Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting...

[SECURITY] Fedora 27 Update: docker-latest-1.13.1-37.git9cb56fd.fc27

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Debian DSA-4275-1 : keystone - security update

Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4275. The text itself is copyright C...

Debian: Security Advisory (DSA-4275-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.20 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Apr 2018 - Includes Oracle Apr 2018 CPU. IBM Cloud Manager with...

Security Bulletin: IBM Cloud Manager with Openstack DoS through IPv6 subnet vulnerability (CVE-2014-4167)

Summary By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Vulnerability Details CVE ID: CVE-2014-4167 Description: The OpenStack Neutron L3-agent is...

Security Bulletin: Security vulnerability in Open vSwitch affects IBM Cloud Manager with OpenStack (CVE-2016-2074)

Summary A security vulenrability has been identified in Open vSwitch that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2074 DESCRIPTION: Open vSwitch is vulnerable to a buffer overflow, caused...

Security Bulletin: A security vulnerability has been identified in paramiko shipped with IBM Cloud Manager with OpenStack (CVE-2018-7750)

Summary Paramiko is shipped as a component of IBM Cloud Manager with Openstack. This vulnerability cannot be exploited as IBM Cloud Manager with OpenStack only uses Paramiko client. Information about a security vulnerability affecting Paramiko has been published in a security bulletin...

Security Bulletin: GSKit and Hash Selection Vulnerability (CVE-2016-0201 )

Summary IBM Cloud Manager with OpenStack is vulnerable to a GSKit vulnerability, which allows the attackers to exploit this vulnerability to obtain authentication credentials. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: IBM Cloud Manager with Openstack XSS in Swift vulnerability (CVE-2014-3497)

Summary The OpenStack Swift server included in IBM Cloud Manager with Openstack is vulnerable to a XSS attack. Vulnerability Details CVE ID: CVE-2014-3497 Description: OpenStack Swift is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: RabbitMQ vulnerability affect IBM Cloud Manager with OpenStack (CVE-2015-8786)

Summary IBM Cloud Manager has addressed vulnerability in RabbitMQ. Vulnerability Details CVE-ID: CVE-2015-8786 DESCRIPTION: RabbitMQ is vulnerable to a denial of service, caused by an error in the Management plugin. By sending a specially crafted request, a remote authenticated attacker could...

Security Bulletin: OpenStack Heat vulnerability affect IBM Cloud Manager with OpenStack (CVE-2016-9185)

Summary IBM Cloud Manager has addressed a vulnerability in OpenStack Heat. Vulnerability Details CVE-ID: CVE-2016-9185 DESCRIPTION: OpenStack Heat could allow a remote authenticated attacker to obtain sensitive information. By using a special-crafted URL, a remote attacker could exploit this...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by GSKit

Summary Multiple security vulnerabilities have been identified in GSKit and GSKit-Crypto that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.5 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10110 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7713, CVE-2015-5286)

Summary IBM Cloud Manager with Openstack is vulnerable to several OpenStack vulnerablities. An attacker can exploit these velnerabilities to launch further attacks on the system or to exhaust all available resources. Vulnerability Details CVEID: CVE-2015-7713 DESCRIPTION: OpenStack Nova could...

Security Bulletin: Logjam vulnerability affect IBM Cloud Manager with Openstack (CVE-2015-4000)

Summary IBM Cloud Manager with Openstack is vulnerable to Logjam vulnerability, attackers could exploit them to obtain sensitive information Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failur...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.15 and Version 7.0.9.20 these are used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as...

Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this...

Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input...