[USN-2193-1] OpenStack Glance vulnerability

========================================================================== Ubuntu Security Notice USN-2193-1 May 05, 2014 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

Ubuntu 12.10 : cinder vulnerability (USN-2208-1)

JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubunt...

[USN-2194-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2194-1 May 05, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Ubuntu 12.04 LTS / 12.10 / 13.10 : swift vulnerability (USN-2207-1)

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients. Note that Tenable Network...

Ubuntu 13.10 : horizon vulnerability (USN-2206-1)

Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...

[USN-2207-1] OpenStack Swift vulnerability

========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

USN-2208-2: OpenStack Quantum vulnerability

USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. Original advisory details: JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol i...

USN-2208-1: OpenStack Cinder vulnerability

JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...

USN-2207-1: OpenStack Swift vulnerability

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...

USN-2206-1: OpenStack Horizon vulnerability

Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...

Ubuntu 13.10 : neutron vulnerability (USN-2194-1)

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants. Note that Tenable Network Security has extracted t...

USN-2194-1: OpenStack Neutron vulnerability

Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants...

USN-2193-1: OpenStack Glance vulnerability

Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user...

Fedora Update for python-keystoneclient FEDORA-2014-5555

Check for the Version of python-keystoneclient OpenVAS Vulnerability Test Fedora Update for python-keystoneclient FEDORA-2014-5555 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for python-django-horizon FEDORA-2014-5002

Check for the Version of python-django-horizon OpenVAS Vulnerability Test Fedora Update for python-django-horizon FEDORA-2014-5002 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora 20 : qemu-1.6.2-4.fc20 (2014-5825)

Fix arm sd warnings with latest kernel bz 1091548 - Fix regression in CVE backport that affects openstack thanks lbezdick - Fix guest startup crashes from autotest bz 1081610 - Block/image format validation CVE-2014-0142 - 2014-0148 bz 1078201, bz 1086710, bz 1079140, bz 1086724, bz 1079240, bz...

(RHSA-2014:0463) Low: Red Hat Enterprise Linux OpenStack Platform 3.0 - 90 Day Retirement Notice

In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the one-year life cycle of Production Support for version 3 will end on July 31, 2014. On August 1, 2014, Red Hat Enterprise Linux OpenStack Platform version 3 will enter an inactive state and will no longer receiv...

openstack-glance: remote code execution in Glance Sheepdog backend

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

Important: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: Django security update

Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...