SUSE-SU-2015:0324-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0324-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0324-1
- Related
- Published
- 2015-01-19T16:34:28Z
- Modified
- 2015-01-19T16:34:28Z
- Summary
- Security update for openstack-nova
- Details
-
This update for openstack-nova provides stability fixes from the upstream OpenStack project:
* Add @retry_on_deadlock to _instance_update() * Fix nova-compute start issue after evacuate * Fix nova evacuate issues for RBD * Add _wrap_db_error() support to SessionTransaction.commit() * Fixes DoS issue in instance list ip filter (bnc#903013, CVE-2014-3708) * Make the block device mapping retries configurable * Retry on closing of luks encrypted volume in case device is busy * Nova api service doesn't handle SIGHUP properly * Fix XML UnicodeEncode serialization error * share neutron admin auth tokens * Fix CellStateManagerFile init to failure * postgresql: use postgres db instead of template1 * Fix instance cross AZ check when attaching volumes * Fixes missing ec2 api address disassociate error on failure * Ignore errors when deleting non-existing vifs * VMware: validate that VM exists on backend prior to deletion * VMWare: Fix VM leak when deletion of VM during resizing * Sync process utils from oslo * VMware: prevent race condition with VNC port allocation (bnc#901087, CVE-2014-8750) * Fixes Hyper-V volume mapping issue on reboot * Raise descriptive error for over volume quota * libvirt: Handle unsupported host capabilities * libvirt: Make fakelibvirt.libvirtError match * Adds tests for Hyper-V VM Utils * Removes unnecessary instructions in test_hypervapi * Fixes a Hyper-V list_instances localization issue * Adds list_instance_uuids to the Hyper-V driver * Add _wrap_db_error() support to Session.commit() * Sync process and str utils from oslo (bnc#899190 CVE-2014-7230 CVE-2014-7231) * Fixes Hyper-V agent force_hyperv_utils_v1 flag issue * Fix live-migration failure in FC multipath case * libvirt: Save device_path in connection_info when booting from volume * Fixes Hyper-V boot from volume root device issue * Catch missing Glance image attrs with None * Adds get_instance_disk_info to compute drivers * Include next link when default limit is reached * VM in rescue state must have a restricted set of actions to avoid leaking rescued images (bnc#899199, CVE-2014-3608) * libvirt: return the correct instance path while cleanup_resize * Fix nova image-show with queued image * _translate_from_glance() can cause an unnecessary HTTP request * Neutron: Atomic update of instance info cache * Ensure info cache updates don't overwhelm cells * remove test_multiprocess_api * Fixes Hyper-V resize down exception * libvirt: Use VIR_DOMAIN_AFFECT_LIVE for paused instances * Fix _parse_datetime in simple tenant usage extension * Avoid traceback logs from simple tenant usage extension * Made unassigned networks visible in flat networking * VMware: validate that VM exists on backend prior to deletion (bnc#898371) * Fix attaching config drive issue on Hyper-V when migrate instances * Do not fail cell's instance deletion, if it's missing info_cache * Fixes Hyper-V vm state issue * Update block_device_info to contain swap and ephemeral disks * Loosen import_exceptions to cover all of gettextutils * Fix instance boot when Ceph is used for ephemeral storage * VMware: do not cache image when root_gb is 0 * Delete image when backup operation failed on snapshot step * db: Add @_retry_on_deadlock to service_update() * Fix rootwrap for non openstack.org iqn's * Add Hyper-V driver in the 'compute_driver' option description * Block sqlalchemy migrate 0.9.2 as it breaks all of nova * Move the error check for 'brctl addif' * Add a retry_on_deadlock to reservations_expire * Add expire reservations in backport position * Make floatingip-ip-delete atomic with neutron * add repr for event objects * make lifecycle event logs more clear * Fix race condition with vif plugging in finish migrate * Delay STOPPED lifecycle event for Xen domains (bnc#867922) * Fix FloatingIP.save() passing FixedIP object to sqlalchemy * fix filelist * use %_rundir if available, otherwise /var/run * Fix expected error details from jsonschema * replace NovaException with VirtualInterfaceCreate when neutron fails * Fixes Hyper-V SCSI slot selection * libvirt: convert cpu features attribute from list to a set * Read deleted instances during lifecycle events * shelve doesn't work on nova-cells environment * Mask block_device_info auth_password in virt driver debug logs * only emit deprecation warnings onceSecurity Issues:
* CVE-2014-3708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708> * CVE-2014-3608 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608> * CVE-2014-7230 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230> * CVE-2014-7231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231> * CVE-2014-8750 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8750> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150324-1/
- https://bugzilla.suse.com/867922
- https://bugzilla.suse.com/897815
- https://bugzilla.suse.com/898371
- https://bugzilla.suse.com/899190
- https://bugzilla.suse.com/899199
- https://bugzilla.suse.com/901087
- https://bugzilla.suse.com/903013
- https://www.suse.com/security/cve/CVE-2014-3608
- https://www.suse.com/security/cve/CVE-2014-3708
- https://www.suse.com/security/cve/CVE-2014-7230
- https://www.suse.com/security/cve/CVE-2014-7231
- https://www.suse.com/security/cve/CVE-2014-8750