Code injection

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

CVE-2015-3221

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

CVE-2015-3221

OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding an address pair that is rejected by the ipset tool...

CVE-2015-3221

CVE-2015-3221 affects OpenStack Neutron (IPTables driver) where remote authenticated users can cause a denial of service (L2 agent crash) by adding an address pair that is rejected by ipset. Connected advisories (RHSA-2015:1680; SUSE-SU-2015:1890-1 and related SUSE/SUSE-SU advisories) indicate Ne...

PT-2015-6102 · Openstack · Openstack Neutron

Name of the Vulnerable Software and Affected Versions: OpenStack Neutron versions prior to 2014.2.4 juno OpenStack Neutron versions 2015.1.x prior to 2015.1.1 kilo Description: The issue allows remote authenticated users to cause a denial of service, resulting in an L2 agent crash. This occurs wh...

SUSE-SU-2015:1515-1 Security update for openstack and python-oslo.utils

This update provides the following fixes provided from the upstream OpenStack-project: - openstack-suse: + do not copy upstream python requirements to the package, we rely on Requires; upstream requirements.txt introduce version caps which we do not follow bnc920573 - openstack-sahara: + Fix...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: python-keystoneclient and python-keystonemiddlware security update

Updated python-keystoneclient and python-keystonemiddleware packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

python-django-horizon: XSS in Heat stack creation

A cross-site scripting XSS flaw was found in the Horizon orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user...

python-django-horizon: persistent XSS in Horizon metadata dashboard

A flaw was discovered in the OpenStack dashboard horizon handling of metadata. Potentially untrusted data was displayed from OpenStack Image service glance images, OpenStack Compute nova flavors, or host aggregates without correct sanitization. The flaw could be used by an authenticated user to...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

openstack-neutron: L2 agent DoS through incorrect allowed address pairs

A Denial-of-Service flaw was found in the OpenStack Networking neutron L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool with zero prefix size, an authenticated attacker can cause the L2 agent to crash...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

[USN-2704-1] Swift vulnerabilities

========================================================================== Ubuntu Security Notice USN-2704-1 August 06, 2015 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack Swift security vulnerabilities

Few restriction bypass vulnerabilities...