Grizzly Security Advisories
Fixed in 2013.1.4
See ReleaseNotes/2013.1.4
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Keystone
|
September 11, 2013
|
2013-025
|
2013-4294
|
PKI tokens are never revoked using memcache token backend
|
|
| Nova
|
September 12, 2013
|
2013-026
|
2013-4261
|
Some sequence of characters in console-log can DoS nova-compute
|
|
| Nova
|
August 28, 2013
|
2013-024
|
2013-4278
|
Resource limit circumvention in Nova private flavors
|
|
| Glance
|
October 22, 2013
|
2013-027
|
2013-4428
|
'image_download' role in v2 causes traceback
|
|
Fixed in 2013.1.3
See ReleaseNotes/2013.1.3
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Nova
|
August 6, 2013
|
2013-019
|
2013-2256
|
Resource limit circumvention in Nova private flavors
|
|
| Nova
|
August 6, 2013
|
2013-020
|
2013-4185
|
Denial of Service in Nova network source security groups
|
|
| Nova
|
August 8, 2013
|
2013-023
|
CVE 2013-4179
|
Denial of Service using XML entities in Nova extensions
|
|
| Cinder
|
August 7, 2013
|
2013-021
|
2013-4183
|
Cinder LVM volume driver does not support secure deletion
|
|
| Cinder
|
August 8, 2013
|
2013-023
|
2013-4202
|
Denial of Service using XML entities in Cinder extensions
|
|
| Keystone
|
June 13, 2013
|
2013-015
|
2013-2157
|
Authentication bypass when using LDAP backend
|
|
Fixed in 2013.1.2
See ReleaseNotes/2013.1.2
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Nova
|
May 16, 2013
|
2013-012
|
CVE 2013-2096
|
Nova fails to verify image virtual size
|
|
Fixed in 2013.1.1
See ReleaseNotes/2013.1.1
| Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
| Keystone
|
May 9, 2013
|
2013-011
|
2013-2059
|
Keystone tokens not immediately invalidated when user is deleted
|
|
| Nova
|
May 9, 2013
|
2013-010
|
2013-2030
|
Nova uses insecure keystone middleware tmpdir by default
|
|
