The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
docs.ganeti.org/ganeti/2.10/html/news.html
docs.ganeti.org/ganeti/2.11/html/news.html
docs.ganeti.org/ganeti/2.12/html/news.html
docs.ganeti.org/ganeti/2.13/html/news.html
docs.ganeti.org/ganeti/2.14/html/news.html
docs.ganeti.org/ganeti/2.15/html/news.html
docs.ganeti.org/ganeti/2.9/html/news.html
packetstormsecurity.com/files/135101/Ganeti-Leaked-Secret-Denial-Of-Service.html
www.debian.org/security/2016/dsa-3431
www.ocert.org/advisories/ocert-2015-012.html
www.exploit-db.com/exploits/39169/