Difference between revisions of "SecurityAdvisories/Folsom"
(OSSA-2012-019) |
|||
| Line 9: | Line 9: | ||
| Title | | Title | ||
| Impact | | Impact | ||
| + | |- | ||
| + | | Nova | ||
| + | | December 11, 2012 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2012-December/000059.html 2012-020] | ||
| + | | [https://bugs.launchpad.net/nova/+bug/1070539 2012-5625] | ||
| + | | create_lvm_image allocates dirty blocks | ||
| + | | | ||
|- | |- | ||
| Keystone | | Keystone | ||
Revision as of 20:54, 11 December 2012
Folsom Security Advisories
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | December 11, 2012 | 2012-020 | 2012-5625 | create_lvm_image allocates dirty blocks | |
| Keystone | November 28, 2012 | 2012-019 | 2012-5563 | Extension of token validity through token chaining | |
| Keystone | November 28, 2012 | 2012-018 | 2012-5571 | EC2-style credentials invalidation issue | |
| Glance | November 7, 2012 | 2012-017 | 2012-4573 | Authentication bypass for image deletion | High |
| November 9, 2012 | 2012-017.1 | 2012-5482 |
Fixed in 2012.2
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | September 28, 2012 | 2012-05 | 2012-4456 | Some actions in Keystone admin API do not validate token | High |
| 2012-4456 |
