ReleaseNotes/2013.2.1
Release Notes, 2013.2.1
The 2013.2.1 release is a Havana bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat) and OpenStack Telemetry (Ceilometer).
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a relatively risk free update with no intentional regressions or API changes.
Contents
Resolved Security Issues
OpenStack Compute (Nova)
- OSSA-2013-029 / CVE-2013-4463 CVE-2013-4469 - Potential Nova denial of service through compressed disk images
- OSSA-2013-033 / CVE-2013-6419 - Metadata queries from Neutron to Nova are not restricted by tenant
OpenStack Identity (Keystone)
- OSSA-2013-028/CVE-2013-4477 - Unintentional role granting with Keystone LDAP backend
- OSSA-2013-032/CVE-2013-6391 - Keystone trust circumvention through EC2-style tokens
OpenStack Networking (Neutron)
- OSSA-2013-033 / CVE-2013-6419 - Metadata queries from Neutron to Nova are not restricted by tenant
OpenStack Dashboard (Horizon)
- OSSA-2013-036 / CVE-2013-6458 - Insufficient sanitization of Instance Name in Horizon
OpenStack Orchestration (Heat)
- OSSA-2013-034 / CVE-2013-6426 - Heat CFN policy rules not all enforced
- OSSA-2013-035 / CVE-2013-6428 - Heat ReST API doesn't respect tenant scoping
OpenStack Telemetry (Ceilometer)
- OSSA-2013-031/CVE-2013-6384 - Ceilometer DB2/MongoDB backend password leak
Bugs Fixed
In total, 136 launchpad bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2013.2.1 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2013.2.1 release
- List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2013.2.1 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2013.2.1 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2013.2.1 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2013.2.1 release
- List of OpenStack Orchestration (Heat) bugs fixed in the 2013.2.1 release
- List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2013.2.1 release
Known Issues and Limitations
The fix for CVE-2013-6419 required patches to both Neutron and Nova to ensure metadata requests between between services are restricted by tenant. To avoid interruption of the metadata service during an upgrade, it is recommended Neutron is upgraded and the neutron-metadata-agent restarted before upgrading Nova.