Revision as of 21:58, 31 January 2013

Folsom Security Advisories

Product

Date

Openstack Security Advisory

CVE Number

Title

Impact

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	January 29, 2013	2013-001	2013-0208	Boot from volume allows access to random volumes
Glance	January 29, 2013	2013-002	2013-0212	Backend password leak in Glance error message

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	December 11, 2012	2012-020	2012-5625	create_lvm_image allocates dirty blocks

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	November 28, 2012	2012-019	2012-5563	Extension of token validity through token chaining
Keystone	November 28, 2012	2012-018	2012-5571	EC2-style credentials invalidation issue
Glance	November 7, 2012	2012-017	2012-4573	Authentication bypass for image deletion	High
Glance	November 9, 2012	2012-017.1	2012-5482	Authentication bypass for image deletion	High

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	September 28, 2012	2012-05	2012-4456	Some actions in Keystone admin API do not validate token	High
			2012-4456

@@ Line 9: / Line 9: @@
 | Title
 | Impact
+|}
+== Fixed in 2012.2.3 ==
+See [[ReleaseNotes/2012.2.3]]
+{| border="1" cellpadding="2" cellspacing="0"
+| Product
+| Date
+| Openstack Security Advisory
+| CVE Number
+| Title
+| Impact
+|-
+| Nova
+| January 29, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-January/000070.html 2013-001]
+| [https://bugs.launchpad.net/nova/+bug/1069904 2013-0208]
+|  Boot from volume allows access to random volumes
+|
+|-
+| Glance
+| January 29, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-January/000071.html 2013-002]
+| [https://bugs.launchpad.net/glance/+bug/1098962 2013-0212]
+|  Backend password leak in Glance error message
+|
 |}