Ispravljena ranjivost paketa OpenStack-Nova

Uočena je sigurnosna ranjivost otkrivena u radu programskog paketa OpenStack-Nova, za operacijski sustav Fedora 17. Udaljenim napadačima omogućuje prepisivanje proizvoljnih datoteka putem symlink napada.

Paket:	openstack-nova 2011.x
Operacijski sustavi:	Fedora 17
Kritičnost:	4.3
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	izmjena podataka
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-3447
Izvorni ID preporuke:	FEDORA-2012-11756
Izvor:	Fedora

Problem:
Ranjivost je posljedica pogreške u komponenti "virt/disk/api.py".
Posljedica:
Napadač ju može iskoristiti za prepisivanje proizvoljnih datoteka putem symlink napada.
Rješenje:
Korisnicima se preporuča korištenje ispravljene inačice.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11756
2012-08-13 01:43:08
--------------------------------------------------------------------------------

Name        : openstack-nova
Product     : Fedora 17
Version     : 2012.1.1
Release     : 15.fc17
URL         : http://openstack.org/projects/compute/
Summary     : OpenStack Compute (nova)
Description :
OpenStack Compute (codename Nova) is open source software designed to
provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the
software, control panels, and APIs required to orchestrate a cloud,
including running instances, managing networks, and controlling access
through users and projects. OpenStack Compute strives to be both
hardware and hypervisor agnostic, currently supporting a variety of
standard hardware configurations and seven major hypervisors.

--------------------------------------------------------------------------------
Update Information:

- Fix package dependencies for updates
- Fix CA cert permissions issue introduced in 2012.1.1-10
- Split out into more sub packages
- Update from stable upstream including...

- Fix metadata file injection with xen
- Fix affinity filters when hints is None
- Fix marker behavior for flavors
- Handle local remote exceptions consistently
- Fix qcow2 size on libvirt live block migration
- Fix for API listing of os hosts
- Avoid lazy loading errors on instance_type
- Avoid casts in network manager to prevent races
- Conditionally allow queries for deleted flavours
- Fix wrong regex in cleanup_file_locks
- Add net rules to VMs on compute service start
- Tolerate parsing null connection info in BDM
- Support EC2 CreateImage API for boot from volume
- EC2 DescribeImages reports correct rootDeviceType
- Reject EC2 CreateImage for instance store
- Fix EC2 CreateImage no_reboot logic
- Convert remaining network API casts to calls
- Move where the fixed ip deallocation happens
- Fix the qpid_heartbeat option so that it's effective
- Prohibit host file corruption through file injection (CVE-2012-3447)

--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 10 2012 PÄ

Ispravljena ranjivost paketa OpenStack-Nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ispravljena ranjivost paketa OpenStack-Nova

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti