Difference between revisions of "SecurityAdvisories/Grizzly"
(→Fixed in 2013.1.4) |
|||
| Line 30: | Line 30: | ||
| August 28, 2013 | | August 28, 2013 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html 2013-024] | | [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html 2013-024] | ||
| − | | [https://bugs.launchpad.net/nova/+bug/1212179 2013-4278] | + | | [https://bugs.launchpad.net/nova/+bug/1212179 2013-4278] |
| − | | | + | | Resource limit circumvention in Nova private flavors |
| | | | ||
|- | |- | ||
Revision as of 21:12, 18 October 2013
Grizzly Security Advisories
Fixed in 2013.1.4
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | September 11, 2013 | 2013-025 | 2013-4294 | PKI tokens are never revoked using memcache token backend | |
| Nova | September 12, 2013 | 2013-026 | 2013-4261 | Some sequence of characters in console-log can DoS nova-compute | |
| Nova | August 28, 2013 | 2013-024 | 2013-4278 | Resource limit circumvention in Nova private flavors | |
| Glance | October 04, 2013 | OSSA Pending | 2013-4428 | 'image_download' role in v2 causes traceback |
Fixed in 2013.1.1
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Keystone | May 9, 2013 | 2013-011 | 2013-2059 | Keystone tokens not immediately invalidated when user is deleted | |
| Nova | May 9, 2013 | 2013-010 | 2013-2030 | Nova uses insecure keystone middleware tmpdir by default |
