ReleaseNotes/2012.2.4
Release Notes, 2012.2.4
The 2012.2.4 release is a Folsom bugfix update for Nova, Glance, Cinder, Quantum, Keystone and Horizon. No further official Folsom releases of these projects are planned.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Upgrade Notes
- In order to prevent a denial of service by depleting the FixedIP pool (CVE-2013-1838, see below) we introduced a new quota for Fixed IPs. In order to avoid upgrade issues that quota is, at upgarde time, set to unlimited. Operators that use the multinic option have to opt into fixed IP quotas by changing quota_fixed_ips parameter in nova.conf.
Resolved Security Issues
Nova
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-006/CVE-2013-0335 - VNC proxy can connect to the wrong VM
- OSSA-2013-008/CVE-2013-1838 - Nova DoS by allocating all Fixed IPs
Cinder
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
Glance
- OSSA-2013-007/CVE-2013-1840 - Backend credentials leak in Glance v1 API
Keystone
- OSSA-2013-003/CVE-2013-0247 - Keystone denial of service through invalid token requests
- OSSA-2013-004/CVE-2013-1664, CVE-2013-1665 - Information leak and Denial of Service using XML entities
- OSSA-2013-005/CVE-2013-0282 - Keystone EC2-style authentication accepts disabled user/tenants
- OSSA-2013-009/CVE-2013-1865 - Keystone PKI tokens online validation bypasses revocation check
Bugs Fixed
In total, 90 launchpad bugs are fixed by this update.
- List of Nova bugs fixed in the 2012.2.4 release
- List of Glance bugs fixed in the 2012.2.4 release
- List of Cinder bugs fixed in the 2012.2.4 release
- List of Quantum bugs fixed in the 2012.2.4 release
- List of Keystone bugs fixed in the 2012.2.4 release
- List of Horizon bugs fixed in the 2012.2.4 release
Known Issues and Limitations
None.