Jump to: navigation, search

Difference between revisions of "ReleaseNotes/2013.2.1"

(Resolved Security Issues)
(Undo revision 42975 by Apevec (talk))
Line 9: Line 9:
  
 
=== OpenStack Compute (Nova) ===
 
=== OpenStack Compute (Nova) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000159.html OSSA-2013-029] / [https://bugs.launchpad.net/nova/+bug/1206081 CVE-2013-4463 CVE-2013-4469] - Potential Nova denial of service through compressed disk images
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000159.html OSSA 2013-029] / [https://bugs.launchpad.net/nova/+bug/1206081 CVE-2013-4463 CVE-2013-4469] - Potential Nova denial of service through compressed disk images
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html OSSA-2013-033] / [https://launchpad.net/bugs/1235450 CVE-2013-6419] - Metadata queries from Neutron to Nova are not restricted by tenant
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html OSSA 2013-033] / [https://launchpad.net/bugs/1235450 CVE-2013-6419] - Metadata queries from Neutron to Nova are not restricted by tenant
  
 
=== OpenStack Identity (Keystone) ===
 
=== OpenStack Identity (Keystone) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000158.html OSSA-2013-028]/[https://bugs.launchpad.net/keystone/+bug/1242855 CVE-2013-4477] - Unintentional role granting with Keystone LDAP backend
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000158.html OSSA 2013-028]/[https://bugs.launchpad.net/keystone/+bug/1242855 CVE-2013-4477] - Unintentional role granting with Keystone LDAP backend
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000168.html OSSA-2013-032]/[https://launchpad.net/bugs/1242597 CVE-2013-6391] - Keystone trust circumvention through EC2-style tokens
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000168.html OSSA 2013-032]/[https://launchpad.net/bugs/1242597 CVE-2013-6391] - Keystone trust circumvention through EC2-style tokens
  
 
=== OpenStack Networking (Neutron) ===
 
=== OpenStack Networking (Neutron) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html OSSA-2013-033] / [https://launchpad.net/bugs/1235450 CVE-2013-6419] - Metadata queries from Neutron to Nova are not restricted by tenant
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html OSSA 2013-033] / [https://launchpad.net/bugs/1235450 CVE-2013-6419] - Metadata queries from Neutron to Nova are not restricted by tenant
  
 
=== OpenStack Dashboard (Horizon) ===
 
=== OpenStack Dashboard (Horizon) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000173.html OSSA-2013-036] / [https://launchpad.net/bugs/1247675 CVE-2013-6458] - Insufficient sanitization of Instance Name in Horizon
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000173.html OSSA 2013-036] / [https://launchpad.net/bugs/1247675 CVE-2013-6458] - Insufficient sanitization of Instance Name in Horizon
  
 
=== OpenStack Orchestration (Heat) ===
 
=== OpenStack Orchestration (Heat) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000171.html OSSA-2013-034] / [https://launchpad.net/bugs/1256049 CVE-2013-6426] - Heat CFN policy rules not all enforced
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000171.html OSSA 2013-034] / [https://launchpad.net/bugs/1256049 CVE-2013-6426] - Heat CFN policy rules not all enforced
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000172.html OSSA-2013-035] / [https://launchpad.net/bugs/1256983 CVE-2013-6428] - Heat ReST API doesn't respect tenant scoping
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000172.html OSSA 2013-035] / [https://launchpad.net/bugs/1256983 CVE-2013-6428] - Heat ReST API doesn't respect tenant scoping
  
 
=== OpenStack Telemetry (Ceilometer) ===
 
=== OpenStack Telemetry (Ceilometer) ===
* [http://lists.openstack.org/pipermail/openstack-announce/2013-November/000164.html OSSA-2013-031]/[https://bugs.launchpad.net/ceilometer/+bug/1244476 CVE-2013-6384] - Ceilometer DB2/MongoDB backend password leak
+
* [http://lists.openstack.org/pipermail/openstack-announce/2013-November/000164.html OSSA 2013-031]/[https://bugs.launchpad.net/ceilometer/+bug/1244476 CVE-2013-6384] - Ceilometer DB2/MongoDB backend password leak
  
 
== Bugs Fixed ==
 
== Bugs Fixed ==

Revision as of 14:00, 21 February 2014

Release Notes, 2013.2.1

The 2013.2.1 release is a Havana bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat) and OpenStack Telemetry (Ceilometer).

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.

Resolved Security Issues

OpenStack Compute (Nova)

OpenStack Identity (Keystone)

OpenStack Networking (Neutron)

OpenStack Dashboard (Horizon)

OpenStack Orchestration (Heat)

OpenStack Telemetry (Ceilometer)

Bugs Fixed

In total, 136 launchpad bugs are fixed by this update.

Known Issues and Limitations

The fix for CVE-2013-6419 required patches to both Neutron and Nova to ensure metadata requests between between services are restricted by tenant. To avoid interruption of the metadata service during an upgrade, it is recommended Neutron is upgraded and the neutron-metadata-agent restarted before upgrading Nova.

Retrieved from "https://wiki.openstack.org/w/index.php?title=ReleaseNotes/2013.2.1&oldid=42977"