Kod programskog paketa openstack-nova, distribuiranog s operacijskim sustavom Fedora 17, uočen je sigurnosni propust. Moguće ga je iskoristiti udaljeno, za izvođenje napada uskraćivanjem usluga (DoS).
Paket:
openstack-nova 2011.x
Operacijski sustavi:
Fedora 17
Kritičnost:
3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3371
Izvorni ID preporuke:
FEDORA-2012-10939
Izvor:
Fedora
Problem:
Propust je posljedica pogreške u rukovanju zahtjevima koji imaju više puta navedenu ID oznaku u "os:scheduler_hints section" dijelu. Zlouporaba podrazumijeva da su uključene opcije DifferentHostFilter ili SameHostFilter.
Posljedica:
Napadačima omogućuje izvođenje DoS (eng. Denial of Service) napada.
Rješenje:
Korisnicima se savjetuje instalacija obnovljene inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10939
2012-07-21 02:23:05
--------------------------------------------------------------------------------
Name : openstack-nova
Product : Fedora 17
Version : 2012.1.1
Release : 4.fc17
URL : http://openstack.org/projects/compute/
Summary : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.
--------------------------------------------------------------------------------
Update Information:
- Enable auto cleanup of old cached instance images
- Fix ram_allocation_ratio based over subscription
- Expose over quota exceptions via native API
- Return 413 status on over quota in the native API
- Fix call to network_get_all_by_uuids
- Fix libvirt get_memory_mb_total with xen
- Use compute_api.get_all in affinity filters (CVE-2012-3371)
- Use default qemu img cluster size in libvirt connect
- Ensure libguestfs has completed before proceeding
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 20 2012 PÄ
Posljednje sigurnosne preporuke