U radu programskih paketa openstack-nova i openstack-keystone uočeni su sigurnosni propusti. Udaljenim napadačima omogućuju izvođenje napada uskraćivanjem usluge.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4889
2012-03-30 02:52:51
--------------------------------------------------------------------------------
Name : openstack-nova
Product : Fedora 17
Version : 2012.1
Release : 0.10.rc1.fc17
URL : http://openstack.org/projects/compute/
Summary : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.
--------------------------------------------------------------------------------
Update Information:
CVE-2012-1585: Long server names grow nova-api log files significantly
Avoid killing dnsmasq on network service shutdown.
update to Essex RC1 which fixes 159 bugs detailed here:
https://launchpad.net/nova/essex/essex-rc1
Features:
- Support non blocking libvirt operations
Bugs:
- Suppress errors logged when syncing power states
- Fix an exception when querying a server through the API
- Suppress deprecation warnings with db sync
- Avoid and cater for missing libvirt instance images
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #808149 - CVE-2012-1585 openstack-nova: Long server names grow
nova-api log files significantly [fedora-17]
https://bugzilla.redhat.com/show_bug.cgi?id=808149
[ 2 ] Bug #805947 - systemd kills dnsmasq if you stop openstack-nova-network
https://bugzilla.redhat.com/show_bug.cgi?id=805947
[ 3 ] Bug #803905 - osapi v1.1 returns errors when getting server status
https://bugzilla.redhat.com/show_bug.cgi?id=803905
[ 4 ] Bug #801302 - sqlalchemy-migrate warnings during openstack-nova-db-setup
https://bugzilla.redhat.com/show_bug.cgi?id=801302
[ 5 ] Bug #801791 - nova-compute fails to start on qemu-img error
https://bugzilla.redhat.com/show_bug.cgi?id=801791
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update openstack-nova' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4690
2012-03-25 21:26:17
--------------------------------------------------------------------------------
Name : openstack-keystone
Product : Fedora 17
Version : 2012.1
Release : 1.fc17
URL : http://keystone.openstack.org/
Summary : OpenStack Identity Service
Description :
Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.
This package contains the Keystone daemon.
--------------------------------------------------------------------------------
Update Information:
Update to Openstack Essex release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #803354 - keystone returns 500 errors after a while
https://bugzilla.redhat.com/show_bug.cgi?id=803354
[ 2 ] Bug #801366 - [API] Invalid X-Auth-Token breaks API service
https://bugzilla.redhat.com/show_bug.cgi?id=801366
[ 3 ] Bug #807340 - CVE-2012-1572 openstack-keystone: extremely long passwords
can crash Keystone [fedora-17]
https://bugzilla.redhat.com/show_bug.cgi?id=807340
[ 4 ] Bug #801688 - horizon: cannot delete a user or project
https://bugzilla.redhat.com/show_bug.cgi?id=801688
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update openstack-keystone' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke