Difference between revisions of "SecurityAdvisories/Icehouse"
(Created page with " = Icehouse Security Advisories = == Fixed in 2014.1.1 == See ReleaseNotes/2014.1.1 {| border="1" cellpadding="2" cellspacing="0" | Product | Date | Openstack Security A...") |
|||
Line 39: | Line 39: | ||
| [https://launchpad.net/bugs/1269418 2014-2573] | | [https://launchpad.net/bugs/1269418 2014-2573] | ||
| Nova VMWare driver leaks rescued images | | Nova VMWare driver leaks rescued images | ||
+ | | | ||
+ | |} | ||
+ | |||
+ | == Fixed in 2014.1.3 == | ||
+ | |||
+ | See [[ReleaseNotes/2014.1.3]] | ||
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Date | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Horizon | ||
+ | | August 19, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-August/000266.html 2014-027] | ||
+ | | [https://launchpad.net/bugs/1349491 2014-3594] | ||
+ | | Persistent XSS in Horizon Host Aggregates interface | ||
+ | | | ||
+ | |- | ||
+ | | Glance | ||
+ | | August 21, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-August/000267.html 2014-028] | ||
+ | | [https://launchpad.net/bugs/1315321 2014-5356] | ||
+ | | Glance store DoS through disk space exhaustion | ||
+ | | | ||
+ | |- | ||
+ | | Keystone | ||
+ | | September 16, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html 2014-029] | ||
+ | | [https://launchpad.net/bugs/1354208 CVE-2014-3621] | ||
+ | | Configuration option leak through Keystone catalog | ||
+ | | | ||
+ | |- | ||
+ | | Neutron | ||
+ | | September 29, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html 2014-031] | ||
+ | | [https://launchpad.net/bugs/1357379 CVE-2014-6414] | ||
+ | | Admin-only network attributes may be reset to defaults by non-privileged users | ||
+ | | | ||
+ | |- | ||
+ | | Nova | ||
+ | | October 2, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-October/000287.html 2014-032] | ||
+ | | [https://launchpad.net/bugs/1338830 2014-3608] | ||
+ | | Nova VMware driver still leaks rescued images | ||
+ | | | ||
+ | |- | ||
+ | | Cinder | ||
+ | | October 2, 2014 | ||
+ | | [http://lists.openstack.org/pipermail/openstack-announce/2014-October/000288.html 2014-033] | ||
+ | | [https://launchpad.net/bugs/1350504 2014-3641] | ||
+ | | Cinder-volume host data leak to vm instance | ||
| | | | ||
|} | |} |
Revision as of 00:08, 3 October 2014
Icehouse Security Advisories
Fixed in 2014.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Neutron | April 22, 2014 | 2014-014 | 2014-0187 | Neutron security groups bypass through invalid CIDR | |
Keystone | May 21, 2014 | 2014-015 | 2014-0204 | Keystone user and group id mismatch | |
Heat | May 23, 2014 | 2014-016 | 2014-3801 | Heat template URL information leakage | |
Nova | May 29, 2014 | 2014-017 | 2014-2573 | Nova VMWare driver leaks rescued images |
Fixed in 2014.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Horizon | August 19, 2014 | 2014-027 | 2014-3594 | Persistent XSS in Horizon Host Aggregates interface | |
Glance | August 21, 2014 | 2014-028 | 2014-5356 | Glance store DoS through disk space exhaustion | |
Keystone | September 16, 2014 | 2014-029 | CVE-2014-3621 | Configuration option leak through Keystone catalog | |
Neutron | September 29, 2014 | 2014-031 | CVE-2014-6414 | Admin-only network attributes may be reset to defaults by non-privileged users | |
Nova | October 2, 2014 | 2014-032 | 2014-3608 | Nova VMware driver still leaks rescued images | |
Cinder | October 2, 2014 | 2014-033 | 2014-3641 | Cinder-volume host data leak to vm instance |