Fedora Update for openstack-nova FEDORA-2013-15373

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2013-15373 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.3-2.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 19 : openstack-nova-2013.1.3-2.fc19 (2013-15373)

Fixes 2 CVEs that were missed with the 2013.1.3 stable update Update to latest stable/grizzly 2013.1.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Low: Red Hat Security Advisory: ruby193-v8 security update

Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

OpenStack: python-glanceclient failing SSL certificate check

The Python client library for Glance python-glanceclient before 0.10.0 does not properly check the preverifyok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate and allows...

OpenStack: openstack-nova-compute console-log DoS

OpenStack Compute Nova Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service connection pool consumption, as demonstrated using multiple requests that send...

OpenStack: Nova network source security groups denial of service

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

Moderate: Red Hat Security Advisory: python-glanceclient security update

An updated python-glanceclient package that fixes one security issue is now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

OpenStack: Nova XML entities DoS

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

OpenStack: Nova private flavors resource limit circumvention

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

OpenStack: Cinder LVM volume driver does not support secure deletion

The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...

OpenStack: Cinder Denial of Service using XML entities

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

OpenStack: Swift Denial of Service using superfluous object tombstones

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

Important: Red Hat Security Advisory: Foreman security update

Updated Foreman packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...

OpenStack Swift 远程拒绝服务漏洞(CVE-2013-4155)

Bugtraq ID:61690 CVE ID:CVE-2013-4155 OpenStack Swift是OpenStack开源云计算项目的子项目之一,被称为对象存储,提供了强大的扩展性、冗余和持久性 OpenStack Swift存在一个安全漏洞，通过提交包含旧的X-Timestamp值的请求，通过验证的攻击者可把多余对象tombstone填充到对象服务器中，可明显减缓对该对象服务器的请求，对Swift集群进行拒绝服务攻击 0 OpenStack Swift 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： Havana development branch fix:...

OpenStack Cinder 信息泄漏漏洞(CVE-2013-4183)

Bugtraq ID:61689 CVE ID:CVE-2013-4183 OpenStack Cinder是为Openstack提供块存储的功能 OpenStack Cinder LVM卷驱动存在一个安全漏洞，当配置了安全删除secure delete时LVM快照内容可能没有正确删除清除，可导致这些数据泄漏给之后租此服务器的租户 0 OpenStack Cinder 厂商解决方案 用户可参考如下厂商提供的安全补丁以修复该漏洞： Havana development branch fix: https://review.openstack.org/36506 Grizzly fix:...