openSUSE Security Update: update for python-apache-libcloud ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0198-1 Rating: moderate References: #857209 Cross-References: CVE-2013-6480 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Updated to 0.13.3 (bnc#857209, CVE-2013-6480) + Security fix release, for destroying nodes on digitalOcean 'data_scrub' method is always invoked - Require python-setuptools instead of distribute (upstreams merged) - Updated to 0.13.2 - General: - Don't sent Content-Length: 0 header with POST and PUT request if "raw" mode is used. This fixes a regression which could cause broken behavior in some storage driver when uploading a file from disk. - Compute: - Added Ubuntu Linux 12.04 image to ElasticHost driver image list. (LIBCLOUD-364) - Update ElasticHosts driver to store drive UUID in the node 'extra' field. (LIBCLOUD-357) - Storage: - Store last_modified timestamp in the Object extra dictionary in the S3 driver. (LIBCLOUD-373) - Load Balancer: - Expose CloudStack driver directly through the Provider.CLOUDSTACK constant. - DNS: - Modify Zerigo driver to include record TTL in the record 'extra' attribute if a record has a TTL set. - Modify values in the Record 'extra' dictionary attribute in the Zerigo DNS driver to be set to None instead of an empty string ('') if a value for the provided key is not set. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-112 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (noarch): python-apache-libcloud-0.13.3-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-6480.html https://bugzilla.novell.com/857209