SUSE-SU-2013:1521-1: moderate: Security update for openstack-nova,

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Oct 2 14:04:19 MDT 2013


   SUSE Security Update: Security update for openstack-nova,
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1521-1
Rating:             moderate
References:         #833739 #836358 #837018 
Cross-References:   CVE-2013-2256 CVE-2013-4185 CVE-2013-4278
                   
Affected Products:
                    SUSE Cloud 1.0
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This openstack-nova update fixes several security issues:

   * bnc#833739: CVE-2013-4185: network source security
   groups denial of service
   * bnc#836358: CVE-2013-4278: private flavors resource
   limit circumvention
   * bnc#837018: CVE-2013-2256: Resource limit
   circumvention in Nova private flavors

   Security Issue references:

   * CVE-2013-4185
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4185
   >
   * CVE-2013-4278
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
   >
   * CVE-2013-2256
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 1.0:

      zypper in -t patch sleclo10sp2-openstack-nova-8350

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 1.0 (x86_64):

      openstack-nova-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-api-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-cert-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-compute-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-network-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-objectstore-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-scheduler-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-vncproxy-2012.1+git.1364234478.e52e691-0.9.2
      openstack-nova-volume-2012.1+git.1364234478.e52e691-0.9.2
      python-nova-2012.1+git.1364234478.e52e691-0.9.2


References:

   http://support.novell.com/security/cve/CVE-2013-2256.html
   http://support.novell.com/security/cve/CVE-2013-4185.html
   http://support.novell.com/security/cve/CVE-2013-4278.html
   https://bugzilla.novell.com/833739
   https://bugzilla.novell.com/836358
   https://bugzilla.novell.com/837018
   http://download.novell.com/patch/finder/?keywords=bbbdb2ae6b576221a6801e37cff4c9be



More information about the sle-updates mailing list