ReleaseNotes/2013.2.4
Release Notes, 2013.2.4
The 2013.2.4 release is a Havana bugfix update for OpenStack Compute (Nova), OpenStack Identity (Keystone), OpenStack Image Registry and Delivery Service (Glance), OpenStack Networking (Neutron), OpenStack Block Storage (Cinder), OpenStack Dashboard (Horizon), OpenStack Orchestration (Heat) and OpenStack Telemetry (Ceilometer). No further official Havana releases of these projects are planned.
The bugfixes contained in this release were backported from the development branches into a stable branch. The release is intended to be a low risk update with no intentional regressions or API changes.
Contents
- 1 Release Notes, 2013.2.4
- 1.1 Resolved Security Issues
- 1.1.1 unsorted
- 1.1.2 OpenStack Compute (Nova)
- 1.1.3 OpenStack Identity (Keystone)
- 1.1.4 OpenStack Image Registry and Delivery Service (Glance)
- 1.1.5 OpenStack Networking (Neutron)
- 1.1.6 OpenStack Block Storage (Cinder)
- 1.1.7 OpenStack Dashboard (Horizon)
- 1.1.8 OpenStack Orchestration (Heat)
- 1.1.9 OpenStack Telemetry (Ceilometer)
- 1.2 Bugs Fixed
- 1.3 Known Issues and Limitations
- 1.1 Resolved Security Issues
Resolved Security Issues
unsorted
- OSSA 2014-007 / CVE-2014-0105 - Potential context confusion in Keystone middleware
- OSSA 2014-008 / CVE-2014-0056 - Routers can be cross plugged by other tenants
- OSSA 2014-009 / CVE-2014-0134 - Nova host data leak to vm instance in rescue mode.
- OSSA 2014-010 / CVE-2014-0157 - XSS in Horizon orchestration dashboard
- OSSA 2014-011 / CVE-2014-0167 - RBAC policy not properly enforced in Nova EC2 API
- OSSA 2014-012 / CVE-2014-0162 - Remote code execution in Glance Sheepdog backend
- OSSA 2014-013 / CVE-2014-2828 - Keystone DoS through V3 API authentication chaining
- OSSA 2014-014 / CVE-2014-0187 - Neutron security groups bypass through invalid CIDR
- OSSA 2014-015 / CVE-2014-0204 - Keystone user and group id mismatch
- OSSA 2014-016 / CVE-2014-3801 - Heat template URL information leakage
- OSSA 2014-017 / CVE-2014-2573 - Nova VMWare driver leaks rescued images
- OSSA 2014-018 / CVE-2014-3476 - Keystone privilege escalation through trust chained delegation
- OSSA 2014-019 / CVE-2014-4167 - Neutron L3-agent DoS through IPv6 subnet
- OSSA 2014-020 / CVE-2014-3497 - XSS in Swift requests through WWW-Authenticate header
OpenStack Compute (Nova)
OpenStack Identity (Keystone)
OpenStack Image Registry and Delivery Service (Glance)
OpenStack Networking (Neutron)
OpenStack Block Storage (Cinder)
OpenStack Dashboard (Horizon)
OpenStack Orchestration (Heat)
OpenStack Telemetry (Ceilometer)
Bugs Fixed
In total, 180 launchpad bugs are fixed by this update.
- List of OpenStack Compute (Nova) bugs fixed in the 2013.2.4 release
- List of OpenStack Identity (Keystone) bugs fixed in the 2013.2.4 release
- List of OpenStack Image Registry and Delivery Service (Glance) bugs fixed in the 2013.2.4 release
- List of OpenStack Networking (Neutron) bugs fixed in the 2013.2.4 release
- List of OpenStack Block Storage (Cinder) bugs fixed in the 2013.2.4 release
- List of OpenStack Dashboard (Horizon) bugs fixed in the 2013.2.4 release
- List of OpenStack Orchestration (Heat) bugs fixed in the 2013.2.4 release
- List of OpenStack Telemetry (Ceilometer) bugs fixed in the 2013.2.4 release
Known Issues and Limitations
Neutron
There is a known issue in all Havana releases that results in Neutron DHCP agent constantly resyncing its state once a network and a subnet is created with a gateway outside of it. To avoid this, users are encouraged to set force_gateway_on_subnet to True in neutron.conf. https://bugs.launchpad.net/neutron/+bug/1304181