-7130.patch: fix root disk leak in
      nova/virt/libvirt/connection.py, add upstream test and additional test
      (test_create_images_and_backing_full()) to nova/tests/test_libvirt.py
    - CVE-2013-7130
  * SECURITY UPDATE: denial of service via disk consumption
    - debian/patches/CVE-2013-446x.patch: don't boot oversized images in
      nova/virt/images.py, and nova/virt/libvirt/connection.py. Update tests
      in nova/tests/test_libvirt.py
    - CVE-2013-4463
    - CVE-2013-4469
 -- Jamie Strandboge <email address hidden> Wed, 14 May 2014 15:14:36 -0500

Source diff to previous version
1158807 Qpid SSL protocol
CVE-2013-6491 The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...
CVE-2013-7130 The i_create_images_and_backing (aka create_images_and_backing) method ...
CVE-2013-4463 OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...
CVE-2013-4469 OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when ...

Version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.2 2013-10-23 20:06:50 UTC

  nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service with network security group policy
    updates
    - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
      (LP: #1184041)
    - CVE-2013-4185
 -- Jamie Strandboge <email address hidden> Mon, 21 Oct 2013 17:52:13 -0500

Source diff to previous version
1184041 [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185)
CVE-2013-4185 Denial of Service in Nova network source security groups

Version: 2012.1.3+stable-20130423-e52e6912-0ubuntu1.1 2013-05-17 00:07:18 UTC

  nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: verify virtual size of QCOW2 images
    - CVE-2013-2096.patch: update nova/virt/libvirt/connection.py to check
      QCOW2 image size during root disk creation
    - CVE-2013-2096
 -- Jamie Strandboge <email address hidden> Wed, 15 May 2013 16:37:20 -0500

Source diff to previous version
CVE-2013-2096 fails to verify image virtual size

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4 2013-03-20 21:07:32 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
    - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
    - CVE-2013-1838
    - LP: #1125468
  * SECURITY UPDATE: fix VNC token validation
    - debian/patches/CVE-2013-0335*.patch: force console auth service to flush
      all tokens associated with an instance when it is deleted
    - CVE-2013-0335
    - LP: #1125378
 -- Jamie Strandboge <email address hidden> Wed, 20 Mar 2013 10:07:08 -0500

Source diff to previous version
1125468 DOS by allocating all fixed ips
1125378 VNC proxy can be made to connect to wrong VM
CVE-2013-1838 Nova DoS by allocating all Fixed IPs
CVE-2013-0335 VNC proxy can connect to the wrong VM

Version: 2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2 2013-02-21 21:07:10 UTC

  nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2) precise-security; urgency=low

  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Nova modules to use it
    - CVE-2013-1664
 -- Jamie Strandboge <email address hidden> Tue, 19 Feb 2013 11:45:46 -0600

CVE-2013-1664 Denial of service via xml entity parsing



About   -   Send Feedback to @ubuntu_updates