Havana Security Advisories
Fixed in 2013.2.2
See ReleaseNotes/2013.2.2
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Nova
|
December 18, 2013
|
2013-037
|
2013-6437
|
Nova compute DoS through ephemeral disk backing files
|
|
Nova
|
January 13, 2013
|
2014-001
|
2013-7048
|
Nova live snapshots use an insecure local directory
|
|
Nova
|
January 23, 2014
|
2014-003
|
2013-7130
|
Live migration can leak root disk into ephemeral storage
|
|
Glance
|
February 12, 2014
|
2014-004
|
2014-1948
|
Glance Swift store backend password leak
|
|
Fixed in 2013.2.1
See ReleaseNotes/2013.2.1
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Nova
|
October 31, 2013
|
2013-029
|
2013-4463 2013-4469
|
Potential Nova denial of service through compressed disk images
|
|
Nova
|
December 11, 2013
|
2013-033
|
2013-6419
|
Metadata queries from Neutron to Nova are not restricted by tenant
|
|
Keystone
|
October 30, 2013
|
2013-028
|
2013-4477
|
Unintentional role granting with Keystone LDAP backend
|
|
Keystone
|
December 11, 2013
|
2013-032
|
2013-6391
|
Keystone trust circumvention through EC2-style tokens
|
|
Neutron
|
December 11, 2013
|
2013-033
|
2013-6419
|
Metadata queries from Neutron to Nova are not restricted by tenant
|
|
Horizon
|
December 11, 2013
|
2013-036
|
2013-6458
|
Insufficient sanitization of Instance Name in Horizon
|
|
Heat
|
December 11, 2013
|
2013-034
|
2013-6426
|
Heat CFN policy rules not all enforced
|
|
Heat
|
December 11, 2013
|
2013-035
|
2013-6428
|
Heat ReST API doesn't respect tenant scoping
|
|
Ceilometer
|
November 25, 2013
|
2013-031
|
2013-6384
|
Ceilometer DB2/MongoDB backend password leak
|
|