UbuntuUpdates.org

Package "nova-api-metadata"

Name: nova-api-metadata

Description:

OpenStack Compute - metadata API frontend
Latest version: 2:17.0.13-0ubuntu5.4
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: nova
Homepage: http://launchpad.net/nova

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "nova-api-metadata"

All arch deb package
APT INSTALL

Other versions of "nova-api-metadata" in Bionic

Repository Area Version
base universe 2:17.0.1-0ubuntu1
security universe 2:17.0.13-0ubuntu5.3

Changelog

Version: 2:17.0.13-0ubuntu5.4 2023-05-31 13:07:22 UTC

  nova (2:17.0.13-0ubuntu5.4) bionic; urgency=medium

  * Update keypairs when saving an instance (LP: #1843708)
    - d/p/objects-Update-keypairs-when-saving-an-instance.patch

 -- Zhang Hua <email address hidden> Thu, 27 Apr 2023 04:21:53 +0800
Source diff to previous version

Version: 2:17.0.13-0ubuntu5.3 2023-02-13 14:07:05 UTC

  nova (2:17.0.13-0ubuntu5.3) bionic-security; urgency=medium

  * SECURITY UPDATE: information disclosure vulnerability
    - debian/patches/CVE-2015-9543.patch: Mask the token used to allow
      access to consoles
    - CVE-2015-9543
  * SECURITY UPDATE: machine takeover vulnerability
    - debian/patches/CVE-2020-17376.patch: libvirt: Provide
      VIR_MIGRATE_PARAM_PERSIST_XML during live migration
    - CVE-2020-17376
  * SECURITY UPDATE: open redirect vulnerability
    - debian/patches/CVE-2021-3654-*.patch: Reject open redirection in the
      console proxy
    - CVE-2021-3654

 -- Nishit Majithia <email address hidden> Fri, 10 Feb 2023 14:20:43 +0530
Source diff to previous version
CVE-2015-9543 An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. A
CVE-2020-17376 An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a so
CVE-2021-3654 A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Version: 2:17.0.13-0ubuntu5.2 2023-02-09 15:07:02 UTC

  nova (2:17.0.13-0ubuntu5.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access
    - debian/patches/CVE-2022-47951.patch: Check VMDK create-type
      against an allowed list.
    - CVE-2022-47951

 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 08:21:41 -0500
Source diff to previous version
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:17.0.13-0ubuntu5 2022-10-05 06:06:25 UTC

  nova (2:17.0.13-0ubuntu5) bionic; urgency=medium

  * Fixes API to disallow source compute service/node deletion while instances
    are pending a resize confirm/revert (LP: #1852610).
   - d/p/0001-lp1852610_Add_functional_recreate_test_for_bug_1829479_and_bug_1817833.patch
   - d/p/0002-lp1852610_Add_functional_recreate_test_for_bug_1852610.patch
   - d/p/0003-lp1852610_Add_functional_recreate_revert_resize_test_for_bug_1852610.patch
   - d/p/0004-lp1852610_api_allows_source_compute_service.patch

 -- Brett Milford <email address hidden> Thu, 23 Jun 2022 16:41:00 +1000
Source diff to previous version
1852610 [SRU] API allows source compute service/node deletion while instances are pending a resize confirm/revert

Version: 2:17.0.13-0ubuntu4 2021-10-20 22:06:22 UTC

  nova (2:17.0.13-0ubuntu4) bionic; urgency=medium

  * d/p/libvirt-Ignore-DiskNotFound-during-update_available.patch: Ignore
    DiskNotFound during update_available_resource (LP: #1774249).

 -- Alin-Gabriel Serdean <email address hidden> Tue, 21 Sep 2021 18:29:56 +0000


About   -   Send Feedback to @ubuntu_updates