CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2013-6433

The CVE-2013-6433 issue affects the Red Hat openstack-neutron package: its default configuration prior to 2013.2.3-7 does not properly set a rootwrap configuration file, enabling privilege escalation by an attacker via a crafted config. The impact is privilege escalation with network-exposed vect...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2014-0040

CVE-2014-0040 affects OpenStack Heat Templates (heat-templates) as used in Red Hat OpenStack Platform 4.0. The root cause is HTTP downloads of packages and signing keys via Yum, enabling MITM attackers to block or tamper updates. Red Hat’s RHSA-2014:0579 fixes this (and related CVEs 0041, 0042) b...

CVE-2013-2014

OpenStack Identity (Keystone) prior to version 2013.1 is affected. The issue allows remote attackers to cause a denial of service by sending multiple long requests, leading to memory consumption and a crash. This is the stated impact in the CVE description. Remediation suggested in the related en...

CVE-2014-0042

CVE-2014-0042 affects OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform 4.0. The issue is that certain heat templates disable GPG signature checking by setting gpgcheck=0, allowing potential MITM-style package tampering during downloads. Red Hat’s RH...

CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

PT-2014-3447 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors, as OpenStack Heat Templates uses ...

UBUNTU-CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

Fedora Update for openstack-neutron FEDORA-2014-6520

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2014-3448 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors by disabling SSL protection for...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

openstack-nova: Nova host data leak to vm instance in rescue mode

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

Low: Red Hat Security Advisory: openstack-heat-templates security update

An updated openstack-heat-templates package that fixes three security issues is now available Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

openstack-heat-templates: use of HTTP to download signing keys/code

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

openstack-heat-templates: setting gpgcheck=0 for signed packages

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base scor...