SecurityAdvisories/Havana
< SecurityAdvisories
Revision as of 20:04, 3 April 2014 by Adam Gandelman (talk | contribs) (→Havana Security Advisories)
Contents
Havana Security Advisories
Fixed in 2013.2.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | March 27, 2014 | 2014-009 | 2014-0134 | Nova host data leak to vm instance in rescue mode | |
Neutron | March 27, 2014 | 2014-008 | 2014-0056 | Routers can be cross plugged by other tenants | |
Keystone | March 27, 2014 | 2014-006 | 2014-2237 | Trustee token revocation does not work with memcache backend |
Fixed in 2013.2.2
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | December 18, 2013 | 2013-037 | 2013-6437 | Nova compute DoS through ephemeral disk backing files | |
Nova | January 13, 2013 | 2014-001 | 2013-7048 | Nova live snapshots use an insecure local directory | |
Nova | January 23, 2014 | 2014-003 | 2013-7130 | Live migration can leak root disk into ephemeral storage | |
Glance | February 12, 2014 | 2014-004 | 2014-1948 | Glance Swift store backend password leak |
Fixed in 2013.2.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | October 31, 2013 | 2013-029 | 2013-4463 2013-4469 | Potential Nova denial of service through compressed disk images | |
Nova | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Keystone | October 30, 2013 | 2013-028 | 2013-4477 | Unintentional role granting with Keystone LDAP backend | |
Keystone | December 11, 2013 | 2013-032 | 2013-6391 | Keystone trust circumvention through EC2-style tokens | |
Neutron | December 11, 2013 | 2013-033 | 2013-6419 | Metadata queries from Neutron to Nova are not restricted by tenant | |
Horizon | December 11, 2013 | 2013-036 | 2013-6458 | Insufficient sanitization of Instance Name in Horizon | |
Heat | December 11, 2013 | 2013-034 | 2013-6426 | Heat CFN policy rules not all enforced | |
Heat | December 11, 2013 | 2013-035 | 2013-6428 | Heat ReST API doesn't respect tenant scoping | |
Ceilometer | November 25, 2013 | 2013-031 | 2013-6384 | Ceilometer DB2/MongoDB backend password leak |