SUSE-SU-2015:0324-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150324-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0324-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0324-1
Related
Published
2015-01-19T16:34:28Z
Modified
2015-01-19T16:34:28Z
Summary
Security update for openstack-nova
Details

This update for openstack-nova provides stability fixes from the upstream OpenStack project:

* Add @retry_on_deadlock to _instance_update()
* Fix nova-compute start issue after evacuate
* Fix nova evacuate issues for RBD
* Add _wrap_db_error() support to SessionTransaction.commit()
* Fixes DoS issue in instance list ip filter (bnc#903013,
  CVE-2014-3708)
* Make the block device mapping retries configurable
* Retry on closing of luks encrypted volume in case device is busy
* Nova api service doesn't handle SIGHUP properly
* Fix XML UnicodeEncode serialization error
* share neutron admin auth tokens
* Fix CellStateManagerFile init to failure
* postgresql: use postgres db instead of template1
* Fix instance cross AZ check when attaching volumes
* Fixes missing ec2 api address disassociate error on failure
* Ignore errors when deleting non-existing vifs
* VMware: validate that VM exists on backend prior to deletion
* VMWare: Fix VM leak when deletion of VM during resizing
* Sync process utils from oslo
* VMware: prevent race condition with VNC port allocation (bnc#901087,
  CVE-2014-8750)
* Fixes Hyper-V volume mapping issue on reboot
* Raise descriptive error for over volume quota
* libvirt: Handle unsupported host capabilities
* libvirt: Make fakelibvirt.libvirtError match
* Adds tests for Hyper-V VM Utils
* Removes unnecessary instructions in test_hypervapi
* Fixes a Hyper-V list_instances localization issue
* Adds list_instance_uuids to the Hyper-V driver
* Add _wrap_db_error() support to Session.commit()
* Sync process and str utils from oslo (bnc#899190 CVE-2014-7230
  CVE-2014-7231)
* Fixes Hyper-V agent force_hyperv_utils_v1 flag issue
* Fix live-migration failure in FC multipath case
* libvirt: Save device_path in connection_info when booting from volume
* Fixes Hyper-V boot from volume root device issue
* Catch missing Glance image attrs with None
* Adds get_instance_disk_info to compute drivers
* Include next link when default limit is reached
* VM in rescue state must have a restricted set of actions to avoid
  leaking rescued images (bnc#899199, CVE-2014-3608)
* libvirt: return the correct instance path while cleanup_resize
* Fix nova image-show with queued image
* _translate_from_glance() can cause an unnecessary HTTP request
* Neutron: Atomic update of instance info cache
* Ensure info cache updates don't overwhelm cells
* remove test_multiprocess_api
* Fixes Hyper-V resize down exception
* libvirt: Use VIR_DOMAIN_AFFECT_LIVE for paused instances
* Fix _parse_datetime in simple tenant usage extension
* Avoid traceback logs from simple tenant usage extension
* Made unassigned networks visible in flat networking
* VMware: validate that VM exists on backend prior to deletion
  (bnc#898371)
* Fix attaching config drive issue on Hyper-V when migrate instances
* Do not fail cell's instance deletion, if it's missing info_cache
* Fixes Hyper-V vm state issue
* Update block_device_info to contain swap and ephemeral disks
* Loosen import_exceptions to cover all of gettextutils
* Fix instance boot when Ceph is used for ephemeral storage
* VMware: do not cache image when root_gb is 0
* Delete image when backup operation failed on snapshot step
* db: Add @_retry_on_deadlock to service_update()
* Fix rootwrap for non openstack.org iqn's
* Add Hyper-V driver in the 'compute_driver' option description
* Block sqlalchemy migrate 0.9.2 as it breaks all of nova
* Move the error check for 'brctl addif'
* Add a retry_on_deadlock to reservations_expire
* Add expire reservations in backport position
* Make floatingip-ip-delete atomic with neutron
* add repr for event objects
* make lifecycle event logs more clear
* Fix race condition with vif plugging in finish migrate
* Delay STOPPED lifecycle event for Xen domains (bnc#867922)
* Fix FloatingIP.save() passing FixedIP object to sqlalchemy
* fix filelist
* use %_rundir if available, otherwise /var/run
* Fix expected error details from jsonschema
* replace NovaException with VirtualInterfaceCreate when neutron fails
* Fixes Hyper-V SCSI slot selection
* libvirt: convert cpu features attribute from list to a set
* Read deleted instances during lifecycle events
* shelve doesn't work on nova-cells environment
* Mask block_device_info auth_password in virt driver debug logs
* only emit deprecation warnings once

Security Issues:

* CVE-2014-3708
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708>
* CVE-2014-3608
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608>
* CVE-2014-7230
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230>
* CVE-2014-7231
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231>
* CVE-2014-8750
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8750>
References

Affected packages