[SECURITY] [DLA 3109-1] nova security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3109-1] nova security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 15 Sep 2022 09:43:09 +0200 (CEST)
Message-id: <[🔎] 20220915074309.D4FB22A0221@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3109-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 15, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : nova
Version        : 2:18.1.0-6+deb10u1
CVE ID         : CVE-2019-14433
Debian Bug     : 934114

It was found that authenticated users could trigger a fault in Nova, a
cloud computing fabric controller, to cause information leak.

In addition, this update includes some fixes for volume live migration,
as well as the addition of a /healthcheck URL for monitoring.

For Debian 10 buster, this problem has been fixed in version
2:18.1.0-6+deb10u1.

We recommend that you upgrade your nova packages.

For the detailed security status of nova please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nova

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmMi14oACgkQnUbEiOQ2
gwIFgA/+IurymzQ//A6Du09G67P3G9+dNxALBMouzYUBsMuldTsJOHEwn/vn3AOE
vsLDKAm0+PVx3UUvoFdC4xrJ34Byx437xb9nMSVaisC5JU8M/QV20HBtP/Vk89q2
OoTxsYJcVIFQZbnqeJuetcIzXaND0v9r3hsK+bCNYqbLzjLBZU1qMfJt9bJwv5lV
wlNqCR0QL/et4pKmoDjK9o097oH9eAVB3ilaI/Rx5P9agK9bgU0A7stZN782y0T9
4T0FEv4BMmBys6Qr+FeCVW+LEzHAUvdTAUmlChkbyX2r1Sa4TIYQgzKEIoWT1UB8
JRwqtx27alN9sVsy5Zt9PANveRNPJi4tVtilS4qQzn86e5LU+FePktwEvgoqYQPa
3cDItH11w6vV67ycx2mplAPih2u6h0BPBbfLG7x8RQTzC7eQVni4bZ1u5BK8evvj
UIa1VaEhvZmo/Vbg5DIo/fsTNEXJlskbZ5qbq60PjeUmC4C6whgRI4FCw/ipV1Am
9N8OCM1v15m6/+SFbNgO4vhCFHpIdyJ0I4KrYe8sQMqIEC2Y65fao8HLlNiMBsIO
pw4BeZL2gd+UwQyKqikroPStr/2Q2l22+4PFLPQn4Yb7hBkWpL9SSCZ8JuvOMpOc
kUhSuWnQKbU9ZMY7A/gayEclPgzODTDkKTvuriOUM+qvLbINdqw=
=1Krd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3108-1] pcs security update
Next by Date: [SECURITY] [DLA 3093-2] rails regression update
Previous by thread: [SECURITY] [DLA 3108-1] pcs security update
Next by thread: [SECURITY] [DLA 3093-2] rails regression update
Index(es):
- Date
- Thread