SUSE-SU-2014:1467-1: Security update for openstack-cinder
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Nov 20 11:05:08 MST 2014
SUSE Security Update: Security update for openstack-cinder
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:1467-1
Rating: low
References: #883950 #894055 #897815 #899190 #899198
Cross-References: CVE-2014-3641 CVE-2014-7230 CVE-2014-7231
Affected Products:
SUSE Cloud 4
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available. It includes one version update.
Description:
This update for openstack-cinder provides the following recommended and
security fixes:
* Refuse invalid qcow2 backing files to avoid host data leak to VM
instance (bnc#899198, CVE-2014-3641)
* Sync latest process and str utils from oslo (bnc#899190
CVE-2014-7230 CVE-2014-7231)
* Fix the iSER transport protocol when using LVMISERDriver
* NetApp fix for controller preferred path
* NetApp fix for default host type in eseries
* NetApp fix eseries concurrent vol map failure
* Cinder api service doesn't handle SIGHUP properly
* Sync latest strutils from oslo-incubator for mask_password fix
* Fix possible race condition for accept transfer
* Cinder override all method add _wrap_db_error support for PostgreSQL
(bnc#883950)
* Fix terminate_connection live migration issue
* Prevent tenant viewing volumes owned by another
* NetApp NFS: Do not reference dst_img_local before assignment
* Fix KeyError exception in NetApp CDOT iscsi driver volume create
* Don't clear _mounted_shares list in remoteFS while updating
* Add retry_on_deadlock to db update methods
* Add fix for reservation index to icehouse
* Fix performance issues with Brocade zone driver
* VMware: Disable suds caching
* Add eternus dx volumedriver 1.1.0 (bnc#894055)
* Cache snapshots in request for extension
* VMware: Force chunked transfer for upload-to-image
* Avoid using the disk cache on volume initialization and remove
multipath device correctly (bnc#894055)
Security Issues:
* CVE-2014-3641
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641>
* CVE-2014-7230
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230>
* CVE-2014-7231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 4:
zypper in -t patch sleclo40sp3-cinder-1114-9960
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev19.g80c0054]:
openstack-cinder-2014.1.4.dev19.g80c0054-0.7.1
openstack-cinder-api-2014.1.4.dev19.g80c0054-0.7.1
openstack-cinder-backup-2014.1.4.dev19.g80c0054-0.7.1
openstack-cinder-scheduler-2014.1.4.dev19.g80c0054-0.7.1
openstack-cinder-volume-2014.1.4.dev19.g80c0054-0.7.1
python-cinder-2014.1.4.dev19.g80c0054-0.7.1
- SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev19.g80c0054]:
openstack-cinder-doc-2014.1.4.dev19.g80c0054-0.7.1
References:
http://support.novell.com/security/cve/CVE-2014-3641.html
http://support.novell.com/security/cve/CVE-2014-7230.html
http://support.novell.com/security/cve/CVE-2014-7231.html
https://bugzilla.suse.com/show_bug.cgi?id=883950
https://bugzilla.suse.com/show_bug.cgi?id=894055
https://bugzilla.suse.com/show_bug.cgi?id=897815
https://bugzilla.suse.com/show_bug.cgi?id=899190
https://bugzilla.suse.com/show_bug.cgi?id=899198
http://download.suse.com/patch/finder/?keywords=a39845befed7d7674be8c6540ec59a65
More information about the sle-security-updates
mailing list