[Bug 1585725] [NEW] qemu security backport needed in the Ubuntu Cloud Archive

Andrew Bogott 1585725 at bugs.launchpad.net
Wed May 25 17:25:55 UTC 2016 

*** This bug is a security vulnerability ***

Public security bug reported:

There is a known security issue in qemu/qemu-kvm, documented here:

http://www.ubuntu.com/usn/usn-2974-1/

I am running Nova Compute nodes with the Ubuntu Cloud Archive, version
Liberty.  That repo provides me with the following package:

qemu-kvm                            1:2.2+dfsg-5expubuntu9.7~cloud2

That package does not contain fixes for the security issue.

Needless to say, qemu-kvm is a critical component of any OpenStack
install, so security updates need to be applied to the cloud archive
packages in a timely manner.

** Affects: cloud-archive
     Importance: Undecided
         Status: New

** Description changed:

  There is a known security issue in qemu/qemu-kvm, documented here:
  
  http://www.ubuntu.com/usn/usn-2974-1/
  
  I am Nova Compute nodes with the Ubuntu Cloud Archive, version Liberty.
  That repo provides me with the following package:
  
  qemu-kvm                            1:2.2+dfsg-5expubuntu9.7~cloud2
  
  That package does not contain fixes for the security issue.
  
  Needless to say, qemu-kvm is a critical component of any OpenStack
- install, so security updates need to be applied to the could archive
+ install, so security updates need to be applied to the cloud archive
  packages in a timely manner.

** Description changed:

  There is a known security issue in qemu/qemu-kvm, documented here:
  
  http://www.ubuntu.com/usn/usn-2974-1/
  
- I am Nova Compute nodes with the Ubuntu Cloud Archive, version Liberty.
- That repo provides me with the following package:
+ I am running Nova Compute nodes with the Ubuntu Cloud Archive, version
+ Liberty.  That repo provides me with the following package:
  
  qemu-kvm                            1:2.2+dfsg-5expubuntu9.7~cloud2
  
  That package does not contain fixes for the security issue.
  
  Needless to say, qemu-kvm is a critical component of any OpenStack
  install, so security updates need to be applied to the cloud archive
  packages in a timely manner.

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1585725

Title:
  qemu security backport needed in the Ubuntu Cloud Archive

Status in Ubuntu Cloud Archive:
  New

Bug description:
  There is a known security issue in qemu/qemu-kvm, documented here:

  http://www.ubuntu.com/usn/usn-2974-1/

  I am running Nova Compute nodes with the Ubuntu Cloud Archive, version
  Liberty.  That repo provides me with the following package:

  qemu-kvm                            1:2.2+dfsg-5expubuntu9.7~cloud2

  That package does not contain fixes for the security issue.

  Needless to say, qemu-kvm is a critical component of any OpenStack
  install, so security updates need to be applied to the cloud archive
  packages in a timely manner.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1585725/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list