Difference between revisions of "ReleaseNotes/2013.2.4"
m (added to Releases) |
(→Resolved Security Issues) |
||
Line 8: | Line 8: | ||
== Resolved Security Issues == | == Resolved Security Issues == | ||
+ | === unsorted === | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000211.html OSSA 2014-007] / [https://bugs.launchpad.net/bugs/1282865 CVE-2014-0105] - Potential context confusion in Keystone middleware | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html OSSA 2014-008] / [https://bugs.launchpad.net/bugs/1243327 CVE-2014-0056] - Routers can be cross plugged by other tenants | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000213.html OSSA 2014-009] / [https://launchpad.net/bugs/1221190 CVE-2014-0134] - Nova host data leak to vm instance in rescue mode. | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000218.html OSSA 2014-010] / [https://launchpad.net/bugs/1289033 CVE-2014-0157] - XSS in Horizon orchestration dashboard | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000219.html OSSA 2014-011] / [https://launchpad.net/bugs/1290537 CVE-2014-0167] - RBAC policy not properly enforced in Nova EC2 API | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000220.html OSSA 2014-012] / [https://launchpad.net/bugs/1298698 CVE-2014-0162] - Remote code execution in Glance Sheepdog backend | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000221.html OSSA 2014-013] / [https://launchpad.net/bugs/1300274 CVE-2014-2828] - Keystone DoS through V3 API authentication chaining | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000227.html OSSA 2014-014] / [https://launchpad.net/bugs/1300785 CVE-2014-0187] - Neutron security groups bypass through invalid CIDR | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000231.html OSSA 2014-015] / [https://launchpad.net/bugs/1309228 CVE-2014-0204] - Keystone user and group id mismatch | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000232.html OSSA 2014-016] / [https://launchpad.net/bugs/1311223 CVE-2014-3801] - Heat template URL information leakage | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000235.html OSSA 2014-017] / [https://launchpad.net/bugs/1269418 CVE-2014-2573] - Nova VMWare driver leaks rescued images | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html OSSA 2014-018] / [https://launchpad.net/bugs/1324592 CVE-2014-3476] - Keystone privilege escalation through trust chained delegation | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000242.html OSSA 2014-019] / [https://launchpad.net/bugs/1309195 CVE-2014-4167] - Neutron L3-agent DoS through IPv6 subnet | ||
+ | * [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html OSSA 2014-020] / [https://launchpad.net/bugs/1327414 CVE-2014-3497] - XSS in Swift requests through WWW-Authenticate header | ||
+ | |||
=== OpenStack Compute (Nova) === | === OpenStack Compute (Nova) === | ||
=== OpenStack Identity (Keystone) === | === OpenStack Identity (Keystone) === |
Revision as of 00:20, 29 September 2014
Release Notes, 2013.2.4
The 2013.2.4 release is a Havana bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat) and OpenStack Telemetry (Ceilometer). No further official Havana releases of these projects are planned.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.
Contents
- 1 Release Notes, 2013.2.4
- 1.1 Resolved Security Issues
- 1.1.1 unsorted
- 1.1.2 OpenStack Compute (Nova)
- 1.1.3 OpenStack Identity (Keystone)
- 1.1.4 OpenStack Image Registry and Delivery Service (Glance)
- 1.1.5 OpenStack Networking (Neutron)
- 1.1.6 OpenStack Block Storage (Cinder)
- 1.1.7 OpenStack Dashboard (Horizon)
- 1.1.8 OpenStack Orchestration (Heat)
- 1.1.9 OpenStack Telemetry (Ceilometer)
- 1.2 Bugs Fixed
- 1.3 Known Issues and Limitations
- 1.1 Resolved Security Issues
Resolved Security Issues
unsorted
- OSSA 2014-007 / CVE-2014-0105 - Potential context confusion in Keystone middleware
- OSSA 2014-008 / CVE-2014-0056 - Routers can be cross plugged by other tenants
- OSSA 2014-009 / CVE-2014-0134 - Nova host data leak to vm instance in rescue mode.
- OSSA 2014-010 / CVE-2014-0157 - XSS in Horizon orchestration dashboard
- OSSA 2014-011 / CVE-2014-0167 - RBAC policy not properly enforced in Nova EC2 API
- OSSA 2014-012 / CVE-2014-0162 - Remote code execution in Glance Sheepdog backend
- OSSA 2014-013 / CVE-2014-2828 - Keystone DoS through V3 API authentication chaining
- OSSA 2014-014 / CVE-2014-0187 - Neutron security groups bypass through invalid CIDR
- OSSA 2014-015 / CVE-2014-0204 - Keystone user and group id mismatch
- OSSA 2014-016 / CVE-2014-3801 - Heat template URL information leakage
- OSSA 2014-017 / CVE-2014-2573 - Nova VMWare driver leaks rescued images
- OSSA 2014-018 / CVE-2014-3476 - Keystone privilege escalation through trust chained delegation
- OSSA 2014-019 / CVE-2014-4167 - Neutron L3-agent DoS through IPv6 subnet
- OSSA 2014-020 / CVE-2014-3497 - XSS in Swift requests through WWW-Authenticate header
OpenStack Compute (Nova)
OpenStack Identity (Keystone)
OpenStack Image Registry and Delivery Service (Glance)
OpenStack Networking (Neutron)
OpenStack Block Storage (Cinder)
OpenStack Dashboard (Horizon)
OpenStack Orchestration (Heat)
OpenStack Telemetry (Ceilometer)
Bugs Fixed
In total, 180 launchpad bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2013.2.4 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2013.2.4 release
- List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2013.2.4 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2013.2.4 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2013.2.4 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2013.2.4 release
- List of OpenStack Orchestration (Heat) bugs fixed in the 2013.2.4 release
- List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2013.2.4 release
Known Issues and Limitations
Neutron
There is a known issue in all Havana releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. https://bugs.launchpad.net/neutron/+bug/1304181