[ubuntu/trusty-updates] nova 1:2014.1.5-0ubuntu1.7 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 11 13:28:23 UTC 2017


nova (1:2014.1.5-0ubuntu1.7) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via instance deletion during migration
    - debian/patches/CVE-2015-3241-1.patch: check for resize path on
      libvirt instance delete in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/libvirt/driver.py.
    - debian/patches/CVE-2015-3241-1.patch: sync process utils from oslo in
      nova/openstack/common/processutils.py.
    - debian/patches/CVE-2015-3241-1.patch: kill rsync/scp processes before
      deleting instance in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/instancejobtracker.py,
      nova/virt/libvirt/utils.py.
    - CVE-2015-3241
  * SECURITY UPDATE: DoS via instance deletion during resize
    - debian/patches/CVE-2015-3280.patch: delete orphaned instance files
      from compute nodes in nova/compute/manager.py,
      nova/tests/compute/test_compute_mgr.py.
    - CVE-2015-3280
  * SECURITY UPDATE: DoS via crafted disk image
    - debian/patches/CVE-2015-5162-1.patch: add prlimit parameter to
      execute() in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-2.patch: add support for missing process
      limits in nova/openstack/common/prlimit.py,
      nova/openstack/common/processutils.py,
      nova/tests/openstack_common/test_processutils.py.
    - debian/patches/CVE-2015-5162-3.patch: set address space & CPU time
      limits when running qemu-img in nova/virt/images.py,
      nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py.
    - CVE-2015-5162
  * SECURITY UPDATE: arbitrary file read via snapshot
    - debian/patches/CVE-2015-7548-1.patch: fix format detection in libvirt
      snapshot in nova/tests/virt/libvirt/fake_libvirt_utils.py,
      nova/tests/virt/libvirt/test_image_utils.py,
      nova/tests/virt/libvirt/test_libvirt_utils.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-2.patch: fix format conversion in
      libvirt snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/virt/images.py, nova/virt/libvirt/imagebackend.py.
    - debian/patches/CVE-2015-7548-3.patch: fix backing file detection in
      libvirt live snapshot in nova/tests/virt/libvirt/test_libvirt.py,
      nova/tests/virt/libvirt/fake_libvirt_utils.py, nova/virt/images.py,
      nova/virt/libvirt/driver.py, nova/virt/libvirt/utils.py.
    - debian/patches/CVE-2015-7548-4.patch: disable live snapshot for
      rbd-backed instances in nova/virt/libvirt/driver.py.
    - CVE-2015-7548
  * SECURITY UPDATE: restriction bypass via security group changes
    - debian/patches/CVE-2015-7713.patch: don't expect meta attributes in
      object_compat that aren't in the db obj in nova/compute/manager.py,
      nova/tests/compute/test_compute.py.
    - CVE-2015-7713
  * SECURITY UPDATE: password disclosure via xen log files
    - debian/patches/CVE-2015-8749.patch: mask passwords in volume
      connection_data dict in nova/virt/xenapi/volume_utils.py.
    - CVE-2015-8749
  * SECURITY UPDATE: arbitrary file read via crafted qcow2 header
    - debian/patches/CVE-2016-2140-1.patch: always copy or recreate
      disk.info during a migration in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-2.patch: fix processing of libvirt
      disk.info in non-disk-image cases in nova/virt/libvirt/driver.py,
      nova/tests/virt/libvirt/test_libvirt.py.
    - debian/patches/CVE-2016-2140-3.patch: decode disk_info before use in
      nova/tests/virt/libvirt/test_libvirt.py, nova/virt/libvirt/driver.py.
    - CVE-2016-2140
  * Thanks to Red Hat for the backports many of these patches are based on.

Date: 2017-09-13 19:23:13.502358+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nova/1:2014.1.5-0ubuntu1.7
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list