Difference between revisions of "SecurityAdvisories/Icehouse"
Line 71: | Line 71: | ||
| September 16, 2014 | | September 16, 2014 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html 2014-029] | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html 2014-029] | ||
− | | [https://launchpad.net/bugs/1354208 | + | | [https://launchpad.net/bugs/1354208 2014-3621] |
| Configuration option leak through Keystone catalog | | Configuration option leak through Keystone catalog | ||
| | | | ||
Line 78: | Line 78: | ||
| September 29, 2014 | | September 29, 2014 | ||
| [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html 2014-031] | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html 2014-031] | ||
− | | [https://launchpad.net/bugs/1357379 | + | | [https://launchpad.net/bugs/1357379 2014-6414] |
| Admin-only network attributes may be reset to defaults by non-privileged users | | Admin-only network attributes may be reset to defaults by non-privileged users | ||
| | | |
Latest revision as of 00:08, 3 October 2014
Icehouse Security Advisories
Fixed in 2014.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Neutron | April 22, 2014 | 2014-014 | 2014-0187 | Neutron security groups bypass through invalid CIDR | |
Keystone | May 21, 2014 | 2014-015 | 2014-0204 | Keystone user and group id mismatch | |
Heat | May 23, 2014 | 2014-016 | 2014-3801 | Heat template URL information leakage | |
Nova | May 29, 2014 | 2014-017 | 2014-2573 | Nova VMWare driver leaks rescued images |
Fixed in 2014.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Horizon | August 19, 2014 | 2014-027 | 2014-3594 | Persistent XSS in Horizon Host Aggregates interface | |
Glance | August 21, 2014 | 2014-028 | 2014-5356 | Glance store DoS through disk space exhaustion | |
Keystone | September 16, 2014 | 2014-029 | 2014-3621 | Configuration option leak through Keystone catalog | |
Neutron | September 29, 2014 | 2014-031 | 2014-6414 | Admin-only network attributes may be reset to defaults by non-privileged users | |
Nova | October 2, 2014 | 2014-032 | 2014-3608 | Nova VMware driver still leaks rescued images | |
Cinder | October 2, 2014 | 2014-033 | 2014-3641 | Cinder-volume host data leak to vm instance |