nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via instance deletion during migration
- debian/patches/CVE-2015-3241-1.patch: check for resize path on
libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py,
nova/virt/libvirt/driver.py.
- debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in
nova/openstack/common/processutils.py.
- debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before
deleting instance in nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/test_libvirt_utils.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py,
nova/virt/libvirt/utils.py.
- CVE-2015-3241
* SECURITY UPDATE: DoS via instance deletion during resize
- debian/patches/CVE-2015-3280.patch: delete orphaned instance files
from compute nodes in nova/compute/manager.py,
nova/tests/compute/test_compute_mgr.py.
- CVE-2015-3280
* SECURITY UPDATE: DoS via crafted disk image
- debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to
execute() in nova/openstack/common/prlimit.py,
nova/openstack/common/processutils.py,
nova/tests/openstack_common/test_processutils.py.
- debian/patches/CVE-2015-5162-2.patch: add support for missing process
limits in nova/openstack/common/prlimit.py,
nova/openstack/common/processutils.py,
nova/tests/openstack_common/test_processutils.py.
- debian/patches/CVE-2015-5162-3.patch: set address space & CPU time
limits when running qemu-img in nova/virt/images.py,
nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/test_image_utils.py,
nova/tests/virt/libvirt/test_libvirt_utils.py.
- CVE-2015-5162
* SECURITY UPDATE: arbitrary file read via snapshot
- debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt
snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py,
nova/tests/virt/libvirt/test_image_utils.py,
nova/tests/virt/libvirt/test_libvirt_utils.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
- debian/patches/CVE-2015-7548-2.patch: fix format conversion in
libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py,
nova/virt/images.py, nova/virt/libvirt/imagebackend.py.
- debian/patches/CVE-2015-7548-3.patch: fix backing file detection in
libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py,
nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py,
nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
- debian/patches/CVE-2015-7548-4.patch: disable live snapshot for
rbd-backed instances in nova/virt/libvirt/driver.py.
- CVE-2015-7548
* SECURITY UPDATE: restriction bypass via security group changes
- debian/patches/CVE-2015-7713.patch: don't expect meta attributes in
object_compat that aren't in the db obj in nova/compute/manager.py,
nova/tests/compute/test_compute.py.
- CVE-2015-7713
* SECURITY UPDATE: password disclosure via xen log files
- debian/patches/CVE-2015-8749.patch: mask passwords in volume
connection_data dict in nova/virt/xenapi/volume_utils.py.
- CVE-2015-8749
* SECURITY UPDATE: arbitrary file read via crafted qcow2 header
- debian/patches/CVE-2016-2140-1.patch: always copy or recreate
disk.info during a migration in nova/virt/libvirt/driver.py,
nova/tests/virt/libvirt/test_libvirt.py.
- debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt
disk.info in non-disk-image cases in nova/virt/libvirt/driver.py,
nova/tests/virt/libvirt/test_libvirt.py.
- debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in
nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py.
- CVE-2016-2140
* Thanks to Red Hat for the backports many of these patches are based on.
Date: 2017-09-13 19:23:13.502358+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nova/1:2014.1.5-0ubuntu1.7
Sorry, changesfile not available.
--
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
