[Bug 1847243] Re: Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134
James Page
james.page at ubuntu.com
Thu Oct 10 08:33:39 UTC 2019
Hi Daniel
As a distro all we can do is provide the patched packages to resolve the
CVE; yes there are operator actions that need to be undertaken to
refresh amphora.
As to how to build amphora images that use the Ubuntu Cloud Archive -
take a look at:
https://snapcraft.io/octavia-diskimage-retrofit
this tool will take a stock Ubuntu cloud image, and overlay the required
packages from a configurable openstack release into it from octavia.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1847243
Title:
Update Octavia-* packages as per OSSA-2019-005 / CVE-2019-17134
Status in Ubuntu Cloud Archive:
In Progress
Status in Ubuntu Cloud Archive rocky series:
Fix Committed
Status in Ubuntu Cloud Archive stein series:
In Progress
Status in Ubuntu Cloud Archive train series:
In Progress
Status in octavia package in Ubuntu:
Fix Released
Status in octavia source package in Disco:
In Progress
Status in octavia source package in Eoan:
Fix Released
Bug description:
Octavia packages in cloud-archive/queens, cloud-archive/rocky and
cloud-archive/stein need updating.
Fixes are committed to these versions:
Queens: 2.1.2
Rocky: 3.2.0
Stein: 4.1.0
With backports to:
Pike: Git#2976a7f0f109e17930db8a61136526ead44ea7e5
Ocata: Git#c2fdffc3b748f8007c72e52df257e38756923b40
Reference:
https://security.openstack.org/ossa/OSSA-2019-005.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1847243/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list