UbuntuUpdates.org

Package "nova-novncproxy"

Name: nova-novncproxy

Description:

OpenStack Compute - NoVNC proxy

Latest version: 2:17.0.13-0ubuntu5.3
Release: bionic (18.04)
Level: security
Repository: universe
Head package: nova
Homepage: http://launchpad.net/nova

Links


Download "nova-novncproxy"


Other versions of "nova-novncproxy" in Bionic

Repository Area Version
base universe 2:17.0.1-0ubuntu1
updates universe 2:17.0.13-0ubuntu5.4

Changelog

Version: 2:17.0.13-0ubuntu5.3 2023-02-13 12:07:00 UTC

  nova (2:17.0.13-0ubuntu5.3) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2015-9543.patch: Mask the token used to allow
      access to consoles
    - CVE-2015-9543
  * SECURITY UPDATE: machine takeover vulnerability
    - debian/patches/CVE-2020-17376.patch: libvirt: Provide
      VIR_MIGRATE_PARAM_PERSIST_XML during live migration
    - CVE-2020-17376
  * SECURITY UPDATE: open redirect vulnerability
    - debian/patches/CVE-2021-3654-*.patch: Reject open redirection in the
      console proxy
    - CVE-2021-3654

 -- Nishit Majithia <email address hidden> Fri, 10 Feb 2023 14:20:43 +0530

Source diff to previous version
CVE-2015-9543 An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. A
CVE-2020-17376 An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a so
CVE-2021-3654 A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Version: 2:17.0.13-0ubuntu5.2 2023-02-09 15:07:00 UTC

  nova (2:17.0.13-0ubuntu5.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access
    - debian/patches/CVE-2022-47951.patch: Check VMDK create-type
      against an allowed list.
    - CVE-2022-47951

 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 08:21:41 -0500

Source diff to previous version
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:17.0.10-0ubuntu2.1 2019-08-19 23:07:15 UTC

  nova (2:17.0.10-0ubuntu2.1) bionic-security; urgency=medium

  [ Sahid Orentino Ferdjaoui ]
  * SECURITY UPDATE: ensure underlying environment details not leaked in
    server fault
    - d/p/CVE-2019-14433.patch: replace non-admin server fault message
      with exception type class name in nova/compute/utils.py.
    - CVE-2019-14433

 -- Steve Beattie <email address hidden> Mon, 12 Aug 2019 17:34:12 -0700

CVE-2019-14433 An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user en



About   -   Send Feedback to @ubuntu_updates