Difference between revisions of "SecurityAdvisories/Icehouse"
(Created page with " = Icehouse Security Advisories = == Fixed in 2014.1.1 == See ReleaseNotes/2014.1.1 {| border="1" cellpadding="2" cellspacing="0" | Product | Date | Openstack Security A...") |
|||
| Line 39: | Line 39: | ||
| [https://launchpad.net/bugs/1269418 2014-2573] | | [https://launchpad.net/bugs/1269418 2014-2573] | ||
| Nova VMWare driver leaks rescued images | | Nova VMWare driver leaks rescued images | ||
| + | | | ||
| + | |} | ||
| + | |||
| + | == Fixed in 2014.1.3 == | ||
| + | |||
| + | See [[ReleaseNotes/2014.1.3]] | ||
| + | |||
| + | {| border="1" cellpadding="2" cellspacing="0" | ||
| + | | Product | ||
| + | | Date | ||
| + | | Openstack Security Advisory | ||
| + | | CVE Number | ||
| + | | Title | ||
| + | | Impact | ||
| + | |- | ||
| + | | Horizon | ||
| + | | August 19, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-August/000266.html 2014-027] | ||
| + | | [https://launchpad.net/bugs/1349491 2014-3594] | ||
| + | | Persistent XSS in Horizon Host Aggregates interface | ||
| + | | | ||
| + | |- | ||
| + | | Glance | ||
| + | | August 21, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-August/000267.html 2014-028] | ||
| + | | [https://launchpad.net/bugs/1315321 2014-5356] | ||
| + | | Glance store DoS through disk space exhaustion | ||
| + | | | ||
| + | |- | ||
| + | | Keystone | ||
| + | | September 16, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html 2014-029] | ||
| + | | [https://launchpad.net/bugs/1354208 CVE-2014-3621] | ||
| + | | Configuration option leak through Keystone catalog | ||
| + | | | ||
| + | |- | ||
| + | | Neutron | ||
| + | | September 29, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html 2014-031] | ||
| + | | [https://launchpad.net/bugs/1357379 CVE-2014-6414] | ||
| + | | Admin-only network attributes may be reset to defaults by non-privileged users | ||
| + | | | ||
| + | |- | ||
| + | | Nova | ||
| + | | October 2, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-October/000287.html 2014-032] | ||
| + | | [https://launchpad.net/bugs/1338830 2014-3608] | ||
| + | | Nova VMware driver still leaks rescued images | ||
| + | | | ||
| + | |- | ||
| + | | Cinder | ||
| + | | October 2, 2014 | ||
| + | | [http://lists.openstack.org/pipermail/openstack-announce/2014-October/000288.html 2014-033] | ||
| + | | [https://launchpad.net/bugs/1350504 2014-3641] | ||
| + | | Cinder-volume host data leak to vm instance | ||
| | | | ||
|} | |} | ||
Revision as of 00:08, 3 October 2014
Icehouse Security Advisories
Fixed in 2014.1.1
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Neutron | April 22, 2014 | 2014-014 | 2014-0187 | Neutron security groups bypass through invalid CIDR | |
| Keystone | May 21, 2014 | 2014-015 | 2014-0204 | Keystone user and group id mismatch | |
| Heat | May 23, 2014 | 2014-016 | 2014-3801 | Heat template URL information leakage | |
| Nova | May 29, 2014 | 2014-017 | 2014-2573 | Nova VMWare driver leaks rescued images |
Fixed in 2014.1.3
| Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
| Horizon | August 19, 2014 | 2014-027 | 2014-3594 | Persistent XSS in Horizon Host Aggregates interface | |
| Glance | August 21, 2014 | 2014-028 | 2014-5356 | Glance store DoS through disk space exhaustion | |
| Keystone | September 16, 2014 | 2014-029 | CVE-2014-3621 | Configuration option leak through Keystone catalog | |
| Neutron | September 29, 2014 | 2014-031 | CVE-2014-6414 | Admin-only network attributes may be reset to defaults by non-privileged users | |
| Nova | October 2, 2014 | 2014-032 | 2014-3608 | Nova VMware driver still leaks rescued images | |
| Cinder | October 2, 2014 | 2014-033 | 2014-3641 | Cinder-volume host data leak to vm instance |
