Izdana je nova inačica programskog paketa OpenStack Compute (Nova). Time su riješeni problemi koje je napadač mogao iskoristiti kako bi izveo DoS napad ili dobio veće ovlasti.
dobivanje većih privilegija, izmjena podataka, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3361, CVE-2012-3447
Izvorni ID preporuke:
USN-1545-1
Izvor:
Ubuntu
Problem:
Obje su ogreške vezane uz virt/disk/api.py
Posljedica:
Napadač je mogao iskoristiti spomenuti propust kako bi korumpirao ili izmijenio sistemske datoteke te doveo do uskraćivanja usluge ili zadobio veće ovlasti na ranjivom sustavu.
==========================================================================
Ubuntu Security Notice USN-1545-1
August 22, 2012
nova vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Nova could be made to overwrite or corrupt arbitrary files in the compute
host file system.
Software Description:
- nova: OpenStack Compute cloud infrastructure
Details:
Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and
an authenticated user could still corrupt arbitrary files on the host
running Nova. A remote attacker could use this to cause a denial of service
or possibly gain privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
python-nova 2012.1+stable~20120612-3ee026e-0ubuntu1.3
Ubuntu 11.10:
python-nova 2011.3-0ubuntu6.10
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1545-1
CVE-2012-3447
Package Information:
https://launchpad.net/ubuntu/+source/nova/2012.1+stable~20120612-3ee026e-0ubuntu1.3
https://launchpad.net/ubuntu/+source/nova/2011.3-0ubuntu6.10
Posljednje sigurnosne preporuke