Folsom Security Advisories

Product

Date

Openstack Security Advisory

CVE Number

Title

Impact

Fixed in 2012.2.4

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	February 5, 2013	2013-003	2013-0247	Keystone denial of service through invalid token requests
Nova, Cinder, Keystone	February 19, 2013	2013-004	2013-1664, 2013-1665	Information leak and Denial of Service using XML entities
Keystone	February 19, 2013	2013-005	2013-0282	Keystone EC2-style authentication accepts disabled user/tenants
Nova	February 26, 2013	2013-006	2013-0335	VNC proxy can connect to the wrong VM
Glance	March 14, 2013	2013-007	2013-1840	Backend credentials leak in Glance v1 API
Nova	March 14, 2013	2013-008	2013-1838	Nova DoS by allocating all Fixed IPs
Keystone	March 20, 2013	2013-009	2013-1865	Keystone PKI tokens online validation bypasses revocation check

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	January 29, 2013	2013-001	2013-0208	Boot from volume allows access to random volumes
Glance	January 29, 2013	2013-002	2013-0212	Backend password leak in Glance error message

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	December 11, 2012	2012-020	2012-5625	create_lvm_image allocates dirty blocks

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	November 28, 2012	2012-019	2012-5563	Extension of token validity through token chaining
Keystone	November 28, 2012	2012-018	2012-5571	EC2-style credentials invalidation issue
Glance	November 7, 2012	2012-017	2012-4573	Authentication bypass for image deletion	High
Glance	November 9, 2012	2012-017.1	2012-5482	Authentication bypass for image deletion	High

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	September 28, 2012	2012-05	2012-4456	Some actions in Keystone admin API do not validate token	High
			2012-4456