SUSE-SU-2015:0324-1: Security update for openstack-nova
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Feb 18 20:08:24 MST 2015
SUSE Security Update: Security update for openstack-nova
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:0324-1
Rating: low
References: #867922 #897815 #898371 #899190 #899199 #901087
#903013
Cross-References: CVE-2014-3608 CVE-2014-3708 CVE-2014-7230
CVE-2014-7231 CVE-2014-8750
Affected Products:
SUSE Cloud 4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has two fixes
is now available. It includes one version update.
Description:
This update for openstack-nova provides stability fixes from the upstream
OpenStack project:
* Add @retry_on_deadlock to _instance_update()
* Fix nova-compute start issue after evacuate
* Fix nova evacuate issues for RBD
* Add _wrap_db_error() support to SessionTransaction.commit()
* Fixes DoS issue in instance list ip filter (bnc#903013,
CVE-2014-3708)
* Make the block device mapping retries configurable
* Retry on closing of luks encrypted volume in case device is busy
* Nova api service doesn't handle SIGHUP properly
* Fix XML UnicodeEncode serialization error
* share neutron admin auth tokens
* Fix CellStateManagerFile init to failure
* postgresql: use postgres db instead of template1
* Fix instance cross AZ check when attaching volumes
* Fixes missing ec2 api address disassociate error on failure
* Ignore errors when deleting non-existing vifs
* VMware: validate that VM exists on backend prior to deletion
* VMWare: Fix VM leak when deletion of VM during resizing
* Sync process utils from oslo
* VMware: prevent race condition with VNC port allocation (bnc#901087,
CVE-2014-8750)
* Fixes Hyper-V volume mapping issue on reboot
* Raise descriptive error for over volume quota
* libvirt: Handle unsupported host capabilities
* libvirt: Make fakelibvirt.libvirtError match
* Adds tests for Hyper-V VM Utils
* Removes unnecessary instructions in test_hypervapi
* Fixes a Hyper-V list_instances localization issue
* Adds list_instance_uuids to the Hyper-V driver
* Add _wrap_db_error() support to Session.commit()
* Sync process and str utils from oslo (bnc#899190 CVE-2014-7230
CVE-2014-7231)
* Fixes Hyper-V agent force_hyperv_utils_v1 flag issue
* Fix live-migration failure in FC multipath case
* libvirt: Save device_path in connection_info when booting from volume
* Fixes Hyper-V boot from volume root device issue
* Catch missing Glance image attrs with None
* Adds get_instance_disk_info to compute drivers
* Include next link when default limit is reached
* VM in rescue state must have a restricted set of actions to avoid
leaking rescued images (bnc#899199, CVE-2014-3608)
* libvirt: return the correct instance path while cleanup_resize
* Fix nova image-show with queued image
* _translate_from_glance() can cause an unnecessary HTTP request
* Neutron: Atomic update of instance info cache
* Ensure info cache updates don't overwhelm cells
* remove test_multiprocess_api
* Fixes Hyper-V resize down exception
* libvirt: Use VIR_DOMAIN_AFFECT_LIVE for paused instances
* Fix _parse_datetime in simple tenant usage extension
* Avoid traceback logs from simple tenant usage extension
* Made unassigned networks visible in flat networking
* VMware: validate that VM exists on backend prior to deletion
(bnc#898371)
* Fix attaching config drive issue on Hyper-V when migrate instances
* Do not fail cell's instance deletion, if it's missing info_cache
* Fixes Hyper-V vm state issue
* Update block_device_info to contain swap and ephemeral disks
* Loosen import_exceptions to cover all of gettextutils
* Fix instance boot when Ceph is used for ephemeral storage
* VMware: do not cache image when root_gb is 0
* Delete image when backup operation failed on snapshot step
* db: Add @_retry_on_deadlock to service_update()
* Fix rootwrap for non openstack.org iqn's
* Add Hyper-V driver in the "compute_driver" option description
* Block sqlalchemy migrate 0.9.2 as it breaks all of nova
* Move the error check for "brctl addif"
* Add a retry_on_deadlock to reservations_expire
* Add expire reservations in backport position
* Make floatingip-ip-delete atomic with neutron
* add repr for event objects
* make lifecycle event logs more clear
* Fix race condition with vif plugging in finish migrate
* Delay STOPPED lifecycle event for Xen domains (bnc#867922)
* Fix FloatingIP.save() passing FixedIP object to sqlalchemy
* fix filelist
* use %_rundir if available, otherwise /var/run
* Fix expected error details from jsonschema
* replace NovaException with VirtualInterfaceCreate when neutron fails
* Fixes Hyper-V SCSI slot selection
* libvirt: convert cpu features attribute from list to a set
* Read deleted instances during lifecycle events
* shelve doesn't work on nova-cells environment
* Mask block_device_info auth_password in virt driver debug logs
* only emit deprecation warnings once
Security Issues:
* CVE-2014-3708
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708>
* CVE-2014-3608
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608>
* CVE-2014-7230
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230>
* CVE-2014-7231
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231>
* CVE-2014-8750
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8750>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 4:
zypper in -t patch sleclo40sp3-openstack-nova-0115=10199
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev49]:
openstack-nova-2014.1.4.dev49-0.7.1
openstack-nova-api-2014.1.4.dev49-0.7.1
openstack-nova-cells-2014.1.4.dev49-0.7.1
openstack-nova-cert-2014.1.4.dev49-0.7.1
openstack-nova-compute-2014.1.4.dev49-0.7.1
openstack-nova-conductor-2014.1.4.dev49-0.7.1
openstack-nova-console-2014.1.4.dev49-0.7.1
openstack-nova-consoleauth-2014.1.4.dev49-0.7.1
openstack-nova-novncproxy-2014.1.4.dev49-0.7.1
openstack-nova-objectstore-2014.1.4.dev49-0.7.1
openstack-nova-scheduler-2014.1.4.dev49-0.7.1
openstack-nova-vncproxy-2014.1.4.dev49-0.7.1
python-nova-2014.1.4.dev49-0.7.1
- SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev49]:
openstack-nova-doc-2014.1.4.dev49-0.7.1
References:
http://support.novell.com/security/cve/CVE-2014-3608.html
http://support.novell.com/security/cve/CVE-2014-3708.html
http://support.novell.com/security/cve/CVE-2014-7230.html
http://support.novell.com/security/cve/CVE-2014-7231.html
http://support.novell.com/security/cve/CVE-2014-8750.html
https://bugzilla.suse.com/867922
https://bugzilla.suse.com/897815
https://bugzilla.suse.com/898371
https://bugzilla.suse.com/899190
https://bugzilla.suse.com/899199
https://bugzilla.suse.com/901087
https://bugzilla.suse.com/903013
http://download.suse.com/patch/finder/?keywords=d140dcf28b797b3045a71f4e6cd6e0fc
More information about the sle-security-updates
mailing list