SUSE-SU-2014:1467-1: Security update for openstack-cinder

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Nov 20 11:05:08 MST 2014


   SUSE Security Update: Security update for openstack-cinder
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:1467-1
Rating:             low
References:         #883950 #894055 #897815 #899190 #899198 
Cross-References:   CVE-2014-3641 CVE-2014-7230 CVE-2014-7231
                   
Affected Products:
                    SUSE Cloud 4
______________________________________________________________________________

   An update that solves three vulnerabilities and has two
   fixes is now available. It includes one version update.

Description:


   This update for openstack-cinder provides the following recommended and
   security fixes:

       * Refuse invalid qcow2 backing files to avoid host data leak to VM
         instance (bnc#899198, CVE-2014-3641)
       * Sync latest process and str utils from oslo (bnc#899190
         CVE-2014-7230 CVE-2014-7231)
       * Fix the iSER transport protocol when using LVMISERDriver
       * NetApp fix for controller preferred path
       * NetApp fix for default host type in eseries
       * NetApp fix eseries concurrent vol map failure
       * Cinder api service doesn't handle SIGHUP properly
       * Sync latest strutils from oslo-incubator for mask_password fix
       * Fix possible race condition for accept transfer
       * Cinder override all method add _wrap_db_error support for PostgreSQL
         (bnc#883950)
       * Fix terminate_connection live migration issue
       * Prevent tenant viewing volumes owned by another
       * NetApp NFS: Do not reference dst_img_local before assignment
       * Fix KeyError exception in NetApp CDOT iscsi driver volume create
       * Don't clear _mounted_shares list in remoteFS while updating
       * Add retry_on_deadlock to db update methods
       * Add fix for reservation index to icehouse
       * Fix performance issues with Brocade zone driver
       * VMware: Disable suds caching
       * Add eternus dx volumedriver 1.1.0 (bnc#894055)
       * Cache snapshots in request for extension
       * VMware: Force chunked transfer for upload-to-image
       * Avoid using the disk cache on volume initialization and remove
         multipath device correctly (bnc#894055)

   Security Issues:

       * CVE-2014-3641
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641>
       * CVE-2014-7230
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230>
       * CVE-2014-7231
         <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231>


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 4:

      zypper in -t patch sleclo40sp3-cinder-1114-9960

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 4 (x86_64) [New Version: 2014.1.4.dev19.g80c0054]:

      openstack-cinder-2014.1.4.dev19.g80c0054-0.7.1
      openstack-cinder-api-2014.1.4.dev19.g80c0054-0.7.1
      openstack-cinder-backup-2014.1.4.dev19.g80c0054-0.7.1
      openstack-cinder-scheduler-2014.1.4.dev19.g80c0054-0.7.1
      openstack-cinder-volume-2014.1.4.dev19.g80c0054-0.7.1
      python-cinder-2014.1.4.dev19.g80c0054-0.7.1

   - SUSE Cloud 4 (noarch) [New Version: 2014.1.4.dev19.g80c0054]:

      openstack-cinder-doc-2014.1.4.dev19.g80c0054-0.7.1


References:

   http://support.novell.com/security/cve/CVE-2014-3641.html
   http://support.novell.com/security/cve/CVE-2014-7230.html
   http://support.novell.com/security/cve/CVE-2014-7231.html
   https://bugzilla.suse.com/show_bug.cgi?id=883950
   https://bugzilla.suse.com/show_bug.cgi?id=894055
   https://bugzilla.suse.com/show_bug.cgi?id=897815
   https://bugzilla.suse.com/show_bug.cgi?id=899190
   https://bugzilla.suse.com/show_bug.cgi?id=899198
   http://download.suse.com/patch/finder/?keywords=a39845befed7d7674be8c6540ec59a65



More information about the sle-updates mailing list