UbuntuUpdates.org

Package "cinder-common"

Name: cinder-common

Description:

Cinder storage service - common files

Latest version: 1:2014.1.3-0ubuntu1.1
Release: trusty (14.04)
Level: security
Repository: main
Head package: cinder
Homepage: http://launchpad.net/cinder

Links


Download "cinder-common"


Other versions of "cinder-common" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
updates main 1:2014.1.5-0ubuntu2.2

Changelog

Version: 1:2014.1.3-0ubuntu1.1 2014-11-11 20:06:28 UTC

  cinder (1:2014.1.3-0ubuntu1.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [7eef596] Refuse invalid qcow2 backing files
      + CVE-2014-3641
      + LP: #1350504
    - [ec249ee] Sync latest process and str utils from oslo
      + CVE-2014-7230
      + LP: #1343604
 -- Marc Deslauriers <email address hidden> Tue, 21 Oct 2014 12:02:55 -0400

Source diff to previous version
1350504 [OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)
1343604 Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)
CVE-2014-3641 The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cind
CVE-2014-7230 The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users

Version: 1:2014.1-0ubuntu1.1 2014-06-18 18:06:43 UTC

  cinder (1:2014.1-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: specify /etc/cinder/rootwrap.conf for use with
    cinder-rootwrap
    - CVE-2013-1068 (LP: #1185019)
 -- Jamie Strandboge <email address hidden> Mon, 09 Jun 2014 09:45:12 -0500

CVE-2013-1068 RESERVED



About   -   Send Feedback to @ubuntu_updates