Revision as of 00:20, 29 September 2014

Release Notes, 2013.2.4

The 2013.2.4 release is a Havana bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat) and OpenStack Telemetry (Ceilometer). No further official Havana releases of these projects are planned.

The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.

Resolved Security Issues

unsorted

OSSA 2014-007 / CVE-2014-0105 - Potential context confusion in Keystone middleware
OSSA 2014-008 / CVE-2014-0056 - Routers can be cross plugged by other tenants
OSSA 2014-009 / CVE-2014-0134 - Nova host data leak to vm instance in rescue mode.
OSSA 2014-010 / CVE-2014-0157 - XSS in Horizon orchestration dashboard
OSSA 2014-011 / CVE-2014-0167 - RBAC policy not properly enforced in Nova EC2 API
OSSA 2014-012 / CVE-2014-0162 - Remote code execution in Glance Sheepdog backend
OSSA 2014-013 / CVE-2014-2828 - Keystone DoS through V3 API authentication chaining
OSSA 2014-014 / CVE-2014-0187 - Neutron security groups bypass through invalid CIDR
OSSA 2014-015 / CVE-2014-0204 - Keystone user and group id mismatch
OSSA 2014-016 / CVE-2014-3801 - Heat template URL information leakage
OSSA 2014-017 / CVE-2014-2573 - Nova VMWare driver leaks rescued images
OSSA 2014-018 / CVE-2014-3476 - Keystone privilege escalation through trust chained delegation
OSSA 2014-019 / CVE-2014-4167 - Neutron L3-agent DoS through IPv6 subnet
OSSA 2014-020 / CVE-2014-3497 - XSS in Swift requests through WWW-Authenticate header

OpenStack Compute (Nova)

OpenStack Identity (Keystone)

OpenStack Image Registry and Delivery Service (Glance)

OpenStack Networking (Neutron)

OpenStack Block Storage (Cinder)

OpenStack Dashboard (Horizon)

OpenStack Orchestration (Heat)

OpenStack Telemetry (Ceilometer)

Bugs Fixed

In total, 180 launchpad bugs are fixed by this update.

Known Issues and Limitations

Neutron

There is a known issue in all Havana releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. https://bugs.launchpad.net/neutron/+bug/1304181

@@ Line 8: / Line 8: @@
 == Resolved Security Issues ==
+=== unsorted ===
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000211.html OSSA 2014-007] / [https://bugs.launchpad.net/bugs/1282865 CVE-2014-0105] - Potential context confusion in Keystone middleware
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html OSSA 2014-008] / [https://bugs.launchpad.net/bugs/1243327 CVE-2014-0056] - Routers can be cross plugged by other tenants
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000213.html OSSA 2014-009] / [https://launchpad.net/bugs/1221190 CVE-2014-0134] - Nova host data leak to vm instance in rescue mode.
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000218.html OSSA 2014-010] / [https://launchpad.net/bugs/1289033 CVE-2014-0157] - XSS in Horizon orchestration dashboard
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000219.html OSSA 2014-011] / [https://launchpad.net/bugs/1290537 CVE-2014-0167] - RBAC policy not properly enforced in Nova EC2 API
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000220.html OSSA 2014-012] / [https://launchpad.net/bugs/1298698 CVE-2014-0162] - Remote code execution in Glance Sheepdog backend
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000221.html OSSA 2014-013] / [https://launchpad.net/bugs/1300274 CVE-2014-2828] - Keystone DoS through V3 API authentication chaining
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-April/000227.html OSSA 2014-014] / [https://launchpad.net/bugs/1300785 CVE-2014-0187] - Neutron security groups bypass through invalid CIDR
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000231.html OSSA 2014-015] / [https://launchpad.net/bugs/1309228 CVE-2014-0204] - Keystone user and group id mismatch
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000232.html OSSA 2014-016] / [https://launchpad.net/bugs/1311223 CVE-2014-3801] - Heat template URL information leakage
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-May/000235.html OSSA 2014-017] / [https://launchpad.net/bugs/1269418 CVE-2014-2573] - Nova VMWare driver leaks rescued images
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000240.html OSSA 2014-018] / [https://launchpad.net/bugs/1324592 CVE-2014-3476] - Keystone privilege escalation through trust chained delegation
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000242.html OSSA 2014-019] / [https://launchpad.net/bugs/1309195 CVE-2014-4167] - Neutron L3-agent DoS through IPv6 subnet
+* [http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html OSSA 2014-020] / [https://launchpad.net/bugs/1327414 CVE-2014-3497] - XSS in Swift requests through WWW-Authenticate header
 === OpenStack Compute (Nova) ===
 === OpenStack Identity (Keystone) ===

Difference between revisions of "ReleaseNotes/2013.2.4"