Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 14 bug fix and enhancement advisory

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 14.0 Rocky for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...

openstack-neutron: DOS via broken port range merging in security group

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

openstack-neutron: incorrect validation of port settings in iptables security group driver

A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...

Important: Red Hat Security Advisory: openstack-neutron security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-neutron: DOS via broken port range merging in security group

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

openstack-neutron: incorrect validation of port settings in iptables security group driver

A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...

Important: Red Hat Security Advisory: openstack-neutron security and bug fix update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Low: Red Hat Security Advisory: openstack-ceilometer security update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files

A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...

openstack-cinder: Data retained after deletion of a ScaleIO volume

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update

An update for openstack-neutron, openstack-neutron-lbaas, and python-networking-bigswitch is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

openstack-neutron: incorrect validation of port settings in iptables security group driver

A validation flaw was discovered in the iptables firewall module in OpenStack Neutron. By setting a destination port in a security group rule, along with a protocol that does not support that option for example, VRRP, an authenticated user could block further application of security group rules f...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)

Summary A security vulnerability has been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

The vulnerability of the iptables security group driver of the Neutron SDN-platform for OpenStack, related to incorrect handling of security group configurations, allows attackers to circumvent established security policy rules.

The vulnerability of the iptables security group driver of the Neutron SDN-platform for the OpenStack platform is related to incorrect handling of security group configurations. Exploiting this vulnerability allows a malicious actor to circumvent established security policies by blocking further...

DEBIAN-CVE-2011-3147

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2019:0956-1)

This update for wget fixes the following issues : Security issue fixed : CVE-2019-5953: Fixed a buffer overflow vulnerability which might cause code execution bsc1131493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 2.5 security and bug fix update

An update for ceph and grafana is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2019-10876

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

CVE-2019-10876

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...