SUSE-SU-2023:0844-1 Security update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils

This update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-glance, openstack-nova: - CVE-2022-47951: Fixed file access control through custom VMDK fl...

GHSA-6XC7-4CX8-J3XC OpenStack Nova-LXD bypass security restrictions

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...

GHSA-VCMV-6RXX-FH7R OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Design/Logic Flaw

OpenStack nova base images permissions are world readable...

SUSE-SU-2018:2576-1 Security update for OpenStack

This update for OpenStack fixes the following issues: The following security issue with openstack-keystone has been fixed: - CVE-2018-14432: Reduce duplication in federated authentication APIs. bsc1102151 Additionally, the following non-security issues have been fixed: openstack-dashboard: - Fetc...

CVE-2017-12440

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...

CVE-2016-6829

The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...

Debian DLA-520-1 : horizon security update

It was discovered that there was an XSS vulnerability in horizon, a Django module providing web interaction with OpenStack. For Debian 7 'Wheezy', this issue has been fixed in horizon version 2012.1.1-10+deb7u1. We recommend that you upgrade your horizon packages. NOTE: Tenable Network Security h...

SUSE-SU-2015:1666-1 Security update for Cloud Compute 12

This collective update for the Cloud Compute 12 Module provides several fixes and enhancements. openstack-suse: - Do not copy upstream Python requirements to the package. bsc920573 openstack-nova: - Fix metadata not returning just instance private IP. bsc934523 - Enable tenant/user specific...

SUSE-SU-2015:1515-1 Security update for openstack and python-oslo.utils

This update provides the following fixes provided from the upstream OpenStack-project: - openstack-suse: + do not copy upstream python requirements to the package, we rely on Requires; upstream requirements.txt introduce version caps which we do not follow bnc920573 - openstack-sahara: + Fix...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-0167

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

CVE-2013-4497

The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...