Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

Design/Logic Flaw

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

OpenStack Compute(liberty) directory traversal vulnerability

OpenStack is a cloud platform management project.OpenStack Compute Nova is one of the cloud computing construct controllers written in the Python language and is part of the IaaS system. OpenStack Compute has a security vulnerability. When a program spawns an instance using libvirt and sets...

DEBIAN-CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

Stack overflow

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

CVE-2015-7548

OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...

Important: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: openstack-nova security advisory

Updated openstack-nova packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: openstack-nova secuity and bug fix advisory

Updated OpenStack Compute packages that resolve one security issue and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory

Updated OpenStack Compute packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

DEBIAN-CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

CVE-2015-7713

CVE-2015-7713 affects OpenStack Nova. The vulnerability arises when security group changes are not correctly applied to already-running instances, allowing remote attackers to bypass intended network restrictions. Affected releases: OpenStack Nova before 2014.2.4 (juno) and before 2015.1.x before...