|
|
| Line 1: |
Line 1: |
| − | __NOTOC__
| + | |
| | = Folsom Security Advisories = | | = Folsom Security Advisories = |
| | | | |
Revision as of 23:30, 17 February 2013
Folsom Security Advisories
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Fixed in 2012.2.3
See ReleaseNotes/2012.2.3
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Nova
|
January 29, 2013
|
2013-001
|
2013-0208
|
Boot from volume allows access to random volumes
|
|
| Glance
|
January 29, 2013
|
2013-002
|
2013-0212
|
Backend password leak in Glance error message
|
|
Fixed in 2012.2.2
See ReleaseNotes/2012.2.2
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Nova
|
December 11, 2012
|
2012-020
|
2012-5625
|
create_lvm_image allocates dirty blocks
|
|
Fixed in 2012.2.1
See ReleaseNotes/2012.2.1
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Keystone
|
November 28, 2012
|
2012-019
|
2012-5563
|
Extension of token validity through token chaining
|
|
| Keystone
|
November 28, 2012
|
2012-018
|
2012-5571
|
EC2-style credentials invalidation issue
|
|
| Glance
|
November 7, 2012
|
2012-017
|
2012-4573
|
Authentication bypass for image deletion
|
High
|
| November 9, 2012
|
2012-017.1
|
2012-5482
|
Fixed in 2012.2
See ReleaseNotes/Folsom
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Keystone
|
September 28, 2012
|
2012-05
|
2012-4456
|
Some actions in Keystone admin API do not validate token
|
High
|
| 2012-4456
|
