Your message dated Wed, 18 Dec 2013 11:49:40 +0000 with message-id <e1vtfde-0005qt...@franck.debian.org> and subject line Bug#732022: fixed in nova 2013.2.1-1 has caused the Debian Bug report #732022, regarding nova: CVE-2013-7048: Nova live snapshots use an insecure local directory to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 732022: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732022 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: nova Version: 2013.1.3-2 Severity: grave Tags: security upstream Justification: user security hole Hi, So here is one more of the CVE's not checked yet from security-tracker. Wheezy does not seem affected to this. the following vulnerability was published for nova. CVE-2013-7048[0]: Nova live snapshots use an insecure local directory Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writeable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7048 http://security-tracker.debian.org/tracker/CVE-2013-7048 [1] https://bugs.launchpad.net/nova/+bug/1227027 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nova Source-Version: 2013.2.1-1 We believe that the bug you reported is fixed in the latest version of nova, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 732...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated nova package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Dec 2013 16:33:25 +0800 Source: nova Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml nova-compute-qemu nova-compute-kvm nova-conductor nova-cert nova-scheduler nova-volume nova-api nova-network nova-console nova-consoleauth nova-doc nova-cells nova-baremetal nova-consoleproxy Architecture: source all Version: 2013.2.1-1 Distribution: unstable Urgency: high Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Description: nova-api - OpenStack Compute - compute API frontend nova-baremetal - Openstack Compute - baremetal virt nova-cells - Openstack Compute - cells nova-cert - OpenStack Compute - certificate manager nova-common - OpenStack Compute - common files nova-compute - OpenStack Compute - compute node nova-compute-kvm - OpenStack Compute - compute node (KVM) nova-compute-lxc - OpenStack Compute - compute node (LXC) nova-compute-qemu - OpenStack Compute - compute node (QEmu) nova-compute-uml - OpenStack Compute - compute node (UserModeLinux) nova-conductor - OpenStack Compute - conductor service nova-console - OpenStack Compute - console nova-consoleauth - OpenStack Compute - Console Authenticator nova-consoleproxy - OpenStack Compute - NoVNC proxy nova-doc - OpenStack Compute - documentation nova-network - OpenStack Compute - network manager nova-scheduler - OpenStack Compute - virtual machine scheduler nova-volume - OpenStack Compute - storage metapackage python-nova - OpenStack Compute - libraries Closes: 732022 732206 732267 Changes: nova (2013.2.1-1) unstable; urgency=high . * New upstream release (Closes: #732022). This fixes: CVE-2013-7048: Nova live snapshots use an insecure local directory and CVE-2013-6419: Metadata queries from Neutron to Nova are not restricted by tenant. * Added | cut -d" " -f1 when searching for the default gateway interface, in the nova-common.config script that tries to guess the "my_ip" address, just in case there's more than one interface in use (in which case it may fail in non-interactive mode). * Updates the French debconf translation which was broken, thanks to our cheesemaster for the update (Closes: #732267). * Updates the Spanish debconf translation, thanks to jathan <jathanblack...@gmail.com> for this update (Closes: #732206). * Fixes requirement.txt patch (upstream now includes the python-six fix). * Removes patch applied upstream: CVE-2013-4463_CVE-2013-4469_ensure_we_dont_boot_oversized_image.patch * Fix typoe in libvirt_vif_driver (had Hybird instead of Hybrid). * Updates (build-)depends version of python-six (>= 1.4.1) and python-iso8601 (>= 0.1.8). * Removed python-argparse from python-nova depends. Checksums-Sha1: a40092be4e764eacb385f4ef1267048b31e43af1 4540 nova_2013.2.1-1.dsc d0ac681fdb773b118c380cc77804cbf152803768 2875916 nova_2013.2.1.orig.tar.xz de7be9329ab82c20c937798eb0c3a8868823b32d 79095 nova_2013.2.1-1.debian.tar.gz d7fab6d76867fab9d80dbd4ab503c59a2ef94967 1637046 python-nova_2013.2.1-1_all.deb 569a2c4311d67f6e98ad27c89d7a3dc950aad7ef 46082 nova-common_2013.2.1-1_all.deb 940322d118fee94c911997e615436547d92d78a2 18856 nova-compute_2013.2.1-1_all.deb 635e1b9d54465a189bb2909bbb7bba4196cc78c2 14210 nova-compute-lxc_2013.2.1-1_all.deb 5295f1fdfa6f1673113db11aa78ea9bd0bfecefb 14232 nova-compute-uml_2013.2.1-1_all.deb 36822ba121065bf005a43807b392965db45055c6 14220 nova-compute-qemu_2013.2.1-1_all.deb 7f8c44be0f9102fcf37e41af3bcf36aaae3f9862 14296 nova-compute-kvm_2013.2.1-1_all.deb bc41652e544035209ff284bbe306455d0d230d43 16572 nova-conductor_2013.2.1-1_all.deb c1113059b6f6d1ca5e7cf123dec6200d728358c6 16672 nova-cert_2013.2.1-1_all.deb 419e53992594c74a501d846da8f14cf2dc13b410 17682 nova-scheduler_2013.2.1-1_all.deb f8fabf152b736df0ddda72f23a1d4d614664af52 13874 nova-volume_2013.2.1-1_all.deb ec833ddfd9c65f580a439b84cf4e0316a77a9dd1 29574 nova-api_2013.2.1-1_all.deb dbab0b807a5763c7d643953d36b0220ca79b9e98 18750 nova-network_2013.2.1-1_all.deb 589d35e5d6d6fe22af0b03719eddb56d84a7dda9 16690 nova-console_2013.2.1-1_all.deb b91bccd37782c2fba10c448a403f7faa04fdfbd3 16676 nova-consoleauth_2013.2.1-1_all.deb c7634c84da799a12a66eab81bcab9938820dbfe9 1043386 nova-doc_2013.2.1-1_all.deb 396d711b95df480c2952494af67807dbf2c027be 15660 nova-cells_2013.2.1-1_all.deb 3b0e64ef870b0cd63ef4b5e81e292795f169d3f6 16002 nova-baremetal_2013.2.1-1_all.deb 6612b4f6e5f03bc5d3298108e0d41ab9a5af10cc 21424 nova-consoleproxy_2013.2.1-1_all.deb Checksums-Sha256: 4ee71e9edc925c53419119b90153d913bdd3b98d4be57d7e62faecdef2f36d52 4540 nova_2013.2.1-1.dsc 99847c84b6ae16ba44eb81b4d9eddc77fffaeb519f9bf771dd22392906460a7e 2875916 nova_2013.2.1.orig.tar.xz cef70dc46d876fdeea01e61cc944dc6cf1498bf20bbc90a30e3d67884c977fd3 79095 nova_2013.2.1-1.debian.tar.gz dd794466f08f92200390d2b401de8f38c6b00aebc46f8c026924546347d4c865 1637046 python-nova_2013.2.1-1_all.deb e840f41c855f345074a2f50b760d019ba3d80094439ca5219eae092da326d67d 46082 nova-common_2013.2.1-1_all.deb 56b5eae5431bcf9a35dd2351c965a9a54a8bbaa5fa5785e0bf8455d472911d78 18856 nova-compute_2013.2.1-1_all.deb 578a32f44c2a78ded931717979c9c48f3aae59d213b0c7a1b2c9566dd4cd9ad3 14210 nova-compute-lxc_2013.2.1-1_all.deb 9fb5cd170840fce71c88c7c46839aae679ee8596445520b7e40237d8c957330c 14232 nova-compute-uml_2013.2.1-1_all.deb f85df7d5cb926fc44e56642435c007d19ed2e1e4675db63c22a766f3279a5f6b 14220 nova-compute-qemu_2013.2.1-1_all.deb 0f00e92ede25894997b89cc0e191c3e7c6a5b4ff29b51e3be013feea956aa5a2 14296 nova-compute-kvm_2013.2.1-1_all.deb 7464c0a4e0be2e80c4bb59501fc97cfd937902a5d6525f8880046def2bc1b884 16572 nova-conductor_2013.2.1-1_all.deb 768b0b4b4b576fce51eb2a7251492251c796f51b5e75294254523f3dbb1f5190 16672 nova-cert_2013.2.1-1_all.deb 737a9f45d1b5d1ed1a462dc72681eab36afa5a08ba2c8419dad4a0a24b1643ad 17682 nova-scheduler_2013.2.1-1_all.deb 78bb76473c71ebb735398024b75ebfa4644f45dcc530478d0151c225641ced60 13874 nova-volume_2013.2.1-1_all.deb 39c8cb91c04ac13cb6a2432957b951e13114584121508c7b1c1cadf4b881ae3a 29574 nova-api_2013.2.1-1_all.deb d40500707485488de1ef38f01aa75be2a7168c86bc6a0bb9cc60d6a15f90a642 18750 nova-network_2013.2.1-1_all.deb 28a8ba262d0226d56e79c0b0c06edf249db2d23979dda37526b33d1b9516972e 16690 nova-console_2013.2.1-1_all.deb 684050a34cd428757fe7fb86d7a975fe2d5694f6099b1e40c05313a7ffa18bee 16676 nova-consoleauth_2013.2.1-1_all.deb e4a69230c949a11d2ff5df7f7f484d505709712dea5c24ec07ec621ba195765d 1043386 nova-doc_2013.2.1-1_all.deb ce75803f6cddeeb0aada629b1c53314b50f9d7085bbb0468f947e79e8c2182f8 15660 nova-cells_2013.2.1-1_all.deb 354eba63e026097d4aea084335c88c166b9f61f2d2120e3e8fd2aecdae3979cb 16002 nova-baremetal_2013.2.1-1_all.deb 9362aa9279077011a8f4dde3b373d337994fa72301d951ca06758320e49d63b7 21424 nova-consoleproxy_2013.2.1-1_all.deb Files: f8688bcc12928ed94d80f0d81d1b002d 4540 net extra nova_2013.2.1-1.dsc 97bef804da08c480118105de8c38c409 2875916 net extra nova_2013.2.1.orig.tar.xz 236143682733527fabd5f99b3b136ada 79095 net extra nova_2013.2.1-1.debian.tar.gz eb3cbb174d4e7be0baeb187852b21efc 1637046 python extra python-nova_2013.2.1-1_all.deb 97a0e923fef6de735065c89d545210a0 46082 net extra nova-common_2013.2.1-1_all.deb f79ef881c684c47d48cb36b5d910fad9 18856 net extra nova-compute_2013.2.1-1_all.deb 5608b8a0539f5af389012aa8da1edb73 14210 net extra nova-compute-lxc_2013.2.1-1_all.deb d40f4d1323eb8703763c804950968862 14232 net extra nova-compute-uml_2013.2.1-1_all.deb a460964ac77058af6479ddc7a40dcbad 14220 net extra nova-compute-qemu_2013.2.1-1_all.deb 89ae23c1182e8e18378c0e7eb2a1e3a0 14296 net extra nova-compute-kvm_2013.2.1-1_all.deb 17c6ce5cfa60d39a4c4b9229807dd03c 16572 net extra nova-conductor_2013.2.1-1_all.deb 33d5caf930b0cf58ac079c3e94a88c2f 16672 net extra nova-cert_2013.2.1-1_all.deb db3954ffa9b6c3b0fd8528af5251e3d1 17682 net extra nova-scheduler_2013.2.1-1_all.deb aa3fdc83b0ecede46e7aa4e2b39bd25b 13874 oldlibs extra nova-volume_2013.2.1-1_all.deb 5031a7afade5ebe0c124721cba3a87f6 29574 net extra nova-api_2013.2.1-1_all.deb edbd19b66fa54fcf93ead75dd2d3d381 18750 net extra nova-network_2013.2.1-1_all.deb 09718f4b4f5aa2e4721e2050ff3377ff 16690 net extra nova-console_2013.2.1-1_all.deb 2ff4e13d526a49103de36d08a609bd03 16676 net extra nova-consoleauth_2013.2.1-1_all.deb 67e89a60f023e14bd2469e202807ce57 1043386 doc extra nova-doc_2013.2.1-1_all.deb 5f0776b08a2396e3e02615cef6953661 15660 net extra nova-cells_2013.2.1-1_all.deb 1b390ef12ae46eabb14fa99cdfe7c367 16002 net extra nova-baremetal_2013.2.1-1_all.deb 9a136c306f569590b8323ba2063c74a6 21424 net extra nova-consoleproxy_2013.2.1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSsYghAAoJENQWrRWsa0P+AzEP/0fX8X4Sk1QkNXnQBR76iKhK 4dO+fLaU381LOPmMgWCAXDm6/MwbPtyOD+Kslj/ZZQ+qeV12WQCx1AUZDKs/zRR4 SD3Shz0O5BRuMYZS7FhbXGRK60jfOxw0ERbv72RHOFPqcfGk7hKiNfOLWDxn2FXC AGHU7hF5MGIYeAcUNn5i7NAyG7gQZteEi4lCA675iQ5detjp0xPtL+26mqcZOiJV tQhB//JD06XEij8RxM+EGi5o5feQjyaC0ylljTHv127EY5EZq5WOCw5XDAjzjTdh GopaX0ulfTnkRTxpEHee2dPw0XSzKs1zwtUzkn6MXFbfuCKfpTOkGuV7bS5860mT 6CtcJgWDfD8yXef4AP4GcTOmpZMgsIRfu7xZlQhHIakyp1M1E0oy0i3HmZxHb9AE RM6Nv0z6cMetPAGaHU7G2JbVLHZ0xzxmHwKh3vcmKw+wpw/dTxDy/tT1IzqxIm7I H+M6zQ9XogfoPke9w3YuF1fkJveF2Yf+F6a7eSj5CpNI0Ag9IVsLYYWEKybSILvK OSWWHd9ogEzoH7bIuKebU2aJVaPKH5zb8KSku/xHwII6vCmaMTiHTtcvkxXk0l+i 34TFpMi1PICBREOQcp5JafwBom6982WQ9puRb9iCf1W+DUqoWwNpdX+dpTEPxJ5a wAr6jluIGQPdUPxgZiYA =2S6g -----END PGP SIGNATURE-----
--- End Message ---
