|
|
Line 1: |
Line 1: |
| | | |
| = Folsom Security Advisories = | | = Folsom Security Advisories = |
− |
| |
− | {| border="1" cellpadding="2" cellspacing="0"
| |
− | | Product
| |
− | | Date
| |
− | | Openstack Security Advisory
| |
− | | CVE Number
| |
− | | Title
| |
− | | Impact
| |
− | |}
| |
| | | |
| == Fixed in 2012.2.4 == | | == Fixed in 2012.2.4 == |
Latest revision as of 17:22, 10 May 2013
Folsom Security Advisories
Fixed in 2012.2.4
See ReleaseNotes/2012.2.4
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Keystone
|
February 5, 2013
|
2013-003
|
2013-0247
|
Keystone denial of service through invalid token requests
|
|
Nova, Cinder, Keystone
|
February 19, 2013
|
2013-004
|
2013-1664, 2013-1665
|
Information leak and Denial of Service using XML entities
|
|
Keystone
|
February 19, 2013
|
2013-005
|
2013-0282
|
Keystone EC2-style authentication accepts disabled user/tenants
|
|
Nova
|
February 26, 2013
|
2013-006
|
2013-0335
|
VNC proxy can connect to the wrong VM
|
|
Glance
|
March 14, 2013
|
2013-007
|
2013-1840
|
Backend credentials leak in Glance v1 API
|
|
Nova
|
March 14, 2013
|
2013-008
|
2013-1838
|
Nova DoS by allocating all Fixed IPs
|
|
Keystone
|
March 20, 2013
|
2013-009
|
2013-1865
|
Keystone PKI tokens online validation bypasses revocation check
|
|
Fixed in 2012.2.3
See ReleaseNotes/2012.2.3
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Nova
|
January 29, 2013
|
2013-001
|
2013-0208
|
Boot from volume allows access to random volumes
|
|
Glance
|
January 29, 2013
|
2013-002
|
2013-0212
|
Backend password leak in Glance error message
|
|
Fixed in 2012.2.2
See ReleaseNotes/2012.2.2
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Nova
|
December 11, 2012
|
2012-020
|
2012-5625
|
create_lvm_image allocates dirty blocks
|
|
Fixed in 2012.2.1
See ReleaseNotes/2012.2.1
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Keystone
|
November 28, 2012
|
2012-019
|
2012-5563
|
Extension of token validity through token chaining
|
|
Keystone
|
November 28, 2012
|
2012-018
|
2012-5571
|
EC2-style credentials invalidation issue
|
|
Glance
|
November 7, 2012
|
2012-017
|
2012-4573
|
Authentication bypass for image deletion
|
High
|
November 9, 2012
|
2012-017.1
|
2012-5482
|
Fixed in 2012.2
See ReleaseNotes/Folsom
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Keystone
|
September 28, 2012
|
2012-05
|
2012-4456
|
Some actions in Keystone admin API do not validate token
|
High
|
2012-4456
|