Jump to: navigation, search

Difference between revisions of "SecurityAdvisories/Essex"

(ossa2012-012)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 
= Essex Security Advisories =
 
= Essex Security Advisories =
 +
 +
{| border="1" cellpadding="2" cellspacing="0"
 +
| Product
 +
| Date
 +
| Openstack Security Advisory
 +
| CVE Number
 +
| Title
 +
| Impact
 +
|-
 +
| Horizon
 +
| August 30, 2012
 +
| [https://lists.launchpad.net/openstack/msg16278.html 2012-012]
 +
| [https://bugs.launchpad.net/bugs/cve/2012-3540 2012-3540]
 +
| Open redirect through 'next' parameter
 +
| Medium
 +
|}
  
 
== Fixed in 2012.1.2 ==
 
== Fixed in 2012.1.2 ==

Revision as of 10:12, 5 September 2012

Essex Security Advisories

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon August 30, 2012 2012-012 2012-3540 Open redirect through 'next' parameter Medium

Fixed in 2012.1.2

See ReleaseNotes/2012.1.2

Product Date Openstack Security Advisory CVE Number Title Impact
Nova July 3, 2012 2012-008 2012-3360 Arbitrary file injection/corruption through directory traversal issues Critical
Nova July 11, 2012 2012-009 2012-3371 Scheduler denial of service through scheduler_hints Medium
Nova August 7, 2012 2012-011 2012-3447 Compute node filesystem injection/corruption Critical

Fixed in 2012.1.1

See ReleaseNotes/2012.1.1

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon April 17, 2012 2012-004 2012-2094 XSS vulnerability in Horizon log viewer High
Nova April 19, 2012 2012-005 2012-2101 No quota enforced on security group rules High
Horizon May 4, 2012 2012-006 2012-2144 Horizon session fixation and reuse Critical
Nova June 6, 2012 2012-007 2012-2654 Security groups fail to be set correctly Medium
Keystone July 27, 2012 2012-010 2012-3426 Various Keystone token expiration issues Medium
Retrieved from "https://wiki.openstack.org/w/index.php?title=SecurityAdvisories/Essex&oldid=11798"