Latest revision as of 00:08, 3 October 2014

Icehouse Security Advisories

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Neutron	April 22, 2014	2014-014	2014-0187	Neutron security groups bypass through invalid CIDR
Keystone	May 21, 2014	2014-015	2014-0204	Keystone user and group id mismatch
Heat	May 23, 2014	2014-016	2014-3801	Heat template URL information leakage
Nova	May 29, 2014	2014-017	2014-2573	Nova VMWare driver leaks rescued images

Product	Date	Openstack Security Advisory	CVE Number	Title	Impact
Horizon	August 19, 2014	2014-027	2014-3594	Persistent XSS in Horizon Host Aggregates interface
Glance	August 21, 2014	2014-028	2014-5356	Glance store DoS through disk space exhaustion
Keystone	September 16, 2014	2014-029	2014-3621	Configuration option leak through Keystone catalog
Neutron	September 29, 2014	2014-031	2014-6414	Admin-only network attributes may be reset to defaults by non-privileged users
Nova	October 2, 2014	2014-032	2014-3608	Nova VMware driver still leaks rescued images
Cinder	October 2, 2014	2014-033	2014-3641	Cinder-volume host data leak to vm instance

@@ Line 71: / Line 71: @@
 | September 16, 2014
 | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000275.html 2014-029]
-| [https://launchpad.net/bugs/1354208 CVE-2014-3621]
+| [https://launchpad.net/bugs/1354208 2014-3621]
 | Configuration option leak through Keystone catalog
 |
@@ Line 78: / Line 78: @@
 | September 29, 2014
 | [http://lists.openstack.org/pipermail/openstack-announce/2014-September/000285.html 2014-031]
-| [https://launchpad.net/bugs/1357379 CVE-2014-6414]
+| [https://launchpad.net/bugs/1357379 2014-6414]
 | Admin-only network attributes may be reset to defaults by non-privileged users
 |