ganeti: multiple vulnerabilities
| Package(s): | ganeti | CVE #(s): | CVE-2015-7944 CVE-2015-7945 | ||||||||
| Created: | January 1, 2016 | Updated: | January 15, 2016 | ||||||||
| Description: | From the bug report: CVE-2015-7945: The distributed replicated storage (DRBD) secret is leaked by the RAPI interface when job results are requested. Leveraging on the knowledge of this secret, a malicious user who had already gained access to the storage network of the cluster can retrieve instance data more easily and reliably. CVE-2015-7944: The RAPI interface is also vulnerable to a DoS condition, triggered via SSL parameter renegotiation issued by a malicious client. The condition leads to resource exhaustion on the master node. | ||||||||||
| Alerts: |
| ||||||||||