U radu programskog paketa openstack-nova otkrivena je sigurnosna nepravilnost koja zlonamjernim korisnicima omogućuje zaobilaženje postavljenih ograničenja.
Paket:
openstack-nova 2011.x
Operacijski sustavi:
Fedora 16
Kritičnost:
4.9
Problem:
nepravilno rukovanje ovlastima
Iskorištavanje:
udaljeno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0030
Izvorni ID preporuke:
FEDORA-2012-0682
Izvor:
Fedora
Problem:
Uočen je propust pri rukovanju ovlastima u sučelju programskog paketa.
Posljedica:
Autentificirani korisnici mogu pomoću izmijenjenog zahtjeva OSAPI zaobići postavljena ograničenja.
Rješenje:
Korisnicima se savjetuje instalacija ispravne verzije ranjivog programskog paketa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0682
2012-01-19 00:37:29
--------------------------------------------------------------------------------
Name : openstack-nova
Product : Fedora 16
Version : 2011.3.1
Release : 0.4.10818.fc16
URL : http://openstack.org/projects/compute/
Summary : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.
--------------------------------------------------------------------------------
Update Information:
Update to 2011.3.1 release candidate. See
https://launchpad.net/nova/+milestone/2011.3.1
This also includes a minor bug fix for libguestfs file injection
This update includes ~50 patches from the upstream stable branch and a fix for
an issue with attaching volumes.
Sync up with Fedora spec, to only add fuse group if present. Explicitly depend
on the fuse package to avoid #767852. Requires manually installing "fuse"
first.
Also adds libguestfs update
Add --yes, --rootpw, and --novapw arguments to openstack-nova-db-setup.
Please ensure you have at least python-migrate-0.6-6 installed when testing
this
Change the default database from sqlite to mysql.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 18 2012 Mark McLoughlin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2011.3.1-0.4.10818.fc16
- Update to latest 2011.3.1 release candidate
- Re-add nova-{clear-rabbit-queues,instance-usage-audit}
* Tue Jan 17 2012 Mark McLoughlin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2011.3.1-0.3.10814
- nova-stack isn't missing after all
* Tue Jan 17 2012 Mark McLoughlin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2011.3.1-0.2.10814
- nova-{stack,clear-rabbit-queues,instance-usage-audit} temporarily removed
because of lp#917676
* Tue Jan 17 2012 Mark McLoughlin <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2011.3.1-0.1.10814
- Update to 2011.3.1 release candidate
- Only adds 4 patches from upstream which we didn't already have
* Wed Jan 11 2012 PÄ
Posljednje sigurnosne preporuke