Article <FUqlb-2IGE-3@gated-at.bofh.it>

Deutsch English Français Italiano
<FUqlb-2IGE-3@gated-at.bofh.it>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!fu-berlin.de!news.servidellagleba.it!bofh.it!news.nic.it!robomod
From: Moritz Muehlenhoff <jmm@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5337-1] nova security update
Date: Wed, 01 Feb 2023 19:50:01 +0100
Message-ID: <FUqlb-2IGE-3@gated-at.bofh.it>
X-Original-To: debian-security-announce@lists.debian.org
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Wed Feb  1 18:33:51 2023
Old-Return-Path: <jmm@seger.debian.org>
X-Amavis-Spam-Status: No, score=-111.588 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02,
	LDO_WHITELIST=-5, MONEY=0.5, PDS_BTC_ID=0.303, PGPSIGNATURE=-5,
	RCVD_IN_DNSWL_MED=-2.3, STOCKLIKE=1, USER_IN_DKIM_WELCOMELIST=-0.01,
	USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date
	:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=7XT1ugNVFjNhvcktmEJE9bwpG1wgOGwUqYwsgsVqCig=; b=Or
	uuGXUdTNMp77GHTSg9W+/wkxi9k61d0JgrdpnwXdM1sWHeDoAd1xSaFd3ilEqiWp0inriLv51XOnO
	ihpELiSPqaI/KDXOc9DIC/wzPbK8rGMojZ52/1mXEAnQrwvjmV7rP7ZHoqlesRB4ev+hluNJlVjiH
	f7b2yz292dCBH4sc7jHG4JqJRN4YmWyLEgQkfdnkwZSXAw5n6vSvc1eKlvgjAfzKrO2CFMrFei2JB
	L+Z6pOGgkqXwRcY8sT2KZGLLysW5yYWm6iJW7YlH+yV7ABkLbzpPEGltrA6SNkG8VCaGaYHh8ywTT
	izu3eEACSHVSeo3JPOCiYnTy3wkuVJvw==;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Debian: PGP check passed for security officers
Priority: urgent
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4237
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/Y9qwctI/R0t3Sjvr@seger.debian.org
Approved: robomod@news.nic.it
Lines: 48
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Wed, 1 Feb 2023 18:33:22 +0000
X-Original-Message-ID: <Y9qwctI/R0t3Sjvr@seger.debian.org>
Bytes: 4522

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5337-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 01, 2023                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nova
CVE ID         : CVE-2022-47951
Debian Bug     : 1029561

Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in OpenStack Compute (codenamed Nova) may result in information
disclosure.

For the stable distribution (bullseye), this problem has been fixed in
version 2:22.0.1-2+deb11u1.

We recommend that you upgrade your nova packages.

For the detailed security status of nova please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nova

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmParscACgkQEMKTtsN8
Tja1gg/+MkwvOlll4HJexIgD7/wK5QD7R+1gTHJ77ywF5JP8udygdAtC7BxxmxAe
jlnUfDwlN5rwvZI9PR6JjedwLx7r7urckUNNaRHz9ZZdRm7n1S+3YX4Am5d7V3Dw
z54NQ27GvBVoi7TTBoxDHmVZ2kX95EJYMMhGbyc1SiQx3Eg37iZII11f0CQG1Vrh
E6al8u19qMK/dUqmw4mPB0duUjSBK3b8wcXdgNtZP5H/rIJOfMZqaXNZUCs78zAP
jDAm2BcUljOpeW/RbkwjvZMWxIZdWS8XF1iWMqeDAJxBeU39VgOIQ6c0djCK3PZs
cSUbT3NHJZW7okyxqqEXrGbvnJgaO0PZqIcWpatDV6s1mScWbmkT2sAQjKLlo7kD
rPFVP8DzLstE+jqIzmT1dKK8X3hmIW7k6exCQINSoPIZco2tyHFrlyb42hTJIYpQ
LNZoEavRzH6ZYXTytvr89ldJ5w/pdtyf3S2DCkW+H4qXz03q9GyAHZN3eNMkhKmy
S11/JV3GC1nL+9obCIb8PqFF075vYp0EnKsEXmyi6KL9GK6bR82i9ePo6n3eNM8+
FxPRcCv8gzbWLg+pC7hrclS231C6SsDbVlYIbZBc0O4Kc8PkcnBVcjLJ71eXCIkQ
esZqWjnOYEshDfzG3xbWiiVOgGv0ypsB9GhKGcPGHRHEAn1k25k=
=U5a0
-----END PGP SIGNATURE-----