Bug#718905: marked as done (nova: CVE-2013-2256: Resource limit circumvention in Nova private flavors)

[Debian Bug Tracking System]

Your message dated Wed, 07 Aug 2013 21:07:37 +0000
with message-id <e1v7axf-00028g...@franck.debian.org>
and subject line Bug#718905: fixed in nova 2013.1.2-3
has caused the Debian Bug report #718905,
regarding nova: CVE-2013-2256: Resource limit circumvention in Nova private 
flavors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
718905: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718905
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: nova
Severity: grave
Tags: security upstream patch

Hi,

the following vulnerability was published for nova.

CVE-2013-2256[0]:
Resource limit circumvention in Nova private flavors

More details are given in [1] and [2] which also have patches/commits
for various releases.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-2256
[1] https://bugs.launchpad.net/nova/+bug/1194093
[2] http://marc.info/?l=oss-security&m=137580148109212&w=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: nova
Source-Version: 2013.1.2-3

We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 718...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated nova package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 07 Aug 2013 11:28:26 +0200
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml 
nova-compute-xen nova-compute-qemu nova-compute-kvm nova-xcp-plugins 
nova-conductor nova-cert nova-scheduler nova-volume nova-api nova-network 
nova-console nova-consoleauth nova-doc nova-cells nova-baremetal 
nova-consoleproxy
Architecture: source all
Version: 2013.1.2-3
Distribution: unstable
Urgency: low
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description: 
 nova-api   - OpenStack Compute - compute API frontend
 nova-baremetal - Openstack Compute - baremetal virt
 nova-cells - Openstack Compute - cells
 nova-cert  - OpenStack Compute - certificate manager
 nova-common - OpenStack Compute - common files
 nova-compute - OpenStack Compute - compute node
 nova-compute-kvm - OpenStack Compute - compute node (KVM)
 nova-compute-lxc - OpenStack Compute - compute node (LXC)
 nova-compute-qemu - OpenStack Compute - compute node (QEmu)
 nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
 nova-compute-xen - OpenStack Compute - compute node (Xen)
 nova-conductor - OpenStack Compute - conductor service
 nova-console - OpenStack Compute - console
 nova-consoleauth - OpenStack Compute - Console Authenticator
 nova-consoleproxy - OpenStack Compute - NoVNC proxy
 nova-doc   - OpenStack Compute - documentation
 nova-network - OpenStack Compute - network manager
 nova-scheduler - OpenStack Compute - virtual machine scheduler
 nova-volume - OpenStack Compute - storage metapackage
 nova-xcp-plugins - OpenStack Compute plugin for the Xen Cloud Platform
 python-nova - OpenStack Compute - libraries
Closes: 718905 718907 718965
Changes: 
 nova (2013.1.2-3) unstable; urgency=low
 .
   [ Julien Cristau ]
   * Add logrotate configuration for nova-manage.log.
 .
   [ Thomas Goirand ]
   * Added some logic to purge /etc/init.d/nova-xcp-network if it's there, and
     have upgrade working (Closes: #718965). Thanks to Andreas Beckmann for his
     bug report.
   * CVE-2013-2256: fixes ACL on public flavors (Closes: #718905).
   * CVE-2013-4185: stops a potential DOS with source security groups by using
     cached nwinfo for secgroup rules (Closes: #718907).
   * Added missing nova-common pre-depends: net-tools.
   * Fixed upgrade of nova-xcp-network to nova-xcp-plugins (Closes: #718965).
Checksums-Sha1: 
 6cdada767de34cb95af942753722b43f91a6318b 3645 nova_2013.1.2-3.dsc
 fe93b0d4dd218851b043b87c3eedf24ed8416954 68056 nova_2013.1.2-3.debian.tar.gz
 3eb939e95d48de6aff14a0e09dd91b96ad334754 1258026 python-nova_2013.1.2-3_all.deb
 92a0ffba2a42e5ee2e3c4bcc3b4e0f77026df182 50518 nova-common_2013.1.2-3_all.deb
 3a8b3efbe0933bd87f2b0711e9c9c0084fe729f8 18460 nova-compute_2013.1.2-3_all.deb
 683ca048b7c9db3e266cfce433a62501f534e4e8 13096 
nova-compute-lxc_2013.1.2-3_all.deb
 1554d28e0fc4dc70c037777b6011d1fe4048b1d2 13116 
nova-compute-uml_2013.1.2-3_all.deb
 cc3ffa6f1ef4f1d070a08da82220d8364fcd5bee 23560 
nova-compute-xen_2013.1.2-3_all.deb
 67f7d6413c38d825df0816083b05a7a07db50760 13096 
nova-compute-qemu_2013.1.2-3_all.deb
 b2fa7c123f7bee13117c91c91b400ef45ae73f29 13180 
nova-compute-kvm_2013.1.2-3_all.deb
 2e3d2c3906ef8053652fc81a915e7301709e6c5f 35162 
nova-xcp-plugins_2013.1.2-3_all.deb
 979789830067b878c5ad6f38ef7ea229049069cf 15932 
nova-conductor_2013.1.2-3_all.deb
 efff8c4410cd2a0e275ad61f6c8866c9d9275c6e 16004 nova-cert_2013.1.2-3_all.deb
 6c911e5d484c70f64cd11964dfa9ee2b508c7b9f 17568 
nova-scheduler_2013.1.2-3_all.deb
 691d9ddc27551f0203278121e8cca1a7fb1e69c6 12782 nova-volume_2013.1.2-3_all.deb
 767d6bf4c355e5c47f04ba8aea131770703faf87 23400 nova-api_2013.1.2-3_all.deb
 fa6d4025ceb5c4b205e830955ad6c826539d5842 19204 nova-network_2013.1.2-3_all.deb
 e415df159228c3a59407874e3660a59e6076c112 16052 nova-console_2013.1.2-3_all.deb
 a0f1a6932ea13896d40c50bc7879534cfbd4d3f9 15820 
nova-consoleauth_2013.1.2-3_all.deb
 0a33b153d16de8d92bbcd6243f9bb9313397c8d2 2194360 nova-doc_2013.1.2-3_all.deb
 09b355858a547e999434caf5bf5f026a1012a1e2 15050 nova-cells_2013.1.2-3_all.deb
 faf541cfae0609fece20e242b164c68a39b8720d 19424 
nova-baremetal_2013.1.2-3_all.deb
 c8ff655d34931c26f8e4baf1c10cb3b2cafafa31 19158 
nova-consoleproxy_2013.1.2-3_all.deb
Checksums-Sha256: 
 fa79705f7287a9006c801193700475136ab30c00fffc1506ab099544c870a08d 3645 
nova_2013.1.2-3.dsc
 084864dd3d4b36e00c15e4bbb966b918fbbad710d990b46f1e5c27ac299ba601 68056 
nova_2013.1.2-3.debian.tar.gz
 36749ade55933242bce5e541c477ed0125cae92a624aba3675075cb3cd1a9401 1258026 
python-nova_2013.1.2-3_all.deb
 db81d34b4076c7f3f2ff421b4b05003d072a0f925e345372fdc30b3135ecbb55 50518 
nova-common_2013.1.2-3_all.deb
 93ee9bf9e3a4f82235b20e9d8e4722feceba548eb058ab3fa4ba8a29132bb2bb 18460 
nova-compute_2013.1.2-3_all.deb
 3d8a9cd5a8577171841b92e27b871b179912cc7c9c07a120105d178493e7fb77 13096 
nova-compute-lxc_2013.1.2-3_all.deb
 353da1d00e01f37851fbb0cfeecb04f35950651e306e35c40d1e69f82972d91c 13116 
nova-compute-uml_2013.1.2-3_all.deb
 0b37a03ad2003fe9b3371d82550da897508347b2e4f4087a6127714728a344da 23560 
nova-compute-xen_2013.1.2-3_all.deb
 0635dc20b00d0af7972b8ff99123923b3066c009fe420ee12a05ad0e3a63ca0e 13096 
nova-compute-qemu_2013.1.2-3_all.deb
 f785f6fd1d84abe199e3ee331fa3ea2474ed00a73e7c20f3b71ea368b22f0416 13180 
nova-compute-kvm_2013.1.2-3_all.deb
 a04255ca52dbff57fd22e2461933d31e197706d9c3a0ebab05d830bfc326dbbc 35162 
nova-xcp-plugins_2013.1.2-3_all.deb
 945439c81d332d9de8a996822012a7230979ac00fc2bfedcc7037e248e812729 15932 
nova-conductor_2013.1.2-3_all.deb
 fc485c2ca03570e83e576a3f8158a660e05d45cce9a66011f5f8c041601bfdc5 16004 
nova-cert_2013.1.2-3_all.deb
 5c70fa131a78416a2779cfd5037de27c03a38cb8e538f195295d576ac662688b 17568 
nova-scheduler_2013.1.2-3_all.deb
 d0823826f4bcdedb4f94869664d1660253a3d7df96ed72d46f5e7dcf886ee709 12782 
nova-volume_2013.1.2-3_all.deb
 4abd704ba444df004564ab115ac61f77a38ba872b50932e042388f20a7b90d64 23400 
nova-api_2013.1.2-3_all.deb
 209dff4e75108b065a000558c02409b726e8cce18c3394c7080b49f4fd44cb3f 19204 
nova-network_2013.1.2-3_all.deb
 d053689a38f356fa1ead68826001e345298497b74e707b23acfe3d05800980c7 16052 
nova-console_2013.1.2-3_all.deb
 615317d71b77479c6f16ee4748e8bb71bccbc32beb44616d6da0dc82f2eb11d7 15820 
nova-consoleauth_2013.1.2-3_all.deb
 c78e0173624f9b7d65591f2b60348046f3dbf66c234faeab33b35009a1fbb795 2194360 
nova-doc_2013.1.2-3_all.deb
 c8f18eb61cfa1bfaaf41b4bf4bb68141b32efbc4f0ed67889b9133a702e656b4 15050 
nova-cells_2013.1.2-3_all.deb
 6359cfc1ec3008de56e21beac925e8faddece6b2a9f99440a3a34081ef350606 19424 
nova-baremetal_2013.1.2-3_all.deb
 6d6d553f151d2f7f73413cb0052f697a42a402eef0b09ee1f59776d0c48234e9 19158 
nova-consoleproxy_2013.1.2-3_all.deb
Files: 
 22d869271160e247c9889357fded7704 3645 net extra nova_2013.1.2-3.dsc
 57918eb1924ad338ab26e4708777b838 68056 net extra nova_2013.1.2-3.debian.tar.gz
 5377f6779f4aad825aed01c656da1baf 1258026 python extra 
python-nova_2013.1.2-3_all.deb
 4f35e8d347c977b303692dfe49c925a6 50518 net extra nova-common_2013.1.2-3_all.deb
 b4e8e66de6ddf4a3d501191cca943b5e 18460 net extra 
nova-compute_2013.1.2-3_all.deb
 984923daded883ae9b9b122690f5e4af 13096 net extra 
nova-compute-lxc_2013.1.2-3_all.deb
 1516f9d2e45569fe0cf09e3b72e3a53a 13116 net extra 
nova-compute-uml_2013.1.2-3_all.deb
 08284f9f82e809b6da8ed2b6ac8dfc83 23560 net extra 
nova-compute-xen_2013.1.2-3_all.deb
 734312a943b7f5333422b8fccf4aa213 13096 net extra 
nova-compute-qemu_2013.1.2-3_all.deb
 8c5b536f65407555928078101da1f032 13180 net extra 
nova-compute-kvm_2013.1.2-3_all.deb
 c4ff9f2c61dc580bfc941217741bcea8 35162 net extra 
nova-xcp-plugins_2013.1.2-3_all.deb
 e4ac88f23f9fa9bb794bcbe9af22c15a 15932 net extra 
nova-conductor_2013.1.2-3_all.deb
 50142c5526cb066413787254cdea250a 16004 net extra nova-cert_2013.1.2-3_all.deb
 a38f173c9f33a0029ee9aa5ddec96a9c 17568 net extra 
nova-scheduler_2013.1.2-3_all.deb
 a9f21faba3d2848e3467529f342149e5 12782 oldlibs extra 
nova-volume_2013.1.2-3_all.deb
 19f186842e7d35756c9506e7b62b47a5 23400 net extra nova-api_2013.1.2-3_all.deb
 3e657763a1347cdc714a58be1ae0287a 19204 net extra 
nova-network_2013.1.2-3_all.deb
 5a3eced143b8c362813a445f79f5e8c8 16052 net extra 
nova-console_2013.1.2-3_all.deb
 f41c039906349866205a0c4599029886 15820 net extra 
nova-consoleauth_2013.1.2-3_all.deb
 842c30f62741a6d333e68156179387cd 2194360 doc extra nova-doc_2013.1.2-3_all.deb
 d9c2fb16c637afbcdef54c2d4a28b579 15050 net extra nova-cells_2013.1.2-3_all.deb
 e8d7381034e61000f1ce558c21878cb6 19424 net extra 
nova-baremetal_2013.1.2-3_all.deb
 8c3945de1f7e62d22e088d58db52c1a7 19158 net extra 
nova-consoleproxy_2013.1.2-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlICo4AACgkQl4M9yZjvmkm4FACeNv7xlVrgP3a7A2bADjMokJJL
ejoAoNmpiSxLucnNII5uSmA3G+qGS5XM
=ios3
-----END PGP SIGNATURE-----

--- End Message ---