Red Hat Enterprise Linux: Updated rhevm-doc package is now available.
Monthly Archives: November 2014
RHBA-2014:1851-1: Red Hat Enterprise Linux OpenStack Platform 4 Bug Fix and Enhancement Advisory
Red Hat Enterprise Linux: Updated openvswitch packages for Red Hat Enterprise Linux OpenStack Platform 4.0
(Havana) are now available.
RHBA-2014:1850-1: virt-who bug fix update
Red Hat Enterprise Linux: An updated virt-who package that fixes one bug is now available for Red Hat
Enterprise Linux 7.
RHBA-2014:1849-1: perl bug fix update
Red Hat Enterprise Linux: Updated perl packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
RHBA-2014:1848-1: sapconf bug fix update
Red Hat Enterprise Linux: An updated sapconf package that fixes one bug is now available for Red Hat
Enterprise Linux 6.
RHBA-2014:1844-1: vdsm 3.4.3-1 bug fix async release
Red Hat Enterprise Linux: Updated vdsm packages that fix a bug are now available.
USN-2405-1: OpenStack Cinder vulnerabilities
Ubuntu Security Notice USN-2405-1
11th November, 2014
cinder vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
OpenStack Cinder could be made to expose sensitive information over the
network.
Software description
- cinder
– OpenStack storage service
Details
Duncan Thomas discovered that OpenStack Cinder did not properly track the
file format when using the GlusterFS of Smbfs drivers. A remote
authenticated user could exploit this to potentially obtain file contents
from the compute host. (CVE-2014-3641)
Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log
message contents. Under certain circumstances, a local attacker with read
access to Cinder log files could obtain access to sensitive information.
(CVE-2014-7230)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-cinder
1:2014.1.3-0ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2406-1: OpenStack Keystone vulnerability
Ubuntu Security Notice USN-2406-1
11th November, 2014
keystone vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
OpenStack Keystone could be made to expose sensitive information over the
network.
Software description
- keystone
– OpenStack identity service
Details
Brant Knudson discovered that OpenStack Keystone did not properly perform
input sanitization when performing endpoint catalog substitution. A remote
attacker with privileged access for creating endpoints could exploit this
to obtain sensitive information.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-keystone
1:2014.1.3-0ubuntu2.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2407-1: OpenStack Nova vulnerabilities
Ubuntu Security Notice USN-2407-1
11th November, 2014
nova vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
OpenStack Nova could be made to expose sensitive information.
Software description
- nova
– OpenStack Compute cloud infrastructure
Details
Garth Mollett discovered that OpenStack Nova did not properly clean up an
instance when using rescue mode with the VMWare driver. A remove
authenticated user could exploit this to bypass intended quota limits. By
default, Ubuntu does not use the VMWare driver. (CVE-2014-3608)
Amrith Kumar discovered that OpenStack Nova did not properly sanitize log
message contents. Under certain circumstances, a local attacker with read
access to Nova log files could obtain access to sensitive information.
(CVE-2014-7230)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-nova
1:2014.1.3-0ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2408-1: OpenStack Neutron vulnerability
Ubuntu Security Notice USN-2408-1
11th November, 2014
neutron vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
OpenStack Neutron would allow unintended access to configuration over the
network.
Software description
- neutron
– OpenStack Virtual Network Service
Details
Elena Ezhova discovered that OpenStack Neutron did not properly perform
access control checks for attributes. A remote authenticated attacker could
exploit this to bypass intended access controls and reset admin-only
attributes to default values.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python-neutron
1:2014.1.3-0ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.