Jump to: navigation, search

Difference between revisions of "SecurityAdvisories/Folsom"

(Folsom Security Advisories)
 
Line 1: Line 1:
  
 
= Folsom Security Advisories =
 
= Folsom Security Advisories =
 
{| border="1" cellpadding="2" cellspacing="0"
 
| Product
 
| Date
 
| Openstack Security Advisory
 
| CVE Number
 
| Title
 
| Impact
 
|}
 
  
 
== Fixed in 2012.2.4 ==
 
== Fixed in 2012.2.4 ==

Latest revision as of 17:22, 10 May 2013

Folsom Security Advisories

Fixed in 2012.2.4

See ReleaseNotes/2012.2.4

Product Date Openstack Security Advisory CVE Number Title Impact
Keystone February 5, 2013 2013-003 2013-0247 Keystone denial of service through invalid token requests
Nova, Cinder, Keystone February 19, 2013 2013-004 2013-1664, 2013-1665 Information leak and Denial of Service using XML entities
Keystone February 19, 2013 2013-005 2013-0282 Keystone EC2-style authentication accepts disabled user/tenants
Nova February 26, 2013 2013-006 2013-0335 VNC proxy can connect to the wrong VM
Glance March 14, 2013 2013-007 2013-1840 Backend credentials leak in Glance v1 API
Nova March 14, 2013 2013-008 2013-1838 Nova DoS by allocating all Fixed IPs
Keystone March 20, 2013 2013-009 2013-1865 Keystone PKI tokens online validation bypasses revocation check

Fixed in 2012.2.3

See ReleaseNotes/2012.2.3

Product Date Openstack Security Advisory CVE Number Title Impact
Nova January 29, 2013 2013-001 2013-0208 Boot from volume allows access to random volumes
Glance January 29, 2013 2013-002 2013-0212 Backend password leak in Glance error message

Fixed in 2012.2.2

See ReleaseNotes/2012.2.2

Product Date Openstack Security Advisory CVE Number Title Impact
Nova December 11, 2012 2012-020 2012-5625 create_lvm_image allocates dirty blocks

Fixed in 2012.2.1

See ReleaseNotes/2012.2.1

Product Date Openstack Security Advisory CVE Number Title Impact
Keystone November 28, 2012 2012-019 2012-5563 Extension of token validity through token chaining
Keystone November 28, 2012 2012-018 2012-5571 EC2-style credentials invalidation issue
Glance November 7, 2012 2012-017 2012-4573 Authentication bypass for image deletion High
November 9, 2012 2012-017.1 2012-5482

Fixed in 2012.2

See ReleaseNotes/Folsom

Product Date Openstack Security Advisory CVE Number Title Impact
Keystone September 28, 2012 2012-05 2012-4456 Some actions in Keystone admin API do not validate token High
2012-4456