Tri nepravilnosti vezane uz openstack-nova

Otkrivene su i ispravljene tri ranjivosti programskog paketa openstack-nova. Zlonamjerni napadači su ih mogli iskoristiti za zaobilaženje postavljenih ograničenja i napad uskraćivanjem usluga (eng. Denial of Service, DoS).

Paket:
Operacijski sustavi:	Fedora 16, Fedora 17
Kritičnost:	4.9
Problem:	neodgovarajuće rukovanje datotekama, nepravilno rukovanje ovlastima, pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-2101, CVE-2012-1585, CVE-2012-0030
Izvorni ID preporuke:	FEDORA-2012-6273
Izvor:	Fedora

Problem:
Nedostaci su povezani s greškama u OpenStack API sučelju, nepravilnim rukovanjem sigurnosnim pravilima i neodgovarajućim rukovanjem datotekama.
Posljedica:
Udaljeni zlonamjerni napadači mogu iskoristiti propuste za zaobilaženje postavljenih ograničenja i izvođenje DoS napada.
Rješenje:
Svim korisnicima se savjetuje instalacija nadogradnje ranjivog programskog paketa.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6273
2012-04-20 05:57:21
--------------------------------------------------------------------------------

Name        : openstack-nova
Product     : Fedora 17
Version     : 2012.1
Release     : 2.fc17
URL         : http://openstack.org/projects/compute/
Summary     : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.

--------------------------------------------------------------------------------
Update Information:

- Sync up with Essex stable branch

- Support more flexible guest image file injection

- Enforce quota on security group rules (CVE-2012-2101)

- Provide startup scripts for the Essex VNC services

- Provide a startup script for the separated metadata api service
update to essex release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #814275 - CVE-2012-2101 openstack-nova: No quota enforced on
security group rules [fedora-17]
        https://bugzilla.redhat.com/show_bug.cgi?id=814275
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openstack-nova' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6365
2012-04-22 02:43:43
--------------------------------------------------------------------------------

Name        : openstack-nova
Product     : Fedora 16
Version     : 2011.3.1
Release     : 8.fc16
URL         : http://openstack.org/projects/compute/
Summary     : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.

--------------------------------------------------------------------------------
Update Information:

- Fix undefined glance_host in get_glance_client

- Implement quotas for security groups (CVE-2012-2101)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 19 2012 PÄ

Tri nepravilnosti vezane uz openstack-nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Tri nepravilnosti vezane uz openstack-nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti