Difference between revisions of "SecurityAdvisories/Essex"
| Line 15: | Line 15: | ||
| [https://bugs.launchpad.net/bugs/cve/2012-3360 2012-3360] | | [https://bugs.launchpad.net/bugs/cve/2012-3360 2012-3360] | ||
|rowspan=2 |Arbitrary file injection/corruption through directory traversal issues | |rowspan=2 |Arbitrary file injection/corruption through directory traversal issues | ||
| − | |rowspan=2 | | + | |rowspan=2 |Critical |
|- | |- | ||
|- | |- | ||
| Line 24: | Line 24: | ||
| Scheduler denial of service through scheduler_hints | | Scheduler denial of service through scheduler_hints | ||
| Medium | | Medium | ||
| + | |- | ||
| + | | Nova | ||
| + | | August 7, 2012 | ||
| + | | [https://lists.launchpad.net/openstack/msg15549.html 2012-011] | ||
| + | | [https://bugs.launchpad.net/bugs/cve/2012-3447 2012-3447] | ||
| + | | Compute node filesystem injection/corruption | ||
| + | | Critical | ||
|} | |} | ||
Revision as of 02:24, 10 August 2012
Essex Security Advisories
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | July 3, 2012 | 2012-008 | 2012-3360 | Arbitrary file injection/corruption through directory traversal issues | Critical |
| Nova | July 11, 2012 | 2012-009 | 2012-3371 | Scheduler denial of service through scheduler_hints | Medium |
| Nova | August 7, 2012 | 2012-011 | 2012-3447 | Compute node filesystem injection/corruption | Critical |
Fixed in 2012.1.1
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Horizon | April 17, 2012 | 2012-004 | 2012-2094 | XSS vulnerability in Horizon log viewer | High |
| Nova | April 19, 2012 | 2012-005 | 2012-2101 | No quota enforced on security group rules | High |
| Horizon | May 4, 2012 | 2012-006 | 2012-2144 | Horizon session fixation and reuse | Critical |
| Nova | June 6, 2012 | 2012-007 | 2012-2654 | Security groups fail to be set correctly | Medium |
| Keystone | July 27, 2012 | 2012-010 | 2012-3426 | Various Keystone token expiration issues | Medium |
