Debian Bug report logs -
#684256
CVE-2012-3447: file injection writing to host filesystem
Reported by: Thomas Goirand <zigo@debian.org>
Date: Wed, 8 Aug 2012 04:21:02 UTC
Severity: critical
Found in version 2012.1.1-5
Fixed in version nova/2012.1.1-6
Done: Thomas Goirand <zigo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, PKG OpenStack <openstack-devel@lists.alioth.debian.org>:
Bug#684256; Package nova.
(Wed, 08 Aug 2012 04:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Goirand <zigo@debian.org>:
New Bug report received and forwarded. Copy sent to PKG OpenStack <openstack-devel@lists.alioth.debian.org>.
(Wed, 08 Aug 2012 04:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: nova
Version: 2012.1.1-5
Severity: critical
As the subject says, nova currently suffers from CVE-2012-3447.
Patch is already on the way, and I hope to upload the fix today.
Thomas Goirand (zigo)
Reply sent
to Thomas Goirand <zigo@debian.org>:
You have taken responsibility.
(Wed, 08 Aug 2012 04:51:07 GMT) (full text, mbox, link).
Notification sent
to Thomas Goirand <zigo@debian.org>:
Bug acknowledged by developer.
(Wed, 08 Aug 2012 04:51:07 GMT) (full text, mbox, link).
Message #10 received at 684256-close@bugs.debian.org (full text, mbox, reply):
Source: nova
Source-Version: 2012.1.1-6
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 684256@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <zigo@debian.org> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 07 Aug 2012 05:12:35 +0000
Source: nova
Binary: python-nova nova-common nova-compute nova-compute-lxc nova-compute-uml nova-compute-xen nova-compute-qemu nova-compute-kvm nova-scheduler nova-volume nova-api nova-network nova-objectstore nova-console nova-cert nova-xcp-plugins nova-xcp-network nova-doc nova-xvpvncproxy nova-api-metadata nova-api-os-compute nova-api-os-volume nova-api-ec2
Architecture: source all
Version: 2012.1.1-6
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-devel@lists.alioth.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
nova-api - OpenStack Compute - compute API frontend
nova-api-ec2 - OpenStack Compute - EC2 API frontend
nova-api-metadata - OpenStack Compute - metadata API frontend
nova-api-os-compute - OpenStack Compute - compute API frontend
nova-api-os-volume - OpenStack Compute - Volume API frontend
nova-cert - OpenStack Compute - certificate manager
nova-common - OpenStack Compute - common files
nova-compute - OpenStack Compute - compute node
nova-compute-kvm - OpenStack Compute - compute node (KVM)
nova-compute-lxc - OpenStack Compute - compute node (LXC)
nova-compute-qemu - OpenStack Compute - compute node (QEmu)
nova-compute-uml - OpenStack Compute - compute node (UserModeLinux)
nova-compute-xen - OpenStack Compute - compute node (Xen)
nova-console - OpenStack Compute - console
nova-doc - OpenStack Compute - documentation
nova-network - OpenStack Compute - network manager
nova-objectstore - OpenStack Compute - object store
nova-scheduler - OpenStack Compute - virtual machine scheduler
nova-volume - OpenStack Compute - storage
nova-xcp-network - OpenStack Compute network plugin for the Xen Cloud Platform
nova-xcp-plugins - OpenStack Compute plugin for the Xen Cloud Platform
nova-xvpvncproxy - OpenStack Compute - XVP VNC proxy
python-nova - OpenStack Compute - libraries
Closes: 684256
Changes:
nova (2012.1.1-6) unstable; urgency=high
.
* CVE-2012-3447: file injection writing to host filesystem (Closes: #684256).
Checksums-Sha1:
b8f31eb5db461420e87547120383aff7ab3f82c8 3069 nova_2012.1.1-6.dsc
742ac42a9176be7125096d5971c6d05eb9615b02 55868 nova_2012.1.1-6.debian.tar.gz
a80c88b15a4f2dbc763c6be5b7c849290acdad05 1776772 python-nova_2012.1.1-6_all.deb
6a19d5dc0cb68c9c6a4029a628acaa245acc4a41 39826 nova-common_2012.1.1-6_all.deb
0dd82239fab4ba9c666e1f470d539e09cb6f0ac6 16554 nova-compute_2012.1.1-6_all.deb
9aa00f74a841e665b8be99d9a42ed889ff84637a 11696 nova-compute-lxc_2012.1.1-6_all.deb
adca1d53e31a5ad538dac466911bed3e4d2c6aae 11710 nova-compute-uml_2012.1.1-6_all.deb
d91ce4ccb26b2cf941d53f614bcaec1b21c65715 15448 nova-compute-xen_2012.1.1-6_all.deb
5fb90807bcf223640f4e496f89c37fed09c49c86 11618 nova-compute-qemu_2012.1.1-6_all.deb
71e4ee03384614d60a395e6a14944bbea7db61e3 11700 nova-compute-kvm_2012.1.1-6_all.deb
486748e732d3bdaa9f0e15bf6f066357a5df887a 14186 nova-scheduler_2012.1.1-6_all.deb
3d23f647404dbd039172c26241f3ec2316bf5767 15096 nova-volume_2012.1.1-6_all.deb
7760b00331ba5ad7f1f897d2721cf8e6042f41d5 14082 nova-api_2012.1.1-6_all.deb
90e93f438b0d0f34fd90efd73a935c48d87aac33 16994 nova-network_2012.1.1-6_all.deb
bc314cad577de9a74c80f78ede622b11ac1b3884 14286 nova-objectstore_2012.1.1-6_all.deb
a46280f0b046b3f20893c9afabaf6bbfb71f5e71 14788 nova-console_2012.1.1-6_all.deb
c498a1c0d4290a104fe8ebe7d7449458dcbd5082 14148 nova-cert_2012.1.1-6_all.deb
3d9d42680270bbab9e6f3ae96e354b09a702a8b0 34140 nova-xcp-plugins_2012.1.1-6_all.deb
df4f3437380b0197ee60b1d0ace35f9f616eb3c1 18810 nova-xcp-network_2012.1.1-6_all.deb
86ce5ba15ad43967077b201449d64fce3e499be0 1711674 nova-doc_2012.1.1-6_all.deb
dbf8f4e24cfe73dab108e59da26e18bce460a30e 14080 nova-xvpvncproxy_2012.1.1-6_all.deb
7c7fa0564f56da600f6ae0dd4441623c561a9307 13988 nova-api-metadata_2012.1.1-6_all.deb
da4566516a16ded94008011a2d039be3986b4b51 13988 nova-api-os-compute_2012.1.1-6_all.deb
2f08c20ee230cb559c9cbd11ec259c9ca65a82dd 13998 nova-api-os-volume_2012.1.1-6_all.deb
77386cc55d85cf0b64b32d72ce0bd3e0b9f0bbeb 13960 nova-api-ec2_2012.1.1-6_all.deb
Checksums-Sha256:
860b339c2c07afc2b1638c7d415fb71fb9c220ca3f501da8c2da30d8d624ae7f 3069 nova_2012.1.1-6.dsc
d09a18d01146ae2f95beb7350cf546915cd2f17ac991ced620d62cd92115548b 55868 nova_2012.1.1-6.debian.tar.gz
6fe422d698d47700a54dd75576218677536a8b876ebbe548571f6d14b63e57dc 1776772 python-nova_2012.1.1-6_all.deb
441ba5f32bbc8fc458d9611b0d41e6a80698f3a2e9d4e67bfbf3541e4720d027 39826 nova-common_2012.1.1-6_all.deb
06b44f56411c4d697b449a8cfe87cdbbb5e3af719108a3d4ae18e89797bfecba 16554 nova-compute_2012.1.1-6_all.deb
b4a1124195839a4224e057c768f9505132f9a119299b9b52a785fe8ad008dd89 11696 nova-compute-lxc_2012.1.1-6_all.deb
5705b6ed592a7c4abd5ec8c198ee1d30a70d4ec6e8662d8953a2a835b066476a 11710 nova-compute-uml_2012.1.1-6_all.deb
589aaf6137c2f84f4cc9cabd9cfd102339a08ebda1257f096a08135035505b92 15448 nova-compute-xen_2012.1.1-6_all.deb
316f1e12d54fd2f92041e3739062a3aeb22fa1422baa20f1c43a89c109cbe07a 11618 nova-compute-qemu_2012.1.1-6_all.deb
806ba47eaf6f046874bacbc5c4aa07e683daea58593e2c1a0034e847745185a7 11700 nova-compute-kvm_2012.1.1-6_all.deb
bce83607e0e5e92929ecacc28e87003c6abec987dbee99bdaa3478eacee24842 14186 nova-scheduler_2012.1.1-6_all.deb
ae2402f6c557c478f7e2889e8790fca2ba7b9e5693a304ec55ab9363a13d1275 15096 nova-volume_2012.1.1-6_all.deb
9ca8337b6733fb3400e2ca90170dfbcb3a4c1b3e54b47e42735bdf5e7f04d13d 14082 nova-api_2012.1.1-6_all.deb
0b091fe6eaf79e25d9fed8a02f273804f6298376f2237a22644ae3bedfa2f726 16994 nova-network_2012.1.1-6_all.deb
0d1c85776647d35846f22fcf039dc8abc22a8b5dbd0d2a58af351a6a4459fe81 14286 nova-objectstore_2012.1.1-6_all.deb
d4ff92f8e1ce9b3f4cabe829c872979b08e4a6cff5e5719539cba5b2c60699e3 14788 nova-console_2012.1.1-6_all.deb
9442ba46df6c358fd588460a00ff7cf1de8b878f2140638d8cfefdbe9777452e 14148 nova-cert_2012.1.1-6_all.deb
921bded17a4910fc846cdf9b6ce2609313bc9cb808b40c9a2bdb6cab3d115de4 34140 nova-xcp-plugins_2012.1.1-6_all.deb
cfa43a2988a2a54d22bd12693ef4cca3671f72b3529caa614fbaa3e2300802fe 18810 nova-xcp-network_2012.1.1-6_all.deb
5dc9ed56f2561d6e9a9f5d32d853bb9df934cdd09b727c6cd61c519bfe24000f 1711674 nova-doc_2012.1.1-6_all.deb
2aed4869b26d9d4d7352af07a65b5d03f80f795953700ae9b49deabdbf1ce888 14080 nova-xvpvncproxy_2012.1.1-6_all.deb
cb93c9c17dbb3e27190b41fde67d0b9d9f5282decadd18aff60abf8b33c00944 13988 nova-api-metadata_2012.1.1-6_all.deb
e98297262c4276e209634edadfbe5079de0d89e36ee43da05095435617b5fe5a 13988 nova-api-os-compute_2012.1.1-6_all.deb
c0e94a00b14d620f75ce069b6c9c84564b7788453f6856e2c68c762747e763d6 13998 nova-api-os-volume_2012.1.1-6_all.deb
eee7c608c25afe12bb7c807fc3fe2ab6f7d33dad28623f1e032e892490192fbc 13960 nova-api-ec2_2012.1.1-6_all.deb
Files:
c8b9f57a1038227f91a55650a2f37eeb 3069 net extra nova_2012.1.1-6.dsc
8ef37b3af3bbd367446e75a008b10942 55868 net extra nova_2012.1.1-6.debian.tar.gz
f07f70daf356d308a51a684267c441dc 1776772 python extra python-nova_2012.1.1-6_all.deb
120152d6239077f1d11eb15f337f4768 39826 net extra nova-common_2012.1.1-6_all.deb
54ea196876196147e644cd7ba532aac7 16554 net extra nova-compute_2012.1.1-6_all.deb
bc0663af2ecab678235664729dd92009 11696 net extra nova-compute-lxc_2012.1.1-6_all.deb
91347499db4696fef95ac42db8b34c61 11710 net extra nova-compute-uml_2012.1.1-6_all.deb
3614868952773ecc1a360ac35f19571a 15448 net extra nova-compute-xen_2012.1.1-6_all.deb
560f31dfab3e9d67a8239253cf784eba 11618 net extra nova-compute-qemu_2012.1.1-6_all.deb
a87a7989276a8a5dc21d0c98cb04ddb6 11700 net extra nova-compute-kvm_2012.1.1-6_all.deb
9ad86cf2ff010be9b6134110cc9b203e 14186 net extra nova-scheduler_2012.1.1-6_all.deb
81fdd01493bccd30ebec28323e77cff3 15096 net extra nova-volume_2012.1.1-6_all.deb
a3afeaba1920d7c2407772257c390ba7 14082 net extra nova-api_2012.1.1-6_all.deb
de345130fc3503258e962ecce4786029 16994 net extra nova-network_2012.1.1-6_all.deb
146c302c34d55422e06c0c2abbec85c4 14286 net extra nova-objectstore_2012.1.1-6_all.deb
ad18ec7f5591bcffaac2eb72074c2719 14788 net extra nova-console_2012.1.1-6_all.deb
1115a4bd6cd9422032c6f76e8324cad0 14148 net extra nova-cert_2012.1.1-6_all.deb
77046e09b8dbb144577b053fa583392c 34140 net extra nova-xcp-plugins_2012.1.1-6_all.deb
df7598bfa5aeacd3176f9d303709c437 18810 net extra nova-xcp-network_2012.1.1-6_all.deb
544c5925e8c660bc037970eb921c6a50 1711674 doc extra nova-doc_2012.1.1-6_all.deb
773627a5dff97b892ec909104a9231a2 14080 net extra nova-xvpvncproxy_2012.1.1-6_all.deb
979d897c10fd51c7299ffbc00aa39f83 13988 net extra nova-api-metadata_2012.1.1-6_all.deb
e0a1093b9222fe0013d63de4c07b127d 13988 net extra nova-api-os-compute_2012.1.1-6_all.deb
ffc13f5c7d1165b1fa6076a6a4e790f9 13998 net extra nova-api-os-volume_2012.1.1-6_all.deb
d37f1a2c0a53712458f8b472f287d1af 13960 net extra nova-api-ec2_2012.1.1-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlAh7O0ACgkQl4M9yZjvmkkOOQCg0e632Qikgg2LAwNoZlhD7ulj
VtoAn0/e4bOkoCdkp4CPeD7AsX/yuBi+
=yLV2
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 26 Oct 2012 07:27:30 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:43:15 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon