Difference between revisions of "SecurityAdvisories/Grizzly"
Line 1: | Line 1: | ||
= Grizzly Security Advisories = | = Grizzly Security Advisories = | ||
+ | == Fixed in 2013.1.4 == | ||
+ | See [[ReleaseNotes/2013.1.1]] | ||
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Date | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Keystone | ||
+ | | September 11, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000142.html 2013-025] | ||
+ | | [https://bugs.launchpad.net/keystone/+bug/1202952 2013-4294] | ||
+ | | PKI tokens are never revoked using memcache token backend | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | September 12, 2013 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2013-September/000143.html | 2013-026] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1215091 2013-4261] | ||
+ | | Some sequence of characters in console-log can DoS nova-compute | ||
+ | | | ||
+ | |- | ||
+ | | Glance | ||
+ | | September 12, 2013 | ||
+ | | OSSA Pending | ||
+ | | [https://bugs.launchpad.net/glance/+bug/1235378 2013-4428] | ||
+ | | 'image_download' role in v2 causes traceback | ||
+ | | | ||
+ | |} | ||
== Fixed in 2013.1.1 == | == Fixed in 2013.1.1 == | ||
Revision as of 20:17, 17 October 2013
Grizzly Security Advisories
Fixed in 2013.1.4
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | September 11, 2013 | 2013-025 | 2013-4294 | PKI tokens are never revoked using memcache token backend | |
Nova | September 12, 2013 | 2013-026] | 2013-4261 | Some sequence of characters in console-log can DoS nova-compute | |
Glance | September 12, 2013 | OSSA Pending | 2013-4428 | 'image_download' role in v2 causes traceback |
Fixed in 2013.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | May 9, 2013 | 2013-011 | 2013-2059 | Keystone tokens not immediately invalidated when user is deleted | |
Nova | May 9, 2013 | 2013-010 | 2013-2030 | Nova uses insecure keystone middleware tmpdir by default |