Difference between revisions of "SecurityAdvisories/Havana"
(→Fixed in 2013.2.1) |
(→Havana Security Advisories) |
||
Line 1: | Line 1: | ||
= Havana Security Advisories = | = Havana Security Advisories = | ||
+ | == Fixed in 2013.2.3 == | ||
+ | |||
+ | See [[ReleaseNotes/2013.2.3]] | ||
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Date | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Nova | ||
+ | | March 27, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000213.html 2014-009] | ||
+ | | [https://bugs.launchpad.net/nova/+bug/1221190 2014-0134] | ||
+ | | Nova host data leak to vm instance in rescue mode | ||
+ | | | ||
+ | |- | ||
+ | | Neutron | ||
+ | | March 27, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html 2014-008] | ||
+ | | [https://bugs.launchpad.net/neutron/+bug/1243327 2014-0056] | ||
+ | | Routers can be cross plugged by other tenants | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | March 27, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000204.html 2014-006] | ||
+ | | [https://bugs.launchpad.net/keystone/+bug/1260080 2014-2237] | ||
+ | | Trustee token revocation does not work with memcache backend | ||
+ | | | ||
+ | |} | ||
+ | |||
+ | |||
+ | |||
+ | |||
== Fixed in 2013.2.2 == | == Fixed in 2013.2.2 == | ||
Latest revision as of 20:04, 3 April 2014
Contents
Havana Security Advisories
Fixed in 2013.2.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | March 27, 2014 | 2014-009 | 2014-0134 | Nova host data leak to vm instance in rescue mode | |
Neutron | March 27, 2014 | 2014-008 | 2014-0056 | Routers can be cross plugged by other tenants | |
Keystone | March 27, 2014 | 2014-006 | 2014-2237 | Trustee token revocation does not work with memcache backend |
Fixed in 2013.2.2
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | December 18, 2013 | 2013-037 | 2013-6437 | Nova compute DoS through ephemeral disk backing files | |
Nova | January 13, 2013 | 2014-001 | 2013-7048 | Nova live snapshots use an insecure local directory | |
Nova | January 23, 2014 | 2014-003 | 2013-7130 | Live migration can leak root disk into ephemeral storage | |
Glance | February 12, 2014 | 2014-004 | 2014-1948 | Glance Swift store backend password leak |
Fixed in 2013.2.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | October 31, 2013 | 2013-029 | 2013-4463 2013-4469 | Potential Nova denial of service through compressed disk images | |
Nova | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Keystone | October 30, 2013 | 2013-028 | 2013-4477 | Unintentional role granting with Keystone LDAP backend | |
Keystone | December 11, 2013 | 2013-032 | 2013-6391 | Keystone trust circumvention through EC2-style tokens | |
Neutron | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Horizon | December 11, 2013 | 2013-036 | 2013-6458 | Insufficient sanitization of Instance Name in Horizon | |
Heat | December 11, 2013 | 2013-034 | 2013-6426 | Heat CFN policy rules not all enforced | |
Heat | December 11, 2013 | 2013-035 | 2013-6428 | Heat ReST API doesn't respect tenant scoping | |
Ceilometer | November 25, 2013 | 2013-031 | 2013-6384 | Ceilometer DB2/MongoDB backend password leak |