openSUSE Security Update : python-apache-libcloud (openSUSE-SU-2014:0198-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- Updated to 0.13.3 (bnc#857209, CVE-2013-6480)

+ Security fix release, for destroying nodes on
digitalOcean 'data_scrub' method is always invoked

- Require python-setuptools instead of distribute
(upstreams merged)

- Updated to 0.13.2

- General :

- Don't sent Content-Length: 0 header with POST and PUT
request if 'raw' mode is used. This fixes a regression
which could cause broken behavior in some storage driver
when uploading a file from disk.

- Compute :

- Added Ubuntu Linux 12.04 image to ElasticHost driver
image list. (LIBCLOUD-364)

- Update ElasticHosts driver to store drive UUID in the
node 'extra' field. (LIBCLOUD-357)

- Storage :

- Store last_modified timestamp in the Object extra
dictionary in the S3 driver. (LIBCLOUD-373)

- Load Balancer :

- Expose CloudStack driver directly through the
Provider.CLOUDSTACK constant.

- DNS :

- Modify Zerigo driver to include record TTL in the record
'extra' attribute if a record has a TTL set.

- Modify values in the Record 'extra' dictionary attribute
in the Zerigo DNS driver to be set to None instead of an
empty string ('') if a value for the provided key is not
set.

See also :

http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html
https://bugzilla.novell.com/show_bug.cgi?id=857209

Solution :

Update the affected python-apache-libcloud package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75250 ()

Bugtraq ID:

CVE ID: CVE-2013-6480

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now