[SECURITY] Fedora 29 Update: docker-1.13.1-65.git1185cfd.fc29

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

[SECURITY] Fedora 29 Update: docker-latest-1.13.1-40.git1185cfd.fc29

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

[SECURITY] Fedora 28 Update: docker-1.13.1-63.git1185cfd.fc28

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432)

Summary PowerVC has addressed the following vulnerability. An authenticated "GET /v3/OS-FEDERATION/projects" request to the identity API may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects ...

Information Disclosure

openstack-cinder is vulnerable to information disclosure. As data is retained after deletion of a ScaleIO volume, newly created volumes in certain storage volume configurations contains data from the previous volume. This leads to confidential information leakage between tenants...

Information Disclosure

openstack-keystone is vulnerable to information disclosure. An authorization bypass on the listing projects via an authenticated GET /v3/OS-FEDERATION/projects request allows authenticated users to discover projects they have no authority to access, disclosing the project and attributes informati...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service. Swapping encrypted volumes can allow an attacker to corrupt the LUKS header on the compute host, causing a denial of service condition...

World Readable Data

tripleo-heat-templates contains a world readable data vulnerability. The library does not set the proper permissions during the creation of the ceph.client.openstack.keyring, allowing a local user to access the keyring to read or modify data. This vulnerability only affects setups with openstack...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists when rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters for example, the ImagePropertiesFilter or the IsolatedHostsFilter. All setups using No...

Information Disclosure

openstack-neutron is vulnerable to information disclosure attacks. The vulnerability exists as a race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron...

Information Disclosure

openstack-mistral is vulnerable to information disclosure attacks. The vulnerability exists as an accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as an authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may...

Information Disclosure

openstack-heat is vulnerable to information disclosure. An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the...

Information Disclosure

openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as an access-control flaw was found in the OpenStack Orchestration heat service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could...

Remote Code Execution (RCE)

python-rdomanager-oscplugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as a design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on...

Denial Of Service (DoS)

OpenStack Compute nova is vulnerable to denial of service DoS attack. It is possible because it does not restrict qemu-ing calls to consume as much as 4 GB of RAM on the compute host by uploading a malicious image, leading to out-of-memory errors and negatively affect other running tenant instanc...

Authorization Bypass

openstack-neutron is vulnerable to authorization bypass. Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests and...

Information Disclosure

openstack-ironic is vulnerable to information disclosure. An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bar...