Difference between revisions of "SecurityAdvisories/Folsom"
m (Text replace - "__NOTOC__" to "") |
(→Folsom Security Advisories) |
||
| Line 9: | Line 9: | ||
| Title | | Title | ||
| Impact | | Impact | ||
| + | |} | ||
| + | |||
| + | == Fixed in 2012.2.4 == | ||
| + | |||
| + | See [[ReleaseNotes/2012.2.4]] | ||
| + | |||
| + | {| border="1" cellpadding="2" cellspacing="0" | ||
| + | | Product | ||
| + | | Date | ||
| + | | Openstack Security Advisory | ||
| + | | CVE Number | ||
| + | | Title | ||
| + | | Impact | ||
| + | |- | ||
| + | | Keystone | ||
| + | | February 5, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html 2013-003] | ||
| + | | [https://bugs.launchpad.net/keystone/+bug/1098307 2013-0247] | ||
| + | | Keystone denial of service through invalid token requests | ||
| + | | | ||
| + | |- | ||
| + | | Nova, Cinder, Keystone | ||
| + | | February 19, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html 2013-004] | ||
| + | | [https://bugs.launchpad.net/nova/+bug/1100282 2013-1664, 2013-1665] | ||
| + | | Information leak and Denial of Service using XML entities | ||
| + | | | ||
| + | |- | ||
| + | | Keystone | ||
| + | | February 19, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html 2013-005] | ||
| + | | [https://bugs.launchpad.net/keystone/+bug/1121494 2013-0282] | ||
| + | | Keystone EC2-style authentication accepts disabled user/tenants | ||
| + | | | ||
| + | |- | ||
| + | | Nova | ||
| + | | February 26, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html 2013-006] | ||
| + | | [https://bugs.launchpad.net/nova/+bug/1125378 2013-0335] | ||
| + | | VNC proxy can connect to the wrong VM | ||
| + | | | ||
| + | |- | ||
| + | | Glance | ||
| + | | March 14, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html 2013-007] | ||
| + | | [https://bugs.launchpad.net/glance/+bug/1135541 2013-1840] | ||
| + | | Backend credentials leak in Glance v1 API | ||
| + | | | ||
| + | |- | ||
| + | | Nova | ||
| + | | March 14, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html 2013-008] | ||
| + | | [https://bugs.launchpad.net/nova/+bug/1125468 2013-1838] | ||
| + | | Nova DoS by allocating all Fixed IPs | ||
| + | | | ||
| + | |- | ||
| + | | Keystone | ||
| + | | March 20, 2013 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html 2013-009] | ||
| + | | [https://bugs.launchpad.net/keystone/folsom/+bug/1129713 2013-1865] | ||
| + | | Keystone PKI tokens online validation bypasses revocation check | ||
| + | | | ||
|} | |} | ||
Revision as of 00:20, 11 April 2013
Contents
Folsom Security Advisories
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Fixed in 2012.2.4
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | February 5, 2013 | 2013-003 | 2013-0247 | Keystone denial of service through invalid token requests | |
| Nova, Cinder, Keystone | February 19, 2013 | 2013-004 | 2013-1664, 2013-1665 | Information leak and Denial of Service using XML entities | |
| Keystone | February 19, 2013 | 2013-005 | 2013-0282 | Keystone EC2-style authentication accepts disabled user/tenants | |
| Nova | February 26, 2013 | 2013-006 | 2013-0335 | VNC proxy can connect to the wrong VM | |
| Glance | March 14, 2013 | 2013-007 | 2013-1840 | Backend credentials leak in Glance v1 API | |
| Nova | March 14, 2013 | 2013-008 | 2013-1838 | Nova DoS by allocating all Fixed IPs | |
| Keystone | March 20, 2013 | 2013-009 | 2013-1865 | Keystone PKI tokens online validation bypasses revocation check |
Fixed in 2012.2.3
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | January 29, 2013 | 2013-001 | 2013-0208 | Boot from volume allows access to random volumes | |
| Glance | January 29, 2013 | 2013-002 | 2013-0212 | Backend password leak in Glance error message |
Fixed in 2012.2.2
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | December 11, 2012 | 2012-020 | 2012-5625 | create_lvm_image allocates dirty blocks |
Fixed in 2012.2.1
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | November 28, 2012 | 2012-019 | 2012-5563 | Extension of token validity through token chaining | |
| Keystone | November 28, 2012 | 2012-018 | 2012-5571 | EC2-style credentials invalidation issue | |
| Glance | November 7, 2012 | 2012-017 | 2012-4573 | Authentication bypass for image deletion | High |
| November 9, 2012 | 2012-017.1 | 2012-5482 |
Fixed in 2012.2
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | September 28, 2012 | 2012-05 | 2012-4456 | Some actions in Keystone admin API do not validate token | High |
| 2012-4456 |