[SECURITY] [DLA 3870-1] python-oslo.utils new upstream release

------------------------------------------------------------------------- Debian LTS Advisory DLA-3870-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...

USN-6989-1: OpenStack vulnerability

Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

PT-2024-30939 · Openstack +3 · Openstack Ironic +4

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 26.0.1 Ironic-python-agent versions prior to 9.13.1 Description: The issue concerns a vulnerability in image processing, where a crafted image could be used by an authenticated user to exploit undesired...

UBUNTU-CVE-2024-44082

In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

Sensitive Information Disclosure

openstack-heat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the stack abandon command with the hidden feature set to True by which an attacker can disclose sensitive information...

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

CVE-2024-8007

CVE-2024-8007 affects the Red Hat OpenStack Platform (RHOSP) 17.1.x Director component, specifically the openstack-tripleo-common module used by the director. The vulnerability arises from disabling TLS certificate verification for registry mirrors, which can allow an attacker to deploy potential...

CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

[SECURITY] [DSA 5756-1] nova security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5755-1] glance security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...

[SECURITY] [DSA 5754-1] cinder security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...

PT-2024-38750 · Red Hat · Red Hat Openstack Platform

Name of the Vulnerable Software and Affected Versions: Red Hat OpenStack Platform RHOSP director versions 16.1 through 17.1 Description: A flaw was found in the Red Hat OpenStack Platform RHOSP director, allowing an attacker to deploy potentially compromised container images via disabling TLS...

Debian dsa-5754 : cinder-api - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5754 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz...

Debian dsa-5755 : glance - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5755 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1 [email protected] https://www.debian.org/security/ Moritz...

Debian dsa-5756 : nova-api - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5756 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 [email protected] https://www.debian.org/security/ Moritz...

Red Hat OpenStack Platform 信任管理问题漏洞

Red Hat OpenStack Platform is a cloud computing management platform from Red Hat USA. Red Hat OpenStack Platform suffers from a trust management issue vulnerability that originates from allowing an attacker to deploy potentially compromised container images by disabling TLS certificate validation...

Low: cups

Issue Overview: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with...

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...