Jump to: navigation, search

Difference between revisions of "ReleaseNotes/2012.2.4"

(Upgrade Notes)
m (added to Releases)
 
(3 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
== Upgrade Notes ==
 
== Upgrade Notes ==
  
* Previous default FixedIPs quota of ten resulted in upgrade problems, so default was changed to unlimited. Operators have to opt into fixed IP quotas by changing  quota_fixed_ips parameter in nova.conf.
+
* In order to prevent a denial of service by depleting the FixedIP pool (CVE-2013-1838, see below) we introduced a new quota for Fixed IPs. To avoid upgrade issues, that quota is initially set to unlimited. Operators that use the multinic option have to opt into fixed IP quotas by changing  quota_fixed_ips parameter in nova.conf.
  
 
== Resolved Security Issues ==
 
== Resolved Security Issues ==
Line 16: Line 16:
 
=== Nova ===
 
=== Nova ===
  
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/nova/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA 2013-004]/[https://bugs.launchpad.net/nova/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html OSSA-2013-006]/[https://bugs.launchpad.net/nova/+bug/1125378 CVE-2013-0335] - VNC proxy can connect to the wrong VM
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html OSSA 2013-006]/[https://bugs.launchpad.net/nova/+bug/1125378 CVE-2013-0335] - VNC proxy can connect to the wrong VM
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html OSSA-2013-008]/[https://bugs.launchpad.net/nova/+bug/1125468 CVE-2013-1838] - Nova DoS by allocating all Fixed IPs
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html OSSA 2013-008]/[https://bugs.launchpad.net/nova/+bug/1125468 CVE-2013-1838] - Nova DoS by allocating all Fixed IPs
  
 
=== Cinder ===
 
=== Cinder ===
  
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/cinder/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA 2013-004]/[https://bugs.launchpad.net/cinder/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
  
 
=== Glance ===
 
=== Glance ===
  
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html OSSA-2013-007]/[https://bugs.launchpad.net/glance/+bug/1135541 CVE-2013-1840] - Backend credentials leak in Glance v1 API
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html OSSA 2013-007]/[https://bugs.launchpad.net/glance/+bug/1135541 CVE-2013-1840] - Backend credentials leak in Glance v1 API
  
 
=== Keystone ===
 
=== Keystone ===
  
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html OSSA-2013-003]/[https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0247] - Keystone denial of service through invalid token requests
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html OSSA 2013-003]/[https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0247] - Keystone denial of service through invalid token requests
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/keystone/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA 2013-004]/[https://bugs.launchpad.net/keystone/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html OSSA-2013-005]/[https://bugs.launchpad.net/keystone/+bug/1121494 CVE-2013-0282] - Keystone EC2-style authentication accepts disabled user/tenants
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html OSSA 2013-005]/[https://bugs.launchpad.net/keystone/+bug/1121494 CVE-2013-0282] - Keystone EC2-style authentication accepts disabled user/tenants
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html OSSA-2013-009]/[https://bugs.launchpad.net/keystone/folsom/+bug/1129713 CVE-2013-1865] - Keystone PKI tokens online validation bypasses revocation check
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html OSSA 2013-009]/[https://bugs.launchpad.net/keystone/folsom/+bug/1129713 CVE-2013-1865] - Keystone PKI tokens online validation bypasses revocation check
  
 
== Bugs Fixed ==
 
== Bugs Fixed ==
Line 49: Line 49:
  
 
None.
 
None.
 +
 +
 +
[[Category:Releases]]
 +
[[Category:Folsom]]

Latest revision as of 00:25, 23 September 2014

Release Notes, 2012.2.4

The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.

Upgrade Notes

  • In order to prevent a denial of service by depleting the FixedIP pool (CVE-2013-1838, see below) we introduced a new quota for Fixed IPs. To avoid upgrade issues, that quota is initially set to unlimited. Operators that use the multinic option have to opt into fixed IP quotas by changing quota_fixed_ips parameter in nova.conf.

Resolved Security Issues

Nova

Cinder

Glance

Keystone

Bugs Fixed

In total, 90 launchpad bugs are fixed by this update.

Known Issues and Limitations

None.