Security Bulletin: IBM Cloud Manager with OpenStack is affected by a vulnerability found in OpenStack Neutron (CVE-2017-7543)

Summary A vFinder security vulnerability has been identified in OpenStack Neutron that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the vulnerability. Vulnerability Details CVEID: CVE-2017-7543 DESCRIPTION: OpenStack neutron could allow a remote...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0732, CVE-2018-0737)

Summary A security vulnerability has been identified in OpenSSL that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed this vulnerability. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the...

Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 12 Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 12.0 Pike for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...

Moderate: Red Hat Security Advisory: openstack-neutron security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-neutron: A router interface out of subnet IP range results in a denial of service

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

Overcoming OpenStack Obstacles for vCDN at the Edge

Akamai and Wind River have collaborated to provide a validated, joint solution for virtual CDN services delivered with the reliability, scalability, and edge-optimized footprint that are required for cost-effective deployments in telecom networks. As the competition for viewers continues to heat...

openstack-cinder: Data retained after deletion of a ScaleIO volume

An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...

CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

Design/Logic Flaw

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

DEBIAN-CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

PYSEC-2018-92

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

UBUNTU-CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

PYSEC-2018-92

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

CVE-2018-16849

CVE-2018-16849 affects OpenStack Mistral. The flaw arises in the std.ssh action where manipulating the SSH private_key_filename (which can be an absolute path) enables an attacker to determine whether arbitrary files exist on the executor filesystem, i.e., a local information-disclosure/file-exis...

CVE-2018-16849

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...