SecurityAdvisories/Icehouse
< SecurityAdvisories
Revision as of 00:08, 3 October 2014 by Adam Gandelman (talk | contribs)
Icehouse Security Advisories
Fixed in 2014.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Neutron | April 22, 2014 | 2014-014 | 2014-0187 | Neutron security groups bypass through invalid CIDR | |
Keystone | May 21, 2014 | 2014-015 | 2014-0204 | Keystone user and group id mismatch | |
Heat | May 23, 2014 | 2014-016 | 2014-3801 | Heat template URL information leakage | |
Nova | May 29, 2014 | 2014-017 | 2014-2573 | Nova VMWare driver leaks rescued images |
Fixed in 2014.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Horizon | August 19, 2014 | 2014-027 | 2014-3594 | Persistent XSS in Horizon Host Aggregates interface | |
Glance | August 21, 2014 | 2014-028 | 2014-5356 | Glance store DoS through disk space exhaustion | |
Keystone | September 16, 2014 | 2014-029 | CVE-2014-3621 | Configuration option leak through Keystone catalog | |
Neutron | September 29, 2014 | 2014-031 | CVE-2014-6414 | Admin-only network attributes may be reset to defaults by non-privileged users | |
Nova | October 2, 2014 | 2014-032 | 2014-3608 | Nova VMware driver still leaks rescued images | |
Cinder | October 2, 2014 | 2014-033 | 2014-3641 | Cinder-volume host data leak to vm instance |