Difference between revisions of "ReleaseNotes/2012.2.4"
(Created page with " = Release Notes, 2012.2.4 = The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. The bugfixes contained in this release w...") |
|||
Line 18: | Line 18: | ||
=== Nova === | === Nova === | ||
− | * | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/nova/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities |
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000082.html OSSA-2013-006]/[https://bugs.launchpad.net/nova/+bug/1125378 CVE-2013-0335] - VNC proxy can connect to the wrong VM | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000086.html OSSA 2013-008]/[https://bugs.launchpad.net/nova/+bug/1125468 CVE-2013-1838] - Nova DoS by allocating all Fixed IPs | ||
+ | |||
+ | === Cinder === | ||
+ | |||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/cinder/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | ||
=== Glance === | === Glance === | ||
− | * | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000085.html OSSA 2013-007]/[https://bugs.launchpad.net/glance/+bug/1135541 CVE-2013-1840] - Backend credentials leak in Glance v1 API |
=== Keystone === | === Keystone === | ||
− | * | + | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html OSSA-2013-003]/[https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0247] - Keystone denial of service through invalid token requests |
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html OSSA-2013-004]/[https://bugs.launchpad.net/keystone/+bug/1100282 CVE-2013-1664, CVE-2013-1665] - Information leak and Denial of Service using XML entities | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-February/000079.html OSSA 2013-005]/[https://bugs.launchpad.net/keystone/+bug/1121494 CVE-2013-0282] - Keystone EC2-style authentication accepts disabled user/tenants | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2013-March/000087.html OSSA 2013-009]/[https://bugs.launchpad.net/keystone/folsom/+bug/1129713 CVE-2013-1865] - Keystone PKI tokens online validation bypasses revocation check | ||
== Bugs Fixed == | == Bugs Fixed == |
Revision as of 23:48, 10 April 2013
Release Notes, 2012.2.4
The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
2012.2.4 is the last planned Folsom stable release, after this release, stable/folsom enters passive maintenance mode where only security fixes are applied.
Contents
Upgrade Notes
Resolved Security Issues
Nova
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
- OSSA 2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs
Cinder
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
Glance
- OSSA 2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API
Keystone
- OSSA-2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA 2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
- OSSA 2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check
Bugs Fixed
In total, XX launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2.4 release
- List of Glance bugs fixed in the 2012.2.4 release
- List of Cinder bugs fixed in the 2012.2.4 release
- List of Quantum bugs fixed in the 2012.2.4 release
- List of Keystone bugs fixed in the 2012.2.4 release
- List of Horizon bugs fixed in the 2012.2.4 release
Known Issues and Limitations
None.