Difference between revisions of "ReleaseNotes/2012.2.4"
(→Release Notes, 2012.2.4) |
(→Resolved Security Issues) |
||
| Line 14: | Line 14: | ||
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/nova/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/nova/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | ||
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html OSSA-2013-006]/[https://bugs.launchpad.net/nova/+bug/1125378 CVE-2013-0335] - VNC proxy can connect to the wrong VM | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html OSSA-2013-006]/[https://bugs.launchpad.net/nova/+bug/1125378 CVE-2013-0335] - VNC proxy can connect to the wrong VM | ||
| − | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html OSSA 2013-008]/[https://bugs.launchpad.net/nova/+bug/1125468 CVE-2013-1838] - Nova DoS by allocating all Fixed IPs | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html OSSA-2013-008]/[https://bugs.launchpad.net/nova/+bug/1125468 CVE-2013-1838] - Nova DoS by allocating all Fixed IPs |
=== Cinder === | === Cinder === | ||
| Line 22: | Line 22: | ||
=== Glance === | === Glance === | ||
| − | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html OSSA 2013-007]/[https://bugs.launchpad.net/glance/+bug/1135541 CVE-2013-1840] - Backend credentials leak in Glance v1 API | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html OSSA-2013-007]/[https://bugs.launchpad.net/glance/+bug/1135541 CVE-2013-1840] - Backend credentials leak in Glance v1 API |
=== Keystone === | === Keystone === | ||
| Line 28: | Line 28: | ||
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html OSSA-2013-003]/[https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0247] - Keystone denial of service through invalid token requests | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html OSSA-2013-003]/[https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0247] - Keystone denial of service through invalid token requests | ||
* [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/keystone/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/keystone/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | ||
| − | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html OSSA 2013-005]/[https://bugs.launchpad.net/keystone/+bug/1121494 CVE-2013-0282] - Keystone EC2-style authentication accepts disabled user/tenants | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html OSSA-2013-005]/[https://bugs.launchpad.net/keystone/+bug/1121494 CVE-2013-0282] - Keystone EC2-style authentication accepts disabled user/tenants |
| − | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html OSSA 2013-009]/[https://bugs.launchpad.net/keystone/folsom/+bug/1129713 CVE-2013-1865] - Keystone PKI tokens online validation bypasses revocation check | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html OSSA-2013-009]/[https://bugs.launchpad.net/keystone/folsom/+bug/1129713 CVE-2013-1865] - Keystone PKI tokens online validation bypasses revocation check |
== Bugs Fixed == | == Bugs Fixed == | ||
Revision as of 00:10, 11 April 2013
Release Notes, 2012.2.4
The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Resolved Security Issues
Nova
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
- OSSA-2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs
Cinder
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
Glance
- OSSA-2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API
Keystone
- OSSA-2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
- OSSA-2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check
Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2.4 release
- List of Glance bugs fixed in the 2012.2.4 release
- List of Cinder bugs fixed in the 2012.2.4 release
- List of Quantum bugs fixed in the 2012.2.4 release
- List of Keystone bugs fixed in the 2012.2.4 release
- List of Horizon bugs fixed in the 2012.2.4 release
Known Issues and Limitations
None.
