Your message dated Tue, 11 Nov 2014 22:49:36 +0000
with message-id <[email protected]>
and subject line Bug#769163: fixed in nova 2014.1.3-6
has caused the Debian Bug report #769163,
regarding CVE-2014-3708: Nova network DoS through API filtering
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
769163: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769163
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nova-api
Version: 2014.1.3-5
Severity: important
Tags: patch
OpenStack Security Advisory: 2014-038
CVE: CVE-2014-3708
Date: October 28, 2014
Title: Nova network DoS through API filtering
Reporter: Mohammed Naser (Vexxhost)
Products: Nova
Versions: up to 2014.1.3, and 2014.2
Description:
Mohammed Naser from Vexxhost reported a vulnerability in Nova API
filters. By listing active servers using an ip filter, an authenticated
user may overload nova-network or neutron-server process, resulting in a
denial of services. All Nova setups are affected.
Kilo (development branch) fix:
https://review.openstack.org/131460
Juno fix:
https://review.openstack.org/131462
Icehouse fix:
https://review.openstack.org/131461
Notes:
This fix will be included in future 2014.1.4 and 2014.2.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
https://launchpad.net/bugs/1358583
Tristan Cacqueray
OpenStack Vulnerability Management Team
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2014.1.3-6
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 Nov 2014 04:42:15 +0800
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml
nova-compute-qemu nova-compute-kvm nova-conductor nova-cert nova-scheduler
nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc
nova-cells nova-baremetal nova-consoleproxy
Architecture: source all
Version: 2014.1.3-6
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-baremetal - Openstack Compute - baremetal virt
nova-cells - Openstack Compute - cells
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-conductor - OpenStack Compute - conductor service
nova-console - OpenStack Compute - console
nova-consoleauth - OpenStack Compute - Console Authenticator
nova-consoleproxy - OpenStack Compute - NoVNC proxy
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage metapackage
python-nova - OpenStack Compute - libraries
Closes: 769163
Changes:
nova (2014.1.3-6) unstable; urgency=high
.
[ Mehdi Abaakouk ]
* Fix a issue into fix-live-migraton-nfs.patch.
.
[ Thomas Goirand ]
* CVE-2014-3708: Nova network DoS through API filtering. Applied upstream
patch: Fixes_DOS_issue_in_instance_list_ip_filter (Closes: #769163).
Checksums-Sha1:
628b9a8d63ad3ad78cdd0ca6d1dbf6b33deb6664 4617 nova_2014.1.3-6.dsc
3d07ae7c8842cead14e7c019c7d51e967597d5fa 215080 nova_2014.1.3-6.debian.tar.xz
43f8748c7875428f898d762110cae1e614de2689 1765238 python-nova_2014.1.3-6_all.deb
9db5c619aa129c21ed6c89537b8fbe4fb1e32c00 76414 nova-common_2014.1.3-6_all.deb
cc68f2793ac845621260560f2c88baa7abef0a56 22150 nova-compute_2014.1.3-6_all.deb
0e0c4c970f00f03908f42b8710ebb12d1238bc31 16730
nova-compute-lxc_2014.1.3-6_all.deb
a6117367c5628a3384503d2133a24d779df18825 16750
nova-compute-uml_2014.1.3-6_all.deb
91faa03d346916d88558d3ef62e224c1ed4ae71e 16730
nova-compute-qemu_2014.1.3-6_all.deb
75cffb8213f0c71ea7fbf1eb328a7857d0001aa1 16842
nova-compute-kvm_2014.1.3-6_all.deb
572db7cf3e5ac77030db29f21775ea5cb25a04c1 19766
nova-conductor_2014.1.3-6_all.deb
0eab2396e17edeb73e84eaa085d031928b49e4c4 19880 nova-cert_2014.1.3-6_all.deb
f62bebbf4228c843edebe829a609a0a0ec8b0314 20758
nova-scheduler_2014.1.3-6_all.deb
9aa972a1d7c5a4390f39dd0db632a989f6edc3ab 16378 nova-volume_2014.1.3-6_all.deb
6dbf849c5c735c6be93a90c19ab2561cffd64f92 37516 nova-api_2014.1.3-6_all.deb
81e3596eb2bf49022bb08c5f55014c8838fb0c4b 21882 nova-network_2014.1.3-6_all.deb
c542d57d4a65ee3c09f258303ec8869016a337e7 19908 nova-console_2014.1.3-6_all.deb
7381f93d11b8ddd44607b2377995cc3a24a0424b 19846
nova-consoleauth_2014.1.3-6_all.deb
12fc5206f3f2604119717f3f7a660a9172918a68 1044652 nova-doc_2014.1.3-6_all.deb
7661e90c0ce754814f90834d7e020002de4f5e86 18896 nova-cells_2014.1.3-6_all.deb
ebfa571205be71e6b7cee77fb5b8472a6a717479 19226
nova-baremetal_2014.1.3-6_all.deb
c70fe877f6d6d6f2aef22311271efad953505687 24844
nova-consoleproxy_2014.1.3-6_all.deb
Checksums-Sha256:
acc705819069d060c87523ad2a8e2501889552567ccf664dd4f3d5c014308140 4617
nova_2014.1.3-6.dsc
a3b09778f02e62f291bf07b970dcce8f894ad4966f02a54724cb7d233fd29486 215080
nova_2014.1.3-6.debian.tar.xz
e9460bf9abac9168b3276711d11d94bf7b55e857a91d979d5957c515c97bd5ed 1765238
python-nova_2014.1.3-6_all.deb
985c29b2f292252dba75a0f52e1327a753ff3c6fbb97a8e251da35d0bb6b0715 76414
nova-common_2014.1.3-6_all.deb
eb540504f74043f17d5a0f5fef8c6880102a50e98efda91bb6dda3b660c38c27 22150
nova-compute_2014.1.3-6_all.deb
513d5fec195c615238c3a84a0b1f222aa6392734f5924467acd8c01e35efc79e 16730
nova-compute-lxc_2014.1.3-6_all.deb
aefa70a0660d6290627d4cf655be72bb8aeb2bea63716abef24f3d3cfb8be475 16750
nova-compute-uml_2014.1.3-6_all.deb
3a6b2521f5ede1cc3b33f0e83e3d2729cf47603bd35fa019aa841996baeeaa4d 16730
nova-compute-qemu_2014.1.3-6_all.deb
bcd1a9e2188a05b3ec921abaab52a7efb09e3c9f0ff33abe4cf6b603f6a3791c 16842
nova-compute-kvm_2014.1.3-6_all.deb
62c8188e398be01e21e0b898979204def5bd6b31823139cc626cdbea3836461b 19766
nova-conductor_2014.1.3-6_all.deb
e8144981023e7c5c3e73b0e5b74e4d182f9af6d38961fb097bcf9cc33b89aaaf 19880
nova-cert_2014.1.3-6_all.deb
7033890fdc170860bd92118d0e3f724f00f5a29a20a6c488b48f56abb94ec61c 20758
nova-scheduler_2014.1.3-6_all.deb
ef787102d969e2b9c925fe56c66573cd830aeb0cc69efe90c9a9c80acbdafb6a 16378
nova-volume_2014.1.3-6_all.deb
e7664da1e7ccb3e33c24e425652d7849b1f5c4dbe3e9a292127a1b983d3cc571 37516
nova-api_2014.1.3-6_all.deb
e42f9c558b1e77cb4a85532c0c27d3a8b7558b08d1dd725722f90426baaee4a2 21882
nova-network_2014.1.3-6_all.deb
4fa6f914f37831f907f4f2e04de1ce2025df9993c1fac75fc9a301dc68cce086 19908
nova-console_2014.1.3-6_all.deb
6c7874ae2a4b13e0d7efe5ab2ffd44e5d9f177152fce4e4fd07b484b4aeafd34 19846
nova-consoleauth_2014.1.3-6_all.deb
11c7e8c895ef5aba14a82177511c03de570d985358182d83b9993203d097d9e4 1044652
nova-doc_2014.1.3-6_all.deb
0f29b2010e5c430cbbf96351c7dee8b3b93771b792856852bba99c3c71485ecd 18896
nova-cells_2014.1.3-6_all.deb
6f3e0dd5eac35c35304afb5c747bf6662ff899f00245f3f9d12d7053909e6f12 19226
nova-baremetal_2014.1.3-6_all.deb
8a4c6c41960f1574518fc1da3113803f033b61d05801a0ae53639663ef173a5e 24844
nova-consoleproxy_2014.1.3-6_all.deb
Files:
636212cecfdb6fbb9ca72d17318bab96 4617 net extra nova_2014.1.3-6.dsc
1e6051c65d92a39db050fb9b6d13585a 215080 net extra nova_2014.1.3-6.debian.tar.xz
e866772615d03c6e09a9de8b7dba9c59 1765238 python extra
python-nova_2014.1.3-6_all.deb
a3c7c00ae901792d0941ec63080165b7 76414 net extra nova-common_2014.1.3-6_all.deb
5095527b492790b56e62f9ead02c90de 22150 net extra
nova-compute_2014.1.3-6_all.deb
2cb902c42c5bb3b6bbbe41ea8a1601ae 16730 net extra
nova-compute-lxc_2014.1.3-6_all.deb
3b82cd14caafa444aa51f5b7865bcb82 16750 net extra
nova-compute-uml_2014.1.3-6_all.deb
dcfc56f11c589a130ec80e2919a6d0e9 16730 net extra
nova-compute-qemu_2014.1.3-6_all.deb
5680c9d8088cf4949ff61631a283cd0f 16842 net extra
nova-compute-kvm_2014.1.3-6_all.deb
71717135190815ac148df1a04fef628f 19766 net extra
nova-conductor_2014.1.3-6_all.deb
d91bb42d0b2db0c2a1960cfa688bdee0 19880 net extra nova-cert_2014.1.3-6_all.deb
f770400a7f9ea5452a7ceed45958b574 20758 net extra
nova-scheduler_2014.1.3-6_all.deb
01e6b74e8f9e4d9510c72e26e18aa14c 16378 oldlibs extra
nova-volume_2014.1.3-6_all.deb
9759dcc83653fc7cb7cde93b01142c1c 37516 net extra nova-api_2014.1.3-6_all.deb
38c4bd0fa4387327d62357a8744d22d1 21882 net extra
nova-network_2014.1.3-6_all.deb
f4799b6281f8879b5aa20cf89eeeee3d 19908 net extra
nova-console_2014.1.3-6_all.deb
283947b48e37c5e0f68ed1814e4f894a 19846 net extra
nova-consoleauth_2014.1.3-6_all.deb
9659fc8f23be99cbb2064566f54eb7f0 1044652 doc extra nova-doc_2014.1.3-6_all.deb
c4901c168b92bedb9b9508f20175a2aa 18896 net extra nova-cells_2014.1.3-6_all.deb
ac246d0b0176bcc7a413137d6db9a94d 19226 net extra
nova-baremetal_2014.1.3-6_all.deb
6b97824731e7e20204fc7d7599cdfc1d 24844 net extra
nova-consoleproxy_2014.1.3-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUYpCJAAoJENQWrRWsa0P+K0gP/A8mN+oN1HC9F9gnP6LtDVpR
BSsYJFOtvJ1PQuZKx2LCvYl/xbEtf8J4UxDDTw7Ysbo3owWxnZMvWxyJIINHqZf3
7YdASWP1VVxO/RyL30DLe6165hw1Un8ktv2JvPSoWDwvES96O8zbmXtMYWs1FAl6
STJzgsdRnSEP8slitMkmiRhnrdP0HaFL+GzePTnt+abkpKS6uhX82WYj4uqpUoms
8/A7RJDS33m7iYLJRcBd03wa8XTVajj25qc5POnIJwo9wn4EuSGefEkDyKMfrfSE
mXE5ph+Q+yLcpxi18bHRxtCfFYm/FlsDqlD6LBRuTMywbh4vgqYkUUyDEiJJCE8P
qOXrE5C2V68KVChw9PAs2JGHp6n7XHhiwSlfLk3OIrMr5bx7228eaHbT9hYTM6+F
/X+gYNUU8S+Uph1s219Hk+tD1Tp2n44eR8CK2187Wgvh9ricWA9dQWv9vJhIvEky
Ehk4seEorqwpDEBkQV+2K7NQ2V2BPbkXlNtY10Hyr2Vhv2ZJ3Qdh21juc0yUdg0Q
xDwg/vhup0+SQY0XJ6LvK9jEZQyyfrMx3HuIm4R6q3nhHk63AnsDJCuN1hTllUgC
cQsEm6r0XKfgeC2dY9rXQHXEpe++KBw8dbXMv/zMftSkf0NMzM9cCdGT/KCCDia8
Tesp0GrvjjhA/1i/mjSZ
=hCeP
-----END PGP SIGNATURE-----
--- End Message ---
