DSA-3431-2 ganeti -- ganetiID: oval:org.secpod.oval:def:602331 | Date: (C)2016-01-27 (M)2021-09-13 |
Class: PATCH | Family: unix |
The update for ganeti issued as DSA-3431-1 causes the gnt-instance info command to fail for all instances of type DRBD. Updated packages are now available to address this regression. For reference the original advisory text follows. Pierre Kim discovered two vulnerabilities in the restful API of Ganeti, a virtual server cluster management tool. SSL parameter negotiation could result in denial of service and the DRBD secret could leak.
Platform: |
Debian 8.x |
Debian 7.x |