RHSA-2014:1939 Red Hat Security Advisory: openstack-trove security update

Bulletin has no description...

RHEL 6 : openstack-trove (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-trove: multiple insecure /tmp file usage issues CVE-2015-3156 Note that Nessus has not tested for this...

RHEL 7 : openstack-trove (RHSA-2014:1939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1939 advisory. OpenStack Database trove is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly a...

Ubuntu: Security Advisory (USN-6245-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6245-1 openstack-trove vulnerabilities

Adam Bell discovered that Trove incorrectly handled arguments to the backup command. A remote attacker could possibly use this issue to execute arbitrary code...

SUSE CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

Information Disclosure

openstack-trove is vulnerable to information disclosure. It was found that the processutils.execute and strutils.maskpassword functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these...

Information Disclosure

openstack-trove is vulnerable to information disclosure attacks. The vulnerability exists as the processutils.execute function in OpenStack Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

Openstack DBaaS Configuration File Write Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the U.S. Openstack DBaaS is one of the database service tools. A security vulnerability exists in Openstack DBaaS aka Trove in versions prior to Openstack...

UBUNTU-CVE-2015-3156

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

SUSE-SU-2016:0739-1 Security update for openstack-trove

This update for openstack-trove fixes the following issues: - Fix multiple insecure /tmp file usage issues bsc929535, CVE-2015-3156...

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...