Описание
Security update for Cloud Compute 12
This collective update for the Cloud Compute 12 Module provides several fixes and enhancements.
openstack-suse:
- Do not copy upstream Python requirements to the package. (bsc#920573)
openstack-nova:
- Fix metadata not returning just instance private IP. (bsc#934523)
- Enable tenant/user specific instance filtering. (bsc#927625)
- Cleanup allocated networks after rescheduling. (bsc#931839)
- Fix instance filtering. (bsc#927625)
- Websocket Proxy should verify Origin header to prevent Cross-Site WebSocket hijacking. (bsc#917091, CVE-2015-0259)
openstack-neutron:
- Change neutron-ha-tool to read password from /etc/neutron/os_password. (bsc#922751)
- Change port status when it is bound. (bsc#926773)
- Require conntrack-tools for SLE12. (bsc#944339)
- Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bsc#915245)
openstack-ceilometer:
- Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. (bsc#930574)
- Move the cron job to collector package. (bsc#926596)
For a comprehensive list of changes, please refer to the packages' change log.
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
openstack-ceilometer-2014.2.4.dev18-3.2
openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2
openstack-neutron-2014.2.4~a0~dev78-7.2
openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2
openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2
openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2
openstack-nova-2014.2.4~a0~dev61-6.2
openstack-nova-compute-2014.2.4~a0~dev61-6.2
openstack-suse-sudo-2014.2-5.1
python-ceilometer-2014.2.4.dev18-3.2
python-neutron-2014.2.4~a0~dev78-7.2
python-nova-2014.2.4~a0~dev61-6.2
Ссылки
- Link for SUSE-SU-2015:1666-1
- E-Mail link for SUSE-SU-2015:1666-1
- SUSE Security Ratings
- SUSE Bug 915245
- SUSE Bug 917091
- SUSE Bug 920573
- SUSE Bug 922751
- SUSE Bug 926596
- SUSE Bug 926773
- SUSE Bug 927625
- SUSE Bug 930574
- SUSE Bug 931839
- SUSE Bug 934523
- SUSE Bug 944339
- SUSE CVE CVE-2015-0259 page
Описание
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-ceilometer-2014.2.4.dev18-3.2
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-2014.2.4~a0~dev78-7.2
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2
Ссылки
- CVE-2015-0259
- SUSE Bug 917091