You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openstack

Sigurnosni nedostaci programskog paketa openstack

SUSE Security Update: Security update for several openstack-components
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1443-1
Rating: important
References: #1024328 #1030406 #1032322
Cross-References: CVE-2017-7214 CVE-2017-7400
Affected Products:
SUSE OpenStack Cloud 7
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat,
-keystone, -manila, -magnum and
-novaopenstack-keystone provides the latest code from OpenStack Newton.

– nova: Add release note that legacy notification exception contexts
appearing in ERROR level logs may include sensitive information such as
account passwords and authorization tokens. (bsc#1030406, CVE-2017-7214)
– nova: Remove PrivTmp from openstack-nova-compute service. (bsc#1024328)
– dashboard: Remove dangerous safestring declaration. (bsc#1032322,
CVE-2017-7400)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2017-882=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 7 (noarch):

openstack-ceilometer-7.0.4~a0~dev7-3.1
openstack-ceilometer-agent-central-7.0.4~a0~dev7-3.1
openstack-ceilometer-agent-compute-7.0.4~a0~dev7-3.1
openstack-ceilometer-agent-ipmi-7.0.4~a0~dev7-3.1
openstack-ceilometer-agent-notification-7.0.4~a0~dev7-3.1
openstack-ceilometer-api-7.0.4~a0~dev7-3.1
openstack-ceilometer-collector-7.0.4~a0~dev7-3.1
openstack-ceilometer-doc-7.0.4~a0~dev7-3.2
openstack-ceilometer-polling-7.0.4~a0~dev7-3.1
openstack-cinder-9.1.5~a0~dev1-3.1
openstack-cinder-api-9.1.5~a0~dev1-3.1
openstack-cinder-backup-9.1.5~a0~dev1-3.1
openstack-cinder-doc-9.1.5~a0~dev1-3.1
openstack-cinder-scheduler-9.1.5~a0~dev1-3.1
openstack-cinder-volume-9.1.5~a0~dev1-3.1
openstack-dashboard-10.0.4~a0~dev2-3.1
openstack-glance-13.0.1~a0~dev6-3.1
openstack-glance-api-13.0.1~a0~dev6-3.1
openstack-glance-doc-13.0.1~a0~dev6-3.3
openstack-glance-glare-13.0.1~a0~dev6-3.1
openstack-glance-registry-13.0.1~a0~dev6-3.1
openstack-heat-7.0.4~a0~dev4-4.1
openstack-heat-api-7.0.4~a0~dev4-4.1
openstack-heat-api-cfn-7.0.4~a0~dev4-4.1
openstack-heat-api-cloudwatch-7.0.4~a0~dev4-4.1
openstack-heat-doc-7.0.4~a0~dev4-4.2
openstack-heat-engine-7.0.4~a0~dev4-4.1
openstack-heat-plugin-heat_docker-7.0.4~a0~dev4-4.1
openstack-heat-test-7.0.4~a0~dev4-4.1
openstack-keystone-10.0.2~a0~dev2-6.1
openstack-keystone-doc-10.0.2~a0~dev2-6.2
openstack-magnum-3.1.2~a0~dev22-13.1
openstack-magnum-api-3.1.2~a0~dev22-13.1
openstack-magnum-conductor-3.1.2~a0~dev22-13.1
openstack-magnum-doc-3.1.2~a0~dev22-13.1
openstack-manila-3.0.1~a0~dev27-3.1
openstack-manila-api-3.0.1~a0~dev27-3.1
openstack-manila-data-3.0.1~a0~dev27-3.1
openstack-manila-doc-3.0.1~a0~dev27-3.1
openstack-manila-scheduler-3.0.1~a0~dev27-3.1
openstack-manila-share-3.0.1~a0~dev27-3.1
openstack-nova-14.0.6~a0~dev16-3.1
openstack-nova-api-14.0.6~a0~dev16-3.1
openstack-nova-cells-14.0.6~a0~dev16-3.1
openstack-nova-cert-14.0.6~a0~dev16-3.1
openstack-nova-compute-14.0.6~a0~dev16-3.1
openstack-nova-conductor-14.0.6~a0~dev16-3.1
openstack-nova-console-14.0.6~a0~dev16-3.1
openstack-nova-consoleauth-14.0.6~a0~dev16-3.1
openstack-nova-doc-14.0.6~a0~dev16-3.3
openstack-nova-novncproxy-14.0.6~a0~dev16-3.1
openstack-nova-placement-api-14.0.6~a0~dev16-3.1
openstack-nova-scheduler-14.0.6~a0~dev16-3.1
openstack-nova-serialproxy-14.0.6~a0~dev16-3.1
openstack-nova-vncproxy-14.0.6~a0~dev16-3.1
python-ceilometer-7.0.4~a0~dev7-3.1
python-cinder-9.1.5~a0~dev1-3.1
python-glance-13.0.1~a0~dev6-3.1
python-heat-7.0.4~a0~dev4-4.1
python-horizon-10.0.4~a0~dev2-3.1
python-keystone-10.0.2~a0~dev2-6.1
python-magnum-3.1.2~a0~dev22-13.1
python-manila-3.0.1~a0~dev27-3.1
python-nova-14.0.6~a0~dev16-3.1

References:

https://www.suse.com/security/cve/CVE-2017-7214.html
https://www.suse.com/security/cve/CVE-2017-7400.html
https://bugzilla.suse.com/1024328
https://bugzilla.suse.com/1030406
https://bugzilla.suse.com/1032322


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa openldap

Otkriven je sigurnosni nedostatak u programskom paketu openldap za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanja...

Close