it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5337-1] nova security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5337-1] nova security update
Date: Wed, 1 Feb 2023 18:33:22 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Y9qwctI/R0t3Sjvr AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=7XT1ugNVFjNhvcktmEJE9bwpG1wgOGwUqYwsgsVqCig=; b=Or uuGXUdTNMp77GHTSg9W+/wkxi9k61d0JgrdpnwXdM1sWHeDoAd1xSaFd3ilEqiWp0inriLv51XOnO ihpELiSPqaI/KDXOc9DIC/wzPbK8rGMojZ52/1mXEAnQrwvjmV7rP7ZHoqlesRB4ev+hluNJlVjiH f7b2yz292dCBH4sc7jHG4JqJRN4YmWyLEgQkfdnkwZSXAw5n6vSvc1eKlvgjAfzKrO2CFMrFei2JB L+Z6pOGgkqXwRcY8sT2KZGLLysW5yYWm6iJW7YlH+yV7ABkLbzpPEGltrA6SNkG8VCaGaYHh8ywTT izu3eEACSHVSeo3JPOCiYnTy3wkuVJvw==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 1 Feb 2023 18:33:51 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <ZK2eQ4zMXvD.A.IEH.PCr2jB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5337-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 01, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nova
CVE ID : CVE-2022-47951
Debian Bug : 1029561

Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in OpenStack Compute (codenamed Nova) may result in information
disclosure.

For the stable distribution (bullseye), this problem has been fixed in
version 2:22.0.1-2+deb11u1.

We recommend that you upgrade your nova packages.

For the detailed security status of nova please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nova

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParscACgkQEMKTtsN8
Tja1gg/+MkwvOlll4HJexIgD7/wK5QD7R+1gTHJ77ywF5JP8udygdAtC7BxxmxAe
jlnUfDwlN5rwvZI9PR6JjedwLx7r7urckUNNaRHz9ZZdRm7n1S+3YX4Am5d7V3Dw
z54NQ27GvBVoi7TTBoxDHmVZ2kX95EJYMMhGbyc1SiQx3Eg37iZII11f0CQG1Vrh
E6al8u19qMK/dUqmw4mPB0duUjSBK3b8wcXdgNtZP5H/rIJOfMZqaXNZUCs78zAP
jDAm2BcUljOpeW/RbkwjvZMWxIZdWS8XF1iWMqeDAJxBeU39VgOIQ6c0djCK3PZs
cSUbT3NHJZW7okyxqqEXrGbvnJgaO0PZqIcWpatDV6s1mScWbmkT2sAQjKLlo7kD
rPFVP8DzLstE+jqIzmT1dKK8X3hmIW7k6exCQINSoPIZco2tyHFrlyb42hTJIYpQ
LNZoEavRzH6ZYXTytvr89ldJ5w/pdtyf3S2DCkW+H4qXz03q9GyAHZN3eNMkhKmy
S11/JV3GC1nL+9obCIb8PqFF075vYp0EnKsEXmyi6KL9GK6bR82i9ePo6n3eNM8+
FxPRcCv8gzbWLg+pC7hrclS231C6SsDbVlYIbZBc0O4Kc8PkcnBVcjLJ71eXCIkQ
esZqWjnOYEshDfzG3xbWiiVOgGv0ypsB9GhKGcPGHRHEAn1k25k=
=U5a0
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5337-1] nova security update, Moritz Muehlenhoff, 01.02.2023

Archiv bereitgestellt durch MHonArc 2.6.24.