Icehouse Security Advisories
Fixed in 2014.1.1
See ReleaseNotes/2014.1.1
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Neutron
|
April 22, 2014
|
2014-014
|
2014-0187
|
Neutron security groups bypass through invalid CIDR
|
|
Keystone
|
May 21, 2014
|
2014-015
|
2014-0204
|
Keystone user and group id mismatch
|
|
Heat
|
May 23, 2014
|
2014-016
|
2014-3801
|
Heat template URL information leakage
|
|
Nova
|
May 29, 2014
|
2014-017
|
2014-2573
|
Nova VMWare driver leaks rescued images
|
|
Fixed in 2014.1.3
See ReleaseNotes/2014.1.3
Product
|
Date
|
Openstack Security Advisory
|
CVE Number
|
Title
|
Impact
|
Horizon
|
August 19, 2014
|
2014-027
|
2014-3594
|
Persistent XSS in Horizon Host Aggregates interface
|
|
Glance
|
August 21, 2014
|
2014-028
|
2014-5356
|
Glance store DoS through disk space exhaustion
|
|
Keystone
|
September 16, 2014
|
2014-029
|
2014-3621
|
Configuration option leak through Keystone catalog
|
|
Neutron
|
September 29, 2014
|
2014-031
|
2014-6414
|
Admin-only network attributes may be reset to defaults by non-privileged users
|
|
Nova
|
October 2, 2014
|
2014-032
|
2014-3608
|
Nova VMware driver still leaks rescued images
|
|
Cinder
|
October 2, 2014
|
2014-033
|
2014-3641
|
Cinder-volume host data leak to vm instance
|
|