[ubuntu/precise-security] nova 2012.1.3+stable-20130423-e52e6912-0ubuntu1.4 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Tue Jun 17 21:19:35 UTC 2014


nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
    - debian/patches/CVE-2013-6491.patch: set the right parameter in
      nova/rpc/impl_qpid.py
    - LP: #1158807
    - CVE-2013-6491
  * SECURITY UPDATE: information disclosure via incorrect KVM live block
    migration
    - debian/patches/CVE-2013-7130.patch: fix root disk leak in
      nova/virt/libvirt/connection.py, add upstream test and additional test
      (test_create_images_and_backing_full()) to nova/tests/test_libvirt.py
    - CVE-2013-7130
  * SECURITY UPDATE: denial of service via disk consumption
    - debian/patches/CVE-2013-446x.patch: don't boot oversized images in
      nova/virt/images.py, and nova/virt/libvirt/connection.py. Update tests
      in nova/tests/test_libvirt.py
    - CVE-2013-4463
    - CVE-2013-4469

Date: 2014-05-14 20:20:11.768334+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/nova/2012.1.3+stable-20130423-e52e6912-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list