SUSE-SU-2014:1467-1: Security update for openstack-cinder

sle-updates at sle-updates at
Thu Nov 20 11:05:08 MST 2014

   SUSE Security Update: Security update for openstack-cinder

Announcement ID:    SUSE-SU-2014:1467-1
Rating:             low
References:         #883950 #894055 #897815 #899190 #899198 
Cross-References:   CVE-2014-3641 CVE-2014-7230 CVE-2014-7231
Affected Products:
                    SUSE Cloud 4

   An update that solves three vulnerabilities and has two
   fixes is now available. It includes one version update.


   This update for openstack-cinder provides the following recommended and
   security fixes:

       * Refuse invalid qcow2 backing files to avoid host data leak to VM
         instance (bnc#899198, CVE-2014-3641)
       * Sync latest process and str utils from oslo (bnc#899190
         CVE-2014-7230 CVE-2014-7231)
       * Fix the iSER transport protocol when using LVMISERDriver
       * NetApp fix for controller preferred path
       * NetApp fix for default host type in eseries
       * NetApp fix eseries concurrent vol map failure
       * Cinder api service doesn't handle SIGHUP properly
       * Sync latest strutils from oslo-incubator for mask_password fix
       * Fix possible race condition for accept transfer
       * Cinder override all method add _wrap_db_error support for PostgreSQL
       * Fix terminate_connection live migration issue
       * Prevent tenant viewing volumes owned by another
       * NetApp NFS: Do not reference dst_img_local before assignment
       * Fix KeyError exception in NetApp CDOT iscsi driver volume create
       * Don't clear _mounted_shares list in remoteFS while updating
       * Add retry_on_deadlock to db update methods
       * Add fix for reservation index to icehouse
       * Fix performance issues with Brocade zone driver
       * VMware: Disable suds caching
       * Add eternus dx volumedriver 1.1.0 (bnc#894055)
       * Cache snapshots in request for extension
       * VMware: Force chunked transfer for upload-to-image
       * Avoid using the disk cache on volume initialization and remove
         multipath device correctly (bnc#894055)

   Security Issues:

       * CVE-2014-3641
       * CVE-2014-7230
       * CVE-2014-7231

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 4:

      zypper in -t patch sleclo40sp3-cinder-1114-9960

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev19.g80c0054]:


   - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev19.g80c0054]:



More information about the sle-updates mailing list