Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: python-keystoneclient and python-keystonemiddlware security update

Updated python-keystoneclient and python-keystonemiddleware packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

python-django-horizon: XSS in Heat stack creation

A cross-site scripting XSS flaw was found in the Horizon orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user...

python-django-horizon: persistent XSS in Horizon metadata dashboard

A flaw was discovered in the OpenStack dashboard horizon handling of metadata. Potentially untrusted data was displayed from OpenStack Image service glance images, OpenStack Compute nova flavors, or host aggregates without correct sanitization. The flaw could be used by an authenticated user to...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Red Hat Product Security has rated this update as having a Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

openstack-neutron: L2 agent DoS through incorrect allowed address pairs

A Denial-of-Service flaw was found in the OpenStack Networking neutron L2 agent when using the iptables firewall driver. By submitting an address pair that is rejected as invalid by the ipset tool with zero prefix size, an authenticated attacker can cause the L2 agent to crash...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

OpenStack Keystone restrictions bypass

Certificates validation bypass...

OpenStack Swift security vulnerabilities

Few restriction bypass vulnerabilities...

[USN-2704-1] Swift vulnerabilities

========================================================================== Ubuntu Security Notice USN-2704-1 August 06, 2015 swift vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack Image Service (kilo) Directory Traversal Vulnerability

OpenStack is the massively scalable cloud operating system. A directory traversal vulnerability in OpenStack Image Service 2015.1.x version kilo prior to 2015.1.2 allows an authenticated, remote user to read arbitrary files from a backup file created with the "qcow2" image...

CVE-2015-3219

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

DEBIAN-CVE-2015-3219

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

UBUNTU-CVE-2015-3219

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

PYSEC-2015-40

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

PYSEC-2015-40

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...