Your message dated Thu, 28 Feb 2013 04:02:52 +0000
with message-id <[email protected]>
and subject line Bug#701773: fixed in nova 2012.1.1-14
has caused the Debian Bug report #701773,
regarding nova: CVE-2013-0335: VNC proxy can connect to the wrong VM
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
701773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701773
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nova
Version: 2012.1.1-13
Severity: important
Tags: security
Hi,
the following vulnerability was published for nova.
CVE-2013-0335[0]:
VNC proxy can connect to the wrong VM
See also the announcement[1].
Patches for folsom are available[2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-0335
[1] http://marc.info/?l=oss-security&m=136190371727273&w=2
[2] https://review.openstack.org/#/c/22758/
At first glance it looks nova in testing/unstable and also
experimental are affected, could you please double-check?
Could you prepare a fixed pckage for unstable only containing the
needed change and contact the release team?
I have choosen severity important here. If I understand the issue
correctly, it would be possible for a user accessing a VM he does not
own.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2012.1.1-14
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 27 Feb 2013 12:32:52 +0000
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml
nova-compute-xen nova-compute-qemu nova-compute-kvm nova-scheduler nova-volume
nova-api nova-network nova-objectstore nova-console nova-cert nova-xcp-plugins
nova-xcp-network nova-doc nova-xvpvncproxy nova-api-metadata
nova-api-os-compute nova-api-os-volume nova-api-ec2
Architecture: source all
Version: 2012.1.1-14
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-api-ec2 - OpenStack Compute - EC2 API frontend
nova-api-metadata - OpenStack Compute - metadata API frontend
nova-api-os-compute - OpenStack Compute - compute API frontend
nova-api-os-volume - OpenStack Compute - Volume API frontend
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-compute-xen - OpenStack Compute - compute node (Xen)
nova-console - OpenStack Compute - console
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-objectstore - OpenStack Compute - object store
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage
nova-xcp-network - OpenStack Compute network plugin for the Xen Cloud Platform
nova-xcp-plugins - OpenStack Compute plugin for the Xen Cloud Platform
nova-xvpvncproxy - OpenStack Compute - XVP VNC proxy
python-nova - OpenStack Compute - libraries
Closes: 701773
Changes:
nova (2012.1.1-14) unstable; urgency=high
.
* CVE-2013-0335: VNC proxy can connect to the wrong VM (Closes: #701773).
Checksums-Sha1:
df1f010b7013047f0c882143596f8c2b19b9aad5 3073 nova_2012.1.1-14.dsc
07df0e29372918c519ebe18bcbbcb5c07f09c078 66516 nova_2012.1.1-14.debian.tar.gz
d8d772f71630a31d13019b4304d443c35e802acc 1779470
python-nova_2012.1.1-14_all.deb
b7d4e242b7e09e5dd11870c71dcb19d64a69ebd4 41202 nova-common_2012.1.1-14_all.deb
27ddb176499f0e7200a8c6f4e78df8ee6a34af0e 17310 nova-compute_2012.1.1-14_all.deb
9753daa00cf85f3a60cfbaf97ad77a5bfdf631b0 12418
nova-compute-lxc_2012.1.1-14_all.deb
1a9ef2e0ccc6ab9ead9351d6782f2ea7d18ca9ea 12432
nova-compute-uml_2012.1.1-14_all.deb
8ac18e6caf718124bd451a410bebc397e7acadd3 17074
nova-compute-xen_2012.1.1-14_all.deb
f0e6d29e59a54e168f8f2ebdbd5fc9dc64b11ea8 12338
nova-compute-qemu_2012.1.1-14_all.deb
aadde82f8d155070acb6f54ea8f377e74742830e 12420
nova-compute-kvm_2012.1.1-14_all.deb
9efae098617cb43dc8e9f42f41b1c1ea67b6488b 14914
nova-scheduler_2012.1.1-14_all.deb
8c696ea665d68000c386c367669b1cd3b5faa57d 15838 nova-volume_2012.1.1-14_all.deb
2fc13e1a03b9fe6e337c9b7389fe56007743d98e 14814 nova-api_2012.1.1-14_all.deb
7288de44b283da6ab832956bb5e64c173046133b 17744 nova-network_2012.1.1-14_all.deb
a0b4e40903eb688c2255335e1626ca4827ac94e5 15022
nova-objectstore_2012.1.1-14_all.deb
caf8c854441332d262b77b4fc2877aecfa55231d 15508 nova-console_2012.1.1-14_all.deb
f23aa6aa17f1fd7ac8c654df610a5b0c987e089c 14882 nova-cert_2012.1.1-14_all.deb
794ea0bec4d2597bc5412d4d6038271a2a254ad0 34716
nova-xcp-plugins_2012.1.1-14_all.deb
6fe160315c6a6fc6afe23bc7cd1fe6ebe62d2f23 19568
nova-xcp-network_2012.1.1-14_all.deb
540a7b7160ffd5bcdb51a467195c0ad95f0f98d4 1712254 nova-doc_2012.1.1-14_all.deb
cf2318da8a7c1499fbe30da3921605328cd6ac89 14806
nova-xvpvncproxy_2012.1.1-14_all.deb
fa780ab7b1ca41c9bec77429da38f1a76efe042e 14714
nova-api-metadata_2012.1.1-14_all.deb
c666b4346f75790111de879adb3f73f32f561342 14710
nova-api-os-compute_2012.1.1-14_all.deb
b261c8315aab05fd5fe989d4d6c0d8442dc92b9c 14712
nova-api-os-volume_2012.1.1-14_all.deb
32f8bdd639b7fb80b3feae6254cd7ecb65607a9c 14684 nova-api-ec2_2012.1.1-14_all.deb
Checksums-Sha256:
90d7f898f17e1ac685371a436e4b1f350b75602cce768e945bcf07ac8fa6cf8d 3073
nova_2012.1.1-14.dsc
02e5683b5b51b87f8586f6ece8394ec1d4f9e959645d4533af7e61fd4dc1b05e 66516
nova_2012.1.1-14.debian.tar.gz
684f4774959ddcbd5d9afa6d0f6bfafe6ca6abd8438c0740beadebaa76b28fd4 1779470
python-nova_2012.1.1-14_all.deb
8bfe320eabec1be51d296841cdbef5862bb52636d2f98f51a70dcdc90d6ea972 41202
nova-common_2012.1.1-14_all.deb
7338c2586d83cd0b614302174a069ff0f10548e1b17e590dc13bd054b49aad0f 17310
nova-compute_2012.1.1-14_all.deb
a70070257bf75cefb354b5465ec39e0e03042a6f34b511ae739cc5047de5d281 12418
nova-compute-lxc_2012.1.1-14_all.deb
c0c3371e1da4783ad5a02e648a4ac19c5652f83f3aa329924228c8bbdffde467 12432
nova-compute-uml_2012.1.1-14_all.deb
d07f0adc4cf57ad83d48134b746019b43720008b313a2dca81f51782814607c8 17074
nova-compute-xen_2012.1.1-14_all.deb
87fa57018df8f8559e1f2db5257f42c29b6d8ba1298b2d64f3043b1d0c3644dd 12338
nova-compute-qemu_2012.1.1-14_all.deb
f4b1bd36e1945e3f1aa5832dd0dc319653841074d155a1e7a8c07bfcfb6ab8a5 12420
nova-compute-kvm_2012.1.1-14_all.deb
a7f9691b976fe5b561b7795d74ba696eae4054bb8aacdaa0c8d463b0a8ad06b2 14914
nova-scheduler_2012.1.1-14_all.deb
2feb4fe8af44d05355fc686ad1dcdb50e62289d0be814af395f3d90fa1200c73 15838
nova-volume_2012.1.1-14_all.deb
901cd7f767457c708cca314ccca06838b2087ed2af6932136e58d118a18acf32 14814
nova-api_2012.1.1-14_all.deb
a3b727509103324b7fa99bb9abe0f295cc436942b08bc67b96ab44c4dab7a1fe 17744
nova-network_2012.1.1-14_all.deb
bbb924fd2d5a8d99a2a3a7c21c44ae78e93786db3511cd1906c5bbc3dd7865de 15022
nova-objectstore_2012.1.1-14_all.deb
8ffd99eee66ef60924b182e86491edd7ab2b536a9d808ee9a6e409868c138f5c 15508
nova-console_2012.1.1-14_all.deb
0fda4a7cfa642dfa5aa559cac7f539ee9e5b3b77e0590f03dfbd26ab7dfd6e44 14882
nova-cert_2012.1.1-14_all.deb
975f11daa340eab2f0fcedf3716469ef06b15ec152d871a8d1437cac044dce8c 34716
nova-xcp-plugins_2012.1.1-14_all.deb
3dbf715d2cd5f8844224cb2d202887fa439a94490014dd20860cc43dccd80ecc 19568
nova-xcp-network_2012.1.1-14_all.deb
8d47c76220dfba30eee7058def1833c8cb414edbee3027cbcc40b847d4db77a6 1712254
nova-doc_2012.1.1-14_all.deb
8150d75000517ea8cfd9f85993ec58bcc88ab185d54c6af672f358390889f8dc 14806
nova-xvpvncproxy_2012.1.1-14_all.deb
d62c8fad04a3b2644a00d927b58497d6ea8809d441fc7bc113dc58151b7d6a18 14714
nova-api-metadata_2012.1.1-14_all.deb
ba5795e5ab173b531111a82ca28c10d12c5d8327f05f56a9a2856fac80a890ce 14710
nova-api-os-compute_2012.1.1-14_all.deb
04f307d6524548fc64f4245b3ac375ec7bc2e259ba6ff14b79d0ea91439a525c 14712
nova-api-os-volume_2012.1.1-14_all.deb
b97273255536671606124fbdd72f637ca33855071940a7e3a2cdce52f4c84ad1 14684
nova-api-ec2_2012.1.1-14_all.deb
Files:
c1118069b0bc9270b62db75d398d91a2 3073 net extra nova_2012.1.1-14.dsc
f1bfb3dfd61e7c2181783fb574fe388b 66516 net extra nova_2012.1.1-14.debian.tar.gz
692eda100be76891a4fef574ad464801 1779470 python extra
python-nova_2012.1.1-14_all.deb
75c4734407e70821884c798d94e0076a 41202 net extra
nova-common_2012.1.1-14_all.deb
ff3b5865d6c570c9d9544f170ad7c8d2 17310 net extra
nova-compute_2012.1.1-14_all.deb
ed4b18e96e4dbf53f7b19fa257a6d126 12418 net extra
nova-compute-lxc_2012.1.1-14_all.deb
e52be93df4268249161a6c8e95019862 12432 net extra
nova-compute-uml_2012.1.1-14_all.deb
986306b3560daf27dc95c64212ff7d91 17074 net extra
nova-compute-xen_2012.1.1-14_all.deb
c11a24092ccfaa9edb1525e40c550162 12338 net extra
nova-compute-qemu_2012.1.1-14_all.deb
dd3452db06367cae90ee86759759edfc 12420 net extra
nova-compute-kvm_2012.1.1-14_all.deb
7284b8277d4bffec7deb415366665680 14914 net extra
nova-scheduler_2012.1.1-14_all.deb
73e6ca8638cabe4e4eaba11a1dc022e5 15838 net extra
nova-volume_2012.1.1-14_all.deb
ae6d94d7e396c27149c2b1ee3443c518 14814 net extra nova-api_2012.1.1-14_all.deb
1c4c2130d5f4d03fdf9951826220683c 17744 net extra
nova-network_2012.1.1-14_all.deb
151d3c34cd6a1279efd72beea7540f6d 15022 net extra
nova-objectstore_2012.1.1-14_all.deb
abc1c59da98683bd78b384ae523171eb 15508 net extra
nova-console_2012.1.1-14_all.deb
5122d4f4a9dce95b88f89a6187da2655 14882 net extra nova-cert_2012.1.1-14_all.deb
f313e708150eb8fd0667128fbab34e17 34716 net extra
nova-xcp-plugins_2012.1.1-14_all.deb
4c1dbaebebd95aacc012cd50e4785367 19568 net extra
nova-xcp-network_2012.1.1-14_all.deb
4224b9487d3d1badbc66f9edddc6d0f9 1712254 doc extra nova-doc_2012.1.1-14_all.deb
2e7f907186feca349e7a0e6aecf5be32 14806 net extra
nova-xvpvncproxy_2012.1.1-14_all.deb
422f38bc76cf26b6e825421bc54ea3da 14714 net extra
nova-api-metadata_2012.1.1-14_all.deb
e09911dd31fae5ddd743d4dd35d5a29b 14710 net extra
nova-api-os-compute_2012.1.1-14_all.deb
6954becb9b17324ee73d56aaf5088420 14712 net extra
nova-api-os-volume_2012.1.1-14_all.deb
d29134a55d513d16579ad44c9fbdfa3a 14684 net extra
nova-api-ec2_2012.1.1-14_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlEu050ACgkQl4M9yZjvmkmB8ACgkpSAxVEfqL/HelEbJNr9gc2/
EuUAnRAAwXJH+LYEF2wj5/v4CjOByGkL
=dl9y
-----END PGP SIGNATURE-----
--- End Message ---
