Ranjivost u radu paketa openstack-nova

U radu programskog paketa openstack-nova, za operacijski sustav Fedora 16, uočena je sigurnosna ranjivost. Udaljeni ju napadač može iskoristiti za otkrivanje osjetljivih informacija.

Paket:	openstack-nova 2011.x
Operacijski sustavi:	Fedora 16
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	otkrivanje osjetljivih informacija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-4076
Izvorni ID preporuke:	FEDORA-2011-15449
Izvor:	Fedora

Problem:
Ranjivost je posljedica pogreške u rukovanju porukama o pogreškama (eng. error message) prilikom zahtjeva za autentikaciju.
Posljedica:
Napadaču spomenuti nedostatak omogućuje otkrivanje osjetljivih informacija (zaporki korisnika).
Rješenje:
Korisnicima se preporuča instalacija nadogradnje.

Izvorni tekst preporuke

---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15449
2011-11-05 01:17:45
---------------------------------------------------------------------------=
-----

Name        : openstack-nova
Product     : Fedora 16
Version     : 2011.3
Release     : 6.fc16
URL         : http://openstack.org/projects/compute/
Summary     : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.

---------------------------------------------------------------------------=
-----
Update Information:

This update fixes a password leak in the EC2 API.
This update includes a block migration fix from upstream.
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #749385 - CVE-2011-4076 openstack-nova: EC2 API password leak
        https://bugzilla.redhat.com/show_bug.cgi?id=3D749385
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update openstack-nova' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Ranjivost u radu paketa openstack-nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ranjivost u radu paketa openstack-nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti