Difference between revisions of "SecurityAdvisories/Havana"
(→Fixed in 2013.2.1) |
(→Havana Security Advisories) |
||
| Line 1: | Line 1: | ||
= Havana Security Advisories = | = Havana Security Advisories = | ||
| + | == Fixed in 2013.2.3 == | ||
| + | |||
| + | See [[ReleaseNotes/2013.2.3]] | ||
| + | |||
| + | {| border="1" cellpadding="2" cellspacing="0" | ||
| + | | Product | ||
| + | | Date | ||
| + | | Openstack Security Advisory | ||
| + | | CVE Number | ||
| + | | Title | ||
| + | | Impact | ||
| + | |- | ||
| + | | Nova | ||
| + | | March 27, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000213.html 2014-009] | ||
| + | | [https://bugs.launchpad.net/nova/+bug/1221190 2014-0134] | ||
| + | | Nova host data leak to vm instance in rescue mode | ||
| + | | | ||
| + | |- | ||
| + | | Neutron | ||
| + | | March 27, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000212.html 2014-008] | ||
| + | | [https://bugs.launchpad.net/neutron/+bug/1243327 2014-0056] | ||
| + | | Routers can be cross plugged by other tenants | ||
| + | | | ||
| + | |- | ||
| + | | Keystone | ||
| + | | March 27, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-March/000204.html 2014-006] | ||
| + | | [https://bugs.launchpad.net/keystone/+bug/1260080 2014-2237] | ||
| + | | Trustee token revocation does not work with memcache backend | ||
| + | | | ||
| + | |} | ||
| + | |||
| + | |||
| + | |||
| + | |||
== Fixed in 2013.2.2 == | == Fixed in 2013.2.2 == | ||
Latest revision as of 20:04, 3 April 2014
Contents
Havana Security Advisories
Fixed in 2013.2.3
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | March 27, 2014 | 2014-009 | 2014-0134 | Nova host data leak to vm instance in rescue mode | |
| Neutron | March 27, 2014 | 2014-008 | 2014-0056 | Routers can be cross plugged by other tenants | |
| Keystone | March 27, 2014 | 2014-006 | 2014-2237 | Trustee token revocation does not work with memcache backend |
Fixed in 2013.2.2
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | December 18, 2013 | 2013-037 | 2013-6437 | Nova compute DoS through ephemeral disk backing files | |
| Nova | January 13, 2013 | 2014-001 | 2013-7048 | Nova live snapshots use an insecure local directory | |
| Nova | January 23, 2014 | 2014-003 | 2013-7130 | Live migration can leak root disk into ephemeral storage | |
| Glance | February 12, 2014 | 2014-004 | 2014-1948 | Glance Swift store backend password leak |
Fixed in 2013.2.1
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Nova | October 31, 2013 | 2013-029 | 2013-4463 2013-4469 | Potential Nova denial of service through compressed disk images | |
| Nova | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
| Keystone | October 30, 2013 | 2013-028 | 2013-4477 | Unintentional role granting with Keystone LDAP backend | |
| Keystone | December 11, 2013 | 2013-032 | 2013-6391 | Keystone trust circumvention through EC2-style tokens | |
| Neutron | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
| Horizon | December 11, 2013 | 2013-036 | 2013-6458 | Insufficient sanitization of Instance Name in Horizon | |
| Heat | December 11, 2013 | 2013-034 | 2013-6426 | Heat CFN policy rules not all enforced | |
| Heat | December 11, 2013 | 2013-035 | 2013-6428 | Heat ReST API doesn't respect tenant scoping | |
| Ceilometer | November 25, 2013 | 2013-031 | 2013-6384 | Ceilometer DB2/MongoDB backend password leak |
