Site Navigation:
security openstack-nova-2012.1.1-14.el6 security update
Release: Fedora EPEL 6
Update ID: FEDORA-EPEL-2012-6679
Builds: openstack-nova-2012.1.1-14.el6 (logs)
Pushed: False
Date Submitted: 2012-08-10 15:22:04
Date Released: 2012-08-10 18:10:08
Submitter: pbrady
Karma: 0
  • Fix CA cert permissions issue introduced in 2012.1.1-10
  • Fix group installation issue introduced in 2012.1.1-10

  • Split out into more sub packages

  • Update from stable upstream including...

  • Fix metadata file injection with xen
  • Fix affinity filters when hints is None
  • Fix marker behavior for flavors
  • Handle local remote exceptions consistently
  • Fix qcow2 size on libvirt live block migration
  • Fix for API listing of os hosts
  • Avoid lazy loading errors on instance_type
  • Avoid casts in network manager to prevent races
  • Conditionally allow queries for deleted flavours
  • Fix wrong regex in cleanup_file_locks
  • Add net rules to VMs on compute service start
  • Tolerate parsing null connection info in BDM
  • Support EC2 CreateImage API for boot from volume
  • EC2 DescribeImages reports correct rootDeviceType
  • Reject EC2 CreateImage for instance store
  • Fix EC2 CreateImage no_reboot logic
  • Convert remaining network API casts to calls
  • Move where the fixed ip deallocation happens
  • Fix the qpid_heartbeat option so that it's effective
  • Update to latest essex stable branch

  • Enable auto cleanup of old cached instance images

  • Fix ram_allocation_ratio based over subscription
  • Expose over quota exceptions via native API
  • Return 413 status on over quota in the native API
  • Fix call to network_get_all_by_uuids
  • Fix libvirt get_memory_mb_total with xen
  • Use compute_api.get_all in affinity filters (CVE-2012-3371)
  • Use default qemu img cluster size in libvirt connect
  • Ensure libguestfs has completed before proceeding

  • Distinguish volume overlimit exceptions

  • Prohibit host file corruption through file injection (CVE-2012-3360, CVE-2012-3361)
  • Support injecting new .ssh/authorized_keys files to SELinux enabled guests
  • Improve performance and stability of file injection
  • add upstart jobs, alternative to sysv initscripts
  • fix an exception caused by the fix for CVE-2012-2654
  • fix the encoding of the dns_domains table (requires a db sync)
  • fix a crash due to a nova services startup race (#825051)
  • Fix for protocol case handling (CVE-2012-2654)

  • Prohibit host file corruption through file injection (CVE-2012-3447)

Bugs Fixed
825052 - Restarting nova-network removes ip packet filters
825051 - qpid timeout causing compute service to crash
829441 - CVE-2012-2654: OpenStack Nova security groups fail to be set correctly [epel-6]
844040 - CVE-2012-3360: OpenStack-Nova: compute nodes file injection in disk images [epel-6]
844039 - CVE-2012-3361: OpenStack-Nova: compute nodes disk image file corruption [epel-6]
844041 - CVE-2012-3371: OpenStack-Nova: Scheduler denial of service through scheduler_hints [epel-6]
846625 - CVE-2012-3447: OpenStack-Nova: compute nodes disk image file corruption (incomplete fix for CVE-2012-3361) [epel-6]
bodhi - 2012-08-10 15:22:55
This update has been submitted for testing by pbrady.
bodhi - 2012-08-10 16:39:00
This update is currently being pushed to the Fedora EPEL 6 testing updates repository.
bodhi - 2012-08-10 18:41:42
This update has been pushed to testing
bodhi - 2012-08-10 23:12:32
This update has been obsoleted by

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters