CVE-2014-8124

CVE-2014-8124 affects OpenStack Horizon (Dashboard) prior to the 2014.1.3 series and the 2014.2.x series before 2014.2.1 when using db or memcached session engines. The issue is a denial of service caused by improper handling of session records, allowing an attacker to generate a large number of ...

PT-2014-8417

Name of the Vulnerable Software and Affected Versions OpenStack Dashboard Horizon versions prior to 2014.1.3 OpenStack Dashboard Horizon versions 2014.2.x prior to 2014.2.1 Description The issue arises from improper handling of session records when using a db or memcached session engine. This...

[SECURITY] Fedora 21 Update: docker-io-1.3.2-2.fc21

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Low: Red Hat Security Advisory: openstack-trove security update

Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores,...

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

Low: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, whi...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

Design/Logic Flaw

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1 vulnerable when the OVS monolithic plug-in is not used; PackStack-generated nova.conf may fail to set libvirt_vif_driver, which can disable the firewall and allow remote access bypass. Red Hat's RHSA-2014:1691 documents this issue and provides the fix in an updated Pa...

OpenStack multiple security vulnerabilities

OpenStack Cinder information leakage, Keystone information leakage, Nova information leakage and restrictions bypass, Neutron restrictions bypass...

[USN-2408-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2408-1 November 11, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2407-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2407-1 November 11, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2405-1] OpenStack Cinder vulnerabilities

========================================================================== Ubuntu Security Notice USN-2405-1 November 11, 2014 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2406-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2406-1 November 11, 2014 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...