Revision as of 13:00, 21 February 2014

Grizzly Security Advisories

Fixed in 2013.1.4

See ReleaseNotes/2013.1.4

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	September 11, 2013	2013-025	2013-4294	PKI tokens are never revoked using memcache token backend
Nova	September 12, 2013	2013-026	2013-4261	Some sequence of characters in console-log can DoS nova-compute
Nova	August 28, 2013	2013-024	2013-4278	Resource limit circumvention in Nova private flavors
Glance	October 22, 2013	2013-027	2013-4428	'image_download' role in v2 causes traceback

Fixed in 2013.1.3

See ReleaseNotes/2013.1.3

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	August 6, 2013	2013-019	2013-2256	Resource limit circumvention in Nova private flavors
Nova	August 6, 2013	2013-020	2013-4185	Denial of Service in Nova network source security groups
Nova	August 8, 2013	2013-023	CVE 2013-4179	Denial of Service using XML entities in Nova extensions
Cinder	August 7, 2013	2013-021	2013-4183	Cinder LVM volume driver does not support secure deletion
Cinder	August 8, 2013	2013-023	2013-4202	Denial of Service using XML entities in Cinder extensions
Keystone	June 13, 2013	2013-015	2013-2157	Authentication bypass when using LDAP backend

Fixed in 2013.1.2

See ReleaseNotes/2013.1.2

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Nova	May 16, 2013	2013-012	CVE 2013-2096	Nova fails to verify image virtual size

Fixed in 2013.1.1

See ReleaseNotes/2013.1.1

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Keystone	May 9, 2013	2013-011	2013-2059	Keystone tokens not immediately invalidated when user is deleted
Nova	May 9, 2013	2013-010	2013-2030	Nova uses insecure keystone middleware tmpdir by default

@@ Line 35: / Line 35: @@
 |-
 | Glance
-| October 04, 2013
+| October 22, 2013
-| OSSA Pending
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-October/000155.html 2013-027]
 | [https://bugs.launchpad.net/glance/+bug/1235378 2013-4428]
 | 'image_download' role in v2 causes traceback
 |
+|}
+== Fixed in 2013.1.3 ==
+See [[ReleaseNotes/2013.1.3]]
+{| border="1" cellpadding="2" cellspacing="0"
+| Product
+| Date
+| Openstack Security Advisory
+| CVE Number
+| Title
+| Impact
+|-
+| Nova
+| August 6, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000126.html 2013-019]
+| [https://bugs.launchpad.net/nova/+bug/1194093 2013-2256]
+|  Resource limit circumvention in Nova private flavors
+|
+|-
+| Nova
+| August 6, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000127.html 2013-020]
+| [https://bugs.launchpad.net/nova/+bug/1184041 2013-4185]
+|  Denial of Service in Nova network source security groups
+|
+|-
+| Nova
+| August 8, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023]
+| [https://bugs.launchpad.net/nova/+bug/1190229 CVE 2013-4179]
+|  Denial of Service using XML entities in Nova extensions
+|
+|-
+| Cinder
+| August 7, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000130.html 2013-021]
+| [https://bugs.launchpad.net/cinder/+bug/1198185 2013-4183]
+|  Cinder LVM volume driver does not support secure deletion
+|
+|-
+| Cinder
+| August 8, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-August/000133.html 2013-023]
+| [https://bugs.launchpad.net/cinder/+bug/1190229 2013-4202]
+|  Denial of Service using XML entities in Cinder extensions
+|
+|-
+| Keystone
+| June 13, 2013
+| [http://lists.openstack.org/pipermail/openstack-announce/2013-June/000111.html 2013-015]
+| [https://bugs.launchpad.net/keystone/+bug/1187305 2013-2157]
+|  Authentication bypass when using LDAP backend
+|
 |}

Difference between revisions of "SecurityAdvisories/Grizzly"

Revision as of 13:00, 21 February 2014

Contents

Grizzly Security Advisories

Fixed in 2013.1.4

Fixed in 2013.1.3

Fixed in 2013.1.2

Fixed in 2013.1.1