UbuntuUpdates.org

Package "nova-compute-kvm"

Name: nova-compute-kvm

Description:

OpenStack Compute - compute node (KVM)

Latest version: 1:2014.1.5-0ubuntu1.7
Release: trusty (14.04)
Level: security
Repository: main
Head package: nova
Homepage: http://launchpad.net/nova

Links


Download "nova-compute-kvm"


Other versions of "nova-compute-kvm" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
updates main 1:2014.1.5-0ubuntu1.7

Changelog

Version: 1:2014.1.5-0ubuntu1.7 2017-10-11 14:06:56 UTC

  nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via instance deletion during migration
    - debian/patches/CVE-2015-3241-1.patch: check for resize path on
      libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/libvirt/driver.py.
    - debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in
      nova/openstack/common/processutils.py.
    - debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before
      deleting instance in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py,
      nova/virt/libvirt/utils.py.
    - CVE-2015-3241
  * SECURITY UPDATE: DoS via instance deletion during resize
    - debian/patches/CVE-2015-3280.patch: delete orphaned instance files
      from compute nodes in nova/compute/manager.py,
      nova/tests/compute/test_compute_mgr.py.
    - CVE-2015-3280
  * SECURITY UPDATE: DoS via crafted disk image
    - debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to
      execute() in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-2.patch: add support for missing process
      limits in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-3.patch: set address space & CPU time
      limits when running qemu-img in nova/virt/images.py,
      nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py.
    - CVE-2015-5162
  * SECURITY UPDATE: arbitrary file read via snapshot
    - debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt
      snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-2.patch: fix format conversion in
      libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/images.py, nova/virt/libvirt/imagebackend.py.
    - debian/patches/CVE-2015-7548-3.patch: fix backing file detection in
      libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-4.patch: disable live snapshot for
      rbd-backed instances in nova/virt/libvirt/driver.py.
    - CVE-2015-7548
  * SECURITY UPDATE: restriction bypass via security group changes
    - debian/patches/CVE-2015-7713.patch: don't expect meta attributes in
      object_compat that aren't in the db obj in nova/compute/manager.py,
      nova/tests/compute/test_compute.py.
    - CVE-2015-7713
  * SECURITY UPDATE: password disclosure via xen log files
    - debian/patches/CVE-2015-8749.patch: mask passwords in volume
      connection_data dict in nova/virt/xenapi/volume_utils.py.
    - CVE-2015-8749
  * SECURITY UPDATE: arbitrary file read via crafted qcow2 header
    - debian/patches/CVE-2016-2140-1.patch: always copy or recreate
      disk.info during a migration in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt
      disk.info in non-disk-image cases in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in
      nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py.
    - CVE-2016-2140
  * Thanks to Red Hat for the backports many of these patches are based on.

 -- Marc Deslauriers <email address hidden> Wed, 13 Sep 2017 14:30:17 -0400

Source diff to previous version
CVE-2015-3241 OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allow
CVE-2015-3280 OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allo
CVE-2015-5162 The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not prope
CVE-2015-7548 OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set t
CVE-2015-7713 OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote
CVE-2015-8749 The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the conne
CVE-2016-2140 The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images i

Version: 1:2014.1.3-0ubuntu1.1 2014-11-11 20:06:28 UTC

  nova (1:2014.1.3-0ubuntu1.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [82a13b3] VM in rescue state must have a restricted set of actions
      + CVE-2014-3604
      + LP: #1338830
    - [f58d95c] Sync process and str utils from oslo
      + CVE-2014-7230
      + LP: #1343604
 -- Marc Deslauriers <email address hidden> Tue, 21 Oct 2014 12:07:58 -0400

Source diff to previous version
1338830 [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608)
1343604 Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)
CVE-2014-3604 Hostname verification susceptible to MITM attack
CVE-2014-7230 The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users

Version: 1:2014.1.2-0ubuntu1.1 2014-08-21 20:06:38 UTC

  nova (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [9f59ca7] Avoid possible timing attack in metadata api
      + CVE-2014-3517
      + LP: #1325128
 -- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:01:19 -0500

Source diff to previous version
1325128 [OSSA 2014-024] nova metadata does not use a constant time compare for validating an HMAC token (CVE-2014-3517)
CVE-2014-3517 api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, ...

Version: 1:2014.1-0ubuntu1.2 2014-06-17 22:06:59 UTC

  nova (1:2014.1-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: specify /etc/nova/rootwrap.conf for use with
    nova-rootwrap
    - CVE-2013-1068 (LP: #1185019)
 -- Jamie Strandboge <email address hidden> Mon, 09 Jun 2014 09:32:44 -0500

CVE-2013-1068 RESERVED



About   -   Send Feedback to @ubuntu_updates