CVE-2015-7944

NameCVE-2015-7944
DescriptionThe RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3431-1
NVD severitymedium
Debian Bugs809537

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ganeti (PTS)stretch2.15.2-7+deb9u3fixed
buster2.16.0-5fixed
bullseye, sid3.0.0~rc1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ganetisourcesqueeze(unfixed)end-of-life
ganetisourcewheezy2.5.2-1+deb7u1DSA-3431-1
ganetisourcejessie2.12.4-1+deb8u2DSA-3431-1
ganetisource(unstable)2.15.2-1809537

Notes

[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
http://www.ocert.org/advisories/ocert-2015-012.html
http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c

Search for package or bug name: Reporting problems