Difference between revisions of "SecurityAdvisories/Grizzly"
(→Grizzly Security Advisories) |
(→Grizzly Security Advisories) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Grizzly Security Advisories = | = Grizzly Security Advisories = | ||
+ | |||
+ | == Fixed in 2013.1.5 == | ||
+ | |||
+ | See [[ReleaseNotes/2013.1.5]] | ||
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Date | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Nova | ||
+ | | October 31, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000159.html 2013-029] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1206081 2013-4463 2013-4469] | ||
+ | | Potential Nova denial of service through compressed disk images | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | November 14, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-November/000161.html 2013-030] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1073306 2013-4497] | ||
+ | | XenAPI security groups not kept through migrate or resize | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | December 11, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html 2013-033] | ||
+ | | [https://launchpad.net/bugs/1235450 2013-6419] | ||
+ | | Metadata queries from Neutron to Nova are not restricted by tenant | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | December 18, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html 2013-037] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1253980 2013-6437] | ||
+ | | Nova compute DoS through ephemeral disk backing files | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | January 13, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-January/000184.html 2014-001] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1227027 2013-7048] | ||
+ | | Nova live snapshots use an insecure local directory | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | January 23, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-January/000188.html 2014-003] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1251590 2013-7130] | ||
+ | | Live migration can leak root disk into ephemeral storage | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | October 30, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000158.html 2013-028] | ||
+ | | [https://bugs.launchpad.net/keystone/+bug/1242855 2013-4477] | ||
+ | | Unintentional role granting with Keystone LDAP backend | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | December 11, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000168.html 2013-032] | ||
+ | | [https://launchpad.net/bugs/1242597 2013-6391] | ||
+ | | Keystone trust circumvention through EC2-style tokens | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | March 04, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000204.html 2014-006] | ||
+ | | [https://bugs.launchpad.net/keystone/+bug/1260080 2014-2237] | ||
+ | | Trustee token revocation does not work with memcache backend | ||
+ | | | ||
+ | |- | ||
+ | | Networking | ||
+ | | December 11, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000169.html 2013-033] | ||
+ | | [https://launchpad.net/bugs/1235450 2013-6419] | ||
+ | | Metadata queries from Neutron to Nova are not restricted by tenant | ||
+ | | | ||
+ | |- | ||
+ | | Horizon | ||
+ | | December 11, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-December/000173.html 2013-036] | ||
+ | | [https://launchpad.net/bugs/1247675 2013-6458] | ||
+ | | Insufficient sanitization of Instance Name in Horizon | ||
+ | | | ||
+ | |} | ||
+ | |||
== Fixed in 2013.1.4 == | == Fixed in 2013.1.4 == | ||
Line 35: | Line 126: | ||
|- | |- | ||
| Glance | | Glance | ||
− | | October | + | | October 22, 2013 |
− | | | + | | [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000155.html 2013-027] |
| [https://bugs.launchpad.net/glance/+bug/1235378 2013-4428] | | [https://bugs.launchpad.net/glance/+bug/1235378 2013-4428] | ||
| 'image_download' role in v2 causes traceback | | 'image_download' role in v2 causes traceback | ||
| | | | ||
+ | |} | ||
+ | |||
+ | == Fixed in 2013.1.3 == | ||
+ | |||
+ | See [[ReleaseNotes/2013.1.3]] | ||
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Date | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Nova | ||
+ | | August 6, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000126.html 2013-019] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1194093 2013-2256] | ||
+ | | Resource limit circumvention in Nova private flavors | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | August 6, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000127.html 2013-020] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1184041 2013-4185] | ||
+ | | Denial of Service in Nova network source security groups | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | August 8, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1190229 2013-4179] | ||
+ | | Denial of Service using XML entities in Nova extensions | ||
+ | | | ||
+ | |- | ||
+ | | Cinder | ||
+ | | August 7, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000130.html 2013-021] | ||
+ | | [https://bugs.launchpad.net/cinder/+bug/1198185 2013-4183] | ||
+ | | Cinder LVM volume driver does not support secure deletion | ||
+ | | | ||
+ | |- | ||
+ | | Cinder | ||
+ | | August 8, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023] | ||
+ | | [https://bugs.launchpad.net/cinder/+bug/1190229 2013-4202] | ||
+ | | Denial of Service using XML entities in Cinder extensions | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | June 13, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-June/000111.html 2013-015] | ||
+ | | [https://bugs.launchpad.net/keystone/+bug/1187305 2013-2157] | ||
+ | | Authentication bypass when using LDAP backend | ||
+ | | | ||
|} | |} | ||
Line 57: | Line 203: | ||
| May 16, 2013 | | May 16, 2013 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html 2013-012] | | [http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html 2013-012] | ||
− | | [https://bugs.launchpad.net/nova/+bug/1177830 | + | | [https://bugs.launchpad.net/nova/+bug/1177830 2013-2096] |
| Nova fails to verify image virtual size | | Nova fails to verify image virtual size | ||
| | | |
Latest revision as of 18:42, 26 March 2014
Contents
Grizzly Security Advisories
Fixed in 2013.1.5
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | October 31, 2013 | 2013-029 | 2013-4463 2013-4469 | Potential Nova denial of service through compressed disk images | |
Nova | November 14, 2013 | 2013-030 | 2013-4497 | XenAPI security groups not kept through migrate or resize | |
Nova | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Nova | December 18, 2013 | 2013-037 | 2013-6437 | Nova compute DoS through ephemeral disk backing files | |
Nova | January 13, 2013 | 2014-001 | 2013-7048 | Nova live snapshots use an insecure local directory | |
Nova | January 23, 2014 | 2014-003 | 2013-7130 | Live migration can leak root disk into ephemeral storage | |
Keystone | October 30, 2013 | 2013-028 | 2013-4477 | Unintentional role granting with Keystone LDAP backend | |
Keystone | December 11, 2013 | 2013-032 | 2013-6391 | Keystone trust circumvention through EC2-style tokens | |
Keystone | March 04, 2014 | 2014-006 | 2014-2237 | Trustee token revocation does not work with memcache backend | |
Networking | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Horizon | December 11, 2013 | 2013-036 | 2013-6458 | Insufficient sanitization of Instance Name in Horizon |
Fixed in 2013.1.4
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | September 11, 2013 | 2013-025 | 2013-4294 | PKI tokens are never revoked using memcache token backend | |
Nova | September 12, 2013 | 2013-026 | 2013-4261 | Some sequence of characters in console-log can DoS nova-compute | |
Nova | August 28, 2013 | 2013-024 | 2013-4278 | Resource limit circumvention in Nova private flavors | |
Glance | October 22, 2013 | 2013-027 | 2013-4428 | 'image_download' role in v2 causes traceback |
Fixed in 2013.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | August 6, 2013 | 2013-019 | 2013-2256 | Resource limit circumvention in Nova private flavors | |
Nova | August 6, 2013 | 2013-020 | 2013-4185 | Denial of Service in Nova network source security groups | |
Nova | August 8, 2013 | 2013-023 | 2013-4179 | Denial of Service using XML entities in Nova extensions | |
Cinder | August 7, 2013 | 2013-021 | 2013-4183 | Cinder LVM volume driver does not support secure deletion | |
Cinder | August 8, 2013 | 2013-023 | 2013-4202 | Denial of Service using XML entities in Cinder extensions | |
Keystone | June 13, 2013 | 2013-015 | 2013-2157 | Authentication bypass when using LDAP backend |
Fixed in 2013.1.2
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | May 16, 2013 | 2013-012 | 2013-2096 | Nova fails to verify image virtual size |
Fixed in 2013.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | May 9, 2013 | 2013-011 | 2013-2059 | Keystone tokens not immediately invalidated when user is deleted | |
Nova | May 9, 2013 | 2013-010 | 2013-2030 | Nova uses insecure keystone middleware tmpdir by default |