Difference between revisions of "SecurityAdvisories/Grizzly"
(→Grizzly Security Advisories) |
(→Grizzly Security Advisories) |
||
Line 71: | Line 71: | ||
| August 8, 2013 | | August 8, 2013 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023] | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023] | ||
− | | [https://bugs.launchpad.net/nova/+bug/1190229 | + | | [https://bugs.launchpad.net/nova/+bug/1190229 2013-4179] |
| Denial of Service using XML entities in Nova extensions | | Denial of Service using XML entities in Nova extensions | ||
| | | | ||
Line 112: | Line 112: | ||
| May 16, 2013 | | May 16, 2013 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html 2013-012] | | [http://lists.openstack.org/pipermail/openstack-announce/2013-May/000102.html 2013-012] | ||
− | | [https://bugs.launchpad.net/nova/+bug/1177830 | + | | [https://bugs.launchpad.net/nova/+bug/1177830 2013-2096] |
| Nova fails to verify image virtual size | | Nova fails to verify image virtual size | ||
| | | |
Revision as of 13:12, 21 February 2014
Contents
Grizzly Security Advisories
Fixed in 2013.1.4
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | September 11, 2013 | 2013-025 | 2013-4294 | PKI tokens are never revoked using memcache token backend | |
Nova | September 12, 2013 | 2013-026 | 2013-4261 | Some sequence of characters in console-log can DoS nova-compute | |
Nova | August 28, 2013 | 2013-024 | 2013-4278 | Resource limit circumvention in Nova private flavors | |
Glance | October 22, 2013 | 2013-027 | 2013-4428 | 'image_download' role in v2 causes traceback |
Fixed in 2013.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | August 6, 2013 | 2013-019 | 2013-2256 | Resource limit circumvention in Nova private flavors | |
Nova | August 6, 2013 | 2013-020 | 2013-4185 | Denial of Service in Nova network source security groups | |
Nova | August 8, 2013 | 2013-023 | 2013-4179 | Denial of Service using XML entities in Nova extensions | |
Cinder | August 7, 2013 | 2013-021 | 2013-4183 | Cinder LVM volume driver does not support secure deletion | |
Cinder | August 8, 2013 | 2013-023 | 2013-4202 | Denial of Service using XML entities in Cinder extensions | |
Keystone | June 13, 2013 | 2013-015 | 2013-2157 | Authentication bypass when using LDAP backend |
Fixed in 2013.1.2
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | May 16, 2013 | 2013-012 | 2013-2096 | Nova fails to verify image virtual size |
Fixed in 2013.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Keystone | May 9, 2013 | 2013-011 | 2013-2059 | Keystone tokens not immediately invalidated when user is deleted | |
Nova | May 9, 2013 | 2013-010 | 2013-2030 | Nova uses insecure keystone middleware tmpdir by default |