Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

OpenStack: Keystone /etc/keystone/ec2rc secret key exposure

tools/sampledata.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud Amazon EC2 is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this...

OpenStack security vulnerabilities

User authorization vulnerabilities...

[USN-1641-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1641-1 November 28, 2012 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

USN-1641-1: OpenStack Keystone vulnerabilities

Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

[SECURITY] Fedora 18 Update: python-django-horizon-2012.2-4.fc18

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

Fedora Update for openstack-glance FEDORA-2012-18085

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for openstack-glance FEDORA-2012-18085

Check for the Version of openstack-glance OpenVAS Vulnerability Test Fedora Update for openstack-glance FEDORA-2012-18085 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

[SECURITY] Fedora 17 Update: openstack-glance-2012.1.2-2.fc17

OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...

[SECURITY] Fedora 18 Update: openstack-glance-2012.2-3.fc18

OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...

Fedora 18 : openstack-glance-2012.2-3.fc18 (2012-17901)

Fix Glance Authentication bypass for image deletion CVE-2012-4573 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...

DEBIAN-CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...

CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...

CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...

CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...

PYSEC-2012-29

The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...