Detections
Analytics

openSUSE Security Update : openstack (openSUSE-2013-237)

medium Nessus Plugin ID 74936

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The Openstack Stack components were updated to Folsom level as of March 5th.

Changes in openstack-cinder :

 - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update cinder-config-update.diff: update etc/cinder/api-paste.ini to have a signing_dir key under [filter:authtoken]. Otherwise, cinder-api won't start.
 This was done with commit de289a6 in Grizzly.

 - Update to version 2012.2.4+git.1362502414.95a620b :

 + Check for non-default volume name template.

 + Fix error for extra specs update with empty body.

 - Update to version 2012.2.4+git.1361527687.68de70d :

 + Add a safe_minidom_parse_string function.
 (CVE-2013-1664)

 - Set auth_strategy to keystone for a good out-of-the-box experience

 - Add cinder-config-update.diff: move configuration changes to a patch, instead of using sed.

 - Update to version 2012.2.4+git.1360133755.a8caa79 :

 + Final versioning for 2012.2.3

 + Bump version to 2012.2.4

 + Fix typo in cinder/db/api.py

 - Update to version 2012.2.3+git.1358429029.cdf6c13 :

 + Add commands used by NFS volume driver to rootwrap

Changes in openstack-dashboard :

 - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Backport packaging changes we did for Grizzly to fix theming :

 + define a production %bcond_with that will determine whether offline compression is used or not.

 + if not using the production feature, have a nodejs Requires.

 + move compression steps to %prep.

 + by default, use the non-production mode for greater flexibility.

 - Do not use 'SUSE Cloud' as site branding: this is not SUSE Cloud.

 - Update to version 2012.2.4+git.1362503968.8ece3c7 :

 + pin django to 1.4.x stream

 - Update to version 2012.2.4+git.1361527741.0a42fa0 :

 + Prevent the user from creating a single IP address sized network

 + Add UTC offset information to the timezone

 - Update to version 2012.2.4+git.1360133827.f421145 :

 + Final versioning for 2012.2.3

 + Bump version to 2012.2.4

 - Update to version 2012.2.2+git.1359111868.20fa0fc :

 + Pin docutils to 0.9.1, fix pep8 errors

 + Fix bug 1055929 - Can not display usage data for Quota Summary.

 + Revert 'Temp fix for api/keystone.py'

 + Specify floating ips table action column's width

 + Allow setting nova quotas to unlimited

 + Add a check for unlimited quotas

 + Avoid cinder calls, when cinder is unavailable

 + Don't inherit from base.html in 500 error page

 + Don't show the EC2 Credentials panel if there is no EC2 service

 - Drop horizon-ssl.patch: merged upstream.

Changes in openstack-glance :

 - Do not return location in headers (CVE-2013-1840)

 - This fixes bnc#808626.

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update to version 2012.2.4+git.1362583521.1fb759d :

 + Swallow UserWarning from glance-cache-manage

 + Avoid dangling partial image on size/checksum mismatch

 - Update to version 2012.2.4+git.1362503824.afe6166 :

 + Fix broken JSON schemas in v2 tests

 + Prints list-cached dates in isoformat

 - Update to version 2012.2.4+git.1360133885.98d9928 :

 + Bump version to 2012.2.4

 - Update to version 2012.2.3+git.1359529730.a5b0f4e :

 + Change useexisting to extend_existing to fix deprecation warnings.

 + Remove Swift location/password from messages.
 (CVE-2013-0212)

Changes in openstack-keystone :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - fix logging.conf to be about keystone and have absolute path

 - Update to version 2012.2.4+git.1362502288.8690166 :

 + Sync timeutils to pick up normalize fix.

 + Backport of fix for 24-hour failure of pki.

 - Update to version 2012.2.4+git.1361527873.37b3532 :

 + Disable XML entity parsing (CVE-2013-1664, CVE-2013-1665)

 + Ensure user and tenant enabled in EC2 (CVE-2013-0282)

 - Update to version 2012.2.4+git.1360133921.82c87e5 :

 + Bump version to 2012.2.4

 + Add size validations for /tokens. (CVE-2013-0247)

 - Update to version 2012.2.3+git.1359550485.ec7b94d :

 + Test 0.2.0 keystoneclient to avoid new deps

 + Unparseable endpoint URL's should raise friendly error

 + Fix catalog when services have no URL

 + Render content-type appropriate 404 (bug 1089987)

 - fix last commit's hash tag in Version

Changes in openstack-nova :

 - Add quotas for fixed ips. (CVE-2013-1838)

 - Update to version 2012.2.3+git.1358515929.3545a7d :

 + Add NFS to the libvirt volume driver list

 + Call plug_vifs() for all instances in init_host

 + Fix addition of CPU features when running against legacy libvirt

 + Fix typo in resource tracker audit message

 - Move back to 'git_tarballs' source service.

 - Start using obs-service-github_tarballs

 - Update to version 2012.2.3+git.1358434328.a41b913 :

 + Provide better error message for aggregate-create

 + Fix errors in used_limits extension

 + Add an iptables mangle rule per-bridge for DHCP.

 + Limit formatting routes when adding resources

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Install polkit rules file in /usr/share/polkit-1/rules.d/ since it's not a configuration file, and use 10 instead of 50 as priority to make sure it is taken into account.

 - Update to version 2012.2.4+git.1362583574.da38af5 :

 + VNC Token Validation (CVE-2013-0335)

 - Update to version 2012.2.4+git.1362502642.8c4df00 :

 + Ensure we add a new line when appending to rc.local

 + Handle compute node not available for live migration

 + remove intermediate libvirt downloaded images

 - Add openstack-nova-polkit.rules: polkit rules for the new polkit that uses JavaScript. On openSUSE 12.3 and later, we install this file in /etc/polkit-1/rules.d/ instead of installing the pkla file which is of no use with the new polkit.

 - Update to version 2012.2.4+git.1361527907.d5e7f55 :

 + Avoid stuck task_state on snapshot image failure

 + Add a safe_minidom_parse_string function.
 (CVE-2013-1664)

 + Enable libvirt to work with NoopFirewallDriver

 + Fix state sync logic related to the PAUSED VM state

 + libvirt: Fix nova-compute start when missing ip.

 - Update to version 2012.2.4+git.1360133953.e5d0f4b :

 + Final versioning for 2012.2.3

 + Bump version to 2012.2.4

 - Update to version 2012.2.3+git.1359529791.317cc0a :

 + remove session parameter from fixed_ip_get

 + Eliminate race conditions in floating association

 + Fix to include error message in instance faults

 + disallow boot from volume from specifying arbitrary volumes (CVE-2013-0208)

 - Update to version 2012.2.3+git.1359111576.03c3e9b :

 + Ensure that Quantum uses configured fixed IP

 + Makes sure compute doesn't crash on failed resume.

 - Update to version 2012.2.3+git.1358515929.3545a7d :

 + Add NFS to the libvirt volume driver list

 + Call plug_vifs() for all instances in init_host

 + Fix addition of CPU features when running against legacy libvirt

 + Fix typo in resource tracker audit message

 - Move back to 'git_tarballs' source service.

 - Start using obs-service-github_tarballs

 - Update to version 2012.2.3+git.1358434328.a41b913 :

 + Provide better error message for aggregate-create

 + Fix errors in used_limits extension

 + Add an iptables mangle rule per-bridge for DHCP.

 + Limit formatting routes when adding resources

Changes in openstack-quantum :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update to version 2012.2.4+git.1362583635.f94b149 :

 + L3 port delete prevention: do not raise if no IP on port

 - Update to version 2012.2.4+git.1362504084.06e42f8 :

 + Close file descriptors when executing sub-processes

 + Persist updated expiration time

 - Update to version 2012.2.4+git.1361527969.4de49b4 :

 + only destroy single namespace if router_id is set

 + Enable OVS and NETNS utilities to perform logging

 + Disable dhcp_domain distribution when dhcp_domain is empty

 + Shorten the DHCP default resync_interval

 - Update to version 2012.2.4+git.1360134016.d2a85e6 :

 + Final versioning for 2012.2.3

 + Bump version to 2012.2.4

 - Update to version 2012.2.3+git.1359529852.a84ba7e :

 + Regression caused by commit b56c2c998

 + LinuxBridge: update status according to admin_state_up

 + Ensure that correct root helper is used

Changes in openstack-quickstart :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update to latest git (cb0fbe8) :

 + Enalbe Cinder and Swift Service endpoints

 + Setup Cinder properly

 - Update to latest git (95d7088) :

 + Fill in values in the cinder/api-paste.ini templatae

Changes in openstack-swift :

 - Update to version 1.7.4.1+git.1359529903.0ce3e1d :

 + Use pypi for python-swiftclient dependency.

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update to version 1.7.4.1+git.1359529903.0ce3e1d :

 + Use pypi for python-swiftclient dependency.

Changes in python-cinderclient :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Add compat-newer-requests.patch: take patches from upstream to allow working with newer versions of python-requests.

Changes in python-django_openstack_auth :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Update to version 1.0.6 :

 + Fix compatibility with keystoneclient v0.2.

 - Changes from version 1.0.5 :

 + Improves error handling; fixes failing test.

Changes in python-keystoneclient :

 - Update 12.3 packages to Folsom as of March 5th. This comes with· security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278.

 - Add compat-newer-requests.patch: take patches from upstream to allow working with newer versions of python-requests.

Solution

Update the affected openstack packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=802278

https://bugzilla.novell.com/show_bug.cgi?id=808622

https://bugzilla.novell.com/show_bug.cgi?id=808626

Plugin Details

Severity: Medium

ID: 74936

File Name: openSUSE-2013-237.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-keystone, p-cpe:/a:novell:opensuse:python-keystoneclient, p-cpe:/a:novell:opensuse:python-keystoneclient-test, p-cpe:/a:novell:opensuse:openstack-cinder, p-cpe:/a:novell:opensuse:openstack-cinder-api, p-cpe:/a:novell:opensuse:openstack-cinder-scheduler, p-cpe:/a:novell:opensuse:openstack-cinder-test, p-cpe:/a:novell:opensuse:openstack-cinder-volume, p-cpe:/a:novell:opensuse:openstack-dashboard, p-cpe:/a:novell:opensuse:openstack-dashboard-test, p-cpe:/a:novell:opensuse:openstack-glance, p-cpe:/a:novell:opensuse:openstack-glance-test, p-cpe:/a:novell:opensuse:openstack-keystone, p-cpe:/a:novell:opensuse:openstack-keystone-test, p-cpe:/a:novell:opensuse:openstack-nova, p-cpe:/a:novell:opensuse:openstack-nova-api, p-cpe:/a:novell:opensuse:openstack-nova-cert, p-cpe:/a:novell:opensuse:openstack-nova-compute, p-cpe:/a:novell:opensuse:openstack-nova-network, p-cpe:/a:novell:opensuse:openstack-nova-novncproxy, p-cpe:/a:novell:opensuse:openstack-nova-objectstore, p-cpe:/a:novell:opensuse:openstack-nova-scheduler, p-cpe:/a:novell:opensuse:openstack-nova-test, p-cpe:/a:novell:opensuse:openstack-nova-vncproxy, p-cpe:/a:novell:opensuse:openstack-nova-volume, p-cpe:/a:novell:opensuse:openstack-quantum, p-cpe:/a:novell:opensuse:openstack-quantum-test, p-cpe:/a:novell:opensuse:openstack-quickstart, p-cpe:/a:novell:opensuse:openstack-swift, p-cpe:/a:novell:opensuse:openstack-swift-account, p-cpe:/a:novell:opensuse:openstack-swift-container, p-cpe:/a:novell:opensuse:openstack-swift-object, p-cpe:/a:novell:opensuse:openstack-swift-proxy, p-cpe:/a:novell:opensuse:openstack-swift-test, p-cpe:/a:novell:opensuse:python-cinder, p-cpe:/a:novell:opensuse:python-cinderclient, p-cpe:/a:novell:opensuse:python-cinderclient-test, p-cpe:/a:novell:opensuse:python-django_openstack_auth, p-cpe:/a:novell:opensuse:python-glance, p-cpe:/a:novell:opensuse:python-horizon, p-cpe:/a:novell:opensuse:python-nova, p-cpe:/a:novell:opensuse:python-quantum, p-cpe:/a:novell:opensuse:python-swift, cpe:/o:novell:opensuse:12.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/15/2013

Reference Information

CVE: CVE-2013-0208, CVE-2013-0212, CVE-2013-0247, CVE-2013-0282, CVE-2013-0335, CVE-2013-1664, CVE-2013-1665, CVE-2013-1838, CVE-2013-1840