Moderate: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue and several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

openstack-nova: Nova instance migration process does not stop when instance is deleted

A denial of service flaw was found in the OpenStack Compute nova instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an...

openstack-nova: Deleting instances in resize state fails

A flaw was found in the way OpenStack Compute nova handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of servic...

SUSE-SU-2015:1890-1 Security update for openstack-neutron and crowbar-barclamp-neutron

This update provides security fixes and improvements for openstack-neutron and crowbar-barclamp-neutron. crowbar-barclamp-neutron: - Add infoblox support. - Add configurations required to support DHCP relay. - Create 'floating' network as 'flat' provider network. bsc946882 - Fix search for Nova...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update

Updated packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware

A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package OpenStack director. The staticweb middleware was incorrectly configured before the Identity Service, and...

RHEL 6 : Red Hat Gluster Storage 3.1 update (Moderate) (RHSA-2015:1845)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1845 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It...

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.1 update

Red Hat Gluster Storage 3.1 Update 1, which fixes one security issue, several bugs, and adds various enhancements, is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

gluster-swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage swiftonfile. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

Moderate: Red Hat Security Advisory: Red Hat Gluster Storage 3.1 update

Red Hat Gluster Storage 3.1 Update 1, which fixes one security issue, several bugs, and adds various enhancements, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

Low: Red Hat Security Advisory: mod_proxy_fcgi and ceph security and bug fix update

Updated modproxyfcgi and ceph packages that fix one security issue and several bugs are now available for CentOS 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

OpenStack Nova Denial of Service Vulnerability (CNVD-2015-06392)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. A denial of service vulnerability...

OpenStack Neutron Firewall Security Bypass Vulnerability

OpenStack is a cloud platform management project. neutron is one of the networking components that provides network-as-a-service, enabling the creation of networks between OpenStack services, access to network devices into the mesh, and more. A security bypass vulnerability exists in Neutron,...

SUSE-SU-2015:1666-1 Security update for Cloud Compute 12

This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. bsc920573 openstack-nova: - Fix metadata not returning just instance private IP. bsc934523 - Enable tenant/user specific...

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

UBUNTU-CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

PT-2015-6817 · Openstack +1 · Openstack Image Service +1

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions prior to 2014.2.4 juno OpenStack Image Service Glance versions 2015.1.x prior to 2015.1.2 kilo Description: The issue allows remote authenticated users to bypass access restrictions and change the statu...

CVE-2013-0270

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...