• [SECURITY] [DSA 5337-1] nova security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Feb 1 19:50:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5337-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nova
    CVE ID : CVE-2022-47951
    Debian Bug : 1029561

    Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
    discovered that missing input sanitising in the handling of VMDK images
    in OpenStack Compute (codenamed Nova) may result in information
    disclosure.

    For the stable distribution (bullseye), this problem has been fixed in
    version 2:22.0.1-2+deb11u1.

    We recommend that you upgrade your nova packages.

    For the detailed security status of nova please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/nova

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParscACgkQEMKTtsN8 Tja1gg/+MkwvOlll4HJexIgD7/wK5QD7R+1gTHJ77ywF5JP8udygdAtC7BxxmxAe jlnUfDwlN5rwvZI9PR6JjedwLx7r7urckUNNaRHz9ZZdRm7n1S+3YX4Am5d7V3Dw z54NQ27GvBVoi7TTBoxDHmVZ2kX95EJYMMhGbyc1SiQx3Eg37iZII11f0CQG1Vrh E6al8u19qMK/dUqmw4mPB0duUjSBK3b8wcXdgNtZP5H/rIJOfMZqaXNZUCs78zAP jDAm2BcUljOpeW/RbkwjvZMWxIZdWS8XF1iWMqeDAJxBeU39VgOIQ6c0djCK3PZs cSUbT3NHJZW7okyxqqEXrGbvnJgaO0PZqIcWpatDV6s1mScWbmkT2sAQjKLlo7kD rPFVP8DzLstE+jqIzmT1dKK8X3hmIW7k6exCQINSoPIZco2tyHFrlyb42hTJIYpQ LNZoEavRzH6ZYXTytvr89ldJ5w/pdtyf3S2DCkW+H4qXz03q9GyAHZN3eNMkhKmy S11/JV3GC1nL+9obCIb8PqFF075vYp0EnKsEXmyi6KL9GK6bR82i9ePo6n3eNM8+ FxPRcCv8gzbWLg+pC7hrclS231C6SsDbVlYIbZBc0O4Kc8PkcnBVcjLJ71eXCIkQ esZqWjnOYEshDfzG3xbWiiVOgGv0ypsB9GhKGcPGHRHEAn1k25k=
    =U5a0
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)