==========================================================================
Ubuntu Security Notice USN-4104-1
August 19, 2019
nova vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Nova could be made to expose sensitive information.
Software Description:
– nova: OpenStack Compute cloud infrastructure
Details:
Donny Davis discovered that the Nova Compute service could return
configuration or other information in response to a failed API
request in some situations. A remote attacker could use this to expose
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
nova-compute 2:19.0.1-0ubuntu2.1
python3-nova 2:19.0.1-0ubuntu2.1
Ubuntu 18.04 LTS:
nova-compute 2:17.0.10-0ubuntu2.1
python-nova 2:17.0.10-0ubuntu2.1
Ubuntu 16.04 LTS:
nova-compute 2:13.1.4-0ubuntu4.5
python-nova 2:13.1.4-0ubuntu4.5
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4104-1
CVE-2019-14433
Package Information:
https://launchpad.net/ubuntu/+source/nova/2:19.0.1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nova/2:17.0.10-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nova/2:13.1.4-0ubuntu4.5
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEpgY7tWAjCaQ8jrvULwmejQBegfQFAl1bLr4ACgkQLwmejQBe
gfR6sw//Tt92Zgp2Am9xAK2miu0fdD9+n+3SH0w0a41kcmEGyy8IzAAVi7L9JCXl
kqQkP98QTwgMdIpYAyAt3agCm3Rzeagp+HfI7EQ4R1GhT4BNlWBEXpzDyBU3VNT0
5HIkll3BDGrkgDXGnD3os/sE/tgrYEx+lUcZjGMTsqYx9pbMlQVCxmMaA4BIpCaR
o/7p5FTRlUtyQClygOZL7XXHaJjxWA+q89My9t1/bC2CUVckOSwBs3cEXasMM6PL
FzEKsVF3jsBooqDw0l0onehm3rXI6VljQqzMHhNfsqH6OebON1ei+6UYDgABALgM
oPQhIt7vJn+qXKc4PYQ/xNAIbisWjnFPBR0SkBi93k3bEQRgRRs6QgAo0/M89weV
/iIB9T8NzH6JatYsEljFe5QUNnqiAC0ZVF1nspsw/bpXpdjeNCXbRaKiK7UALcFE
Lw7goUpWSD0klsGRjgpX9+K7Y8nhm7M9WjHZQNxfcXoJ8KdjVfZH1gKgT/VgJ+ZX
C9g3u9xM6iQlo+wwT0M2WzSMsqyc3lmA9pNnzt954uSZRr3pNB3UO73ygNnYWdxp
X7YmfumW45r6lpHHqq1gmCOKX0cBPsTOEW6IzEhvzHqjhMQT+TOcRS7g+PZfrswH
W9Z1epwK0WGm3oF1adEJA77a2jM+gyDStWizWhU0IV/DODSo7WE=
=C4gJ
—–END PGP SIGNATURE—–
—