[SECURITY] Fedora 20 Update: openstack-nova-2013.2.1-2.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 20 : openstack-keystone-2013.2.1-1.fc20 (2013-23589)

Update to Havana stable release 2013.2.1 - Havana GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 20 : openstack-glance-2013.2.1-1.fc20 (2013-23680)

Update to Havana stable release 2013.2.1 Fixes 956815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 20 Update: openstack-glance-2013.2.1-1.fc20

OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...

[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.1-1.fc20

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

Directory traversal

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

Design/Logic Flaw

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

CVE-2013-6795

CVE-2013-6795 affects Rackspace OpenStack Windows Guest Agent for XenServer prior to 1.2.6.0. The Updater accepts a serialized .NET object over TCP port 1984, triggering download and extraction of a ZIP that overwrites the Agent binary, enabling remote code execution. Impact: remote arbitrary cod...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

PT-2013-6113 · Rackspace · Rackspace Openstack Windows Guest Agent

Name of the Vulnerable Software and Affected Versions: Rackspace Openstack Windows Guest Agent for XenServer versions prior to 1.2.6.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984. This triggers the download and...

[USN-2062-1] OpenStack Horizon vulnerability

========================================================================== Ubuntu Security Notice USN-2062-1 December 20, 2013 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack multiple security vulnerabilities

DoS, information leakage...

USN-2062-1: OpenStack Horizon vulnerability

Chris Chapman discovered cross-site scripting XSS vulnerabilities in Horizon via the Volumes and Network Topology pages. An authenticated attacker could exploit these to conduct stored cross-site scripting XSS attacks against users viewing these pages in order to modify the contents or steal...