Important: Red Hat Security Advisory: openstack-keystone security and bug fix update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects

A flaw was found in Keystone federation. By doing GET /v3/OS-FEDERATION/projects an authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 12.0 director security and bug fix update

An update for memcached is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host

OpenStack Nova has a vulnerability in the handling of encrypted volumes. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. All Nova installations supporting...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 27 Update: docker-latest-1.13.1-37.git9cb56fd.fc27

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Debian DSA-4275-1 : keystone - security update

Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4275. The text itself is copyright C...

Debian: Security Advisory (DSA-4275-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.20 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Apr 2018 - Includes Oracle Apr 2018 CPU. IBM Cloud Manager with...

Security Bulletin: IBM Cloud Manager with Openstack DoS through IPv6 subnet vulnerability (CVE-2014-4167)

Summary By creating an IPv6 private subnet attached to a L3 router, an authenticated user may break the L3-agent, preventing further floating IPv4 addresses from being attached for the entire cloud. Vulnerability Details CVE ID: CVE-2014-4167 Description: The OpenStack Neutron L3-agent is...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cloud Manager

Summary Multiple vulnerabilitieshave been identified in OpenSSL OpenSSL and Node.JS consumers . OpenSSL is used by IBM Cloud Manager. IBM Cloud Manager has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3730 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused b...

Security Bulletin: Security vulnerability in Open vSwitch affects IBM Cloud Manager with OpenStack (CVE-2016-2074)

Summary A security vulenrability has been identified in Open vSwitch that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2074 DESCRIPTION: Open vSwitch is vulnerable to a buffer overflow, caused...

Security Bulletin: A security vulnerability has been identified in paramiko shipped with IBM Cloud Manager with OpenStack (CVE-2018-7750)

Summary Paramiko is shipped as a component of IBM Cloud Manager with Openstack. This vulnerability cannot be exploited as IBM Cloud Manager with OpenStack only uses Paramiko client. Information about a security vulnerability affecting Paramiko has been published in a security bulletin...

Security Bulletin: GSKit and Hash Selection Vulnerability (CVE-2016-0201 )

Summary IBM Cloud Manager with OpenStack is vulnerable to a GSKit vulnerability, which allows the attackers to exploit this vulnerability to obtain authentication credentials. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive...

Security Bulletin: IBM Cloud Manager with Openstack XSS in Swift vulnerability (CVE-2014-3497)

Summary The OpenStack Swift server included in IBM Cloud Manager with Openstack is vulnerable to a XSS attack. Vulnerability Details CVE ID: CVE-2014-3497 Description: OpenStack Swift is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: RabbitMQ vulnerability affect IBM Cloud Manager with OpenStack (CVE-2015-8786)

Summary IBM Cloud Manager has addressed vulnerability in RabbitMQ. Vulnerability Details CVE-ID: CVE-2015-8786 DESCRIPTION: RabbitMQ is vulnerable to a denial of service, caused by an error in the Management plugin. By sending a specially crafted request, a remote authenticated attacker could...

Security Bulletin: OpenStack Heat vulnerability affect IBM Cloud Manager with OpenStack (CVE-2016-9185)

Summary IBM Cloud Manager has addressed a vulnerability in OpenStack Heat. Vulnerability Details CVE-ID: CVE-2016-9185 DESCRIPTION: OpenStack Heat could allow a remote authenticated attacker to obtain sensitive information. By using a special-crafted URL, a remote attacker could exploit this...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by GSKit

Summary Multiple security vulnerabilities have been identified in GSKit and GSKit-Crypto that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...

Security Bulletin: Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack

Summary Multiple security vulenrability have been identified in dnsmasq that is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-14495 DESCRIPTION: dnsmasq is vulnerable to a denial of service, caus...

Security Bulletin: IBM Cloud Manager with OpenStack is affected by an OpenStack Nova vulnerability

Summary A security vulnerability has been identified in OpenStack Nova that is used by IBM Cloud Manager with OpenStack. This vulnerability only affects IBM Cloud Manager with OpenStack version that ships kilo version of OpenStack. IBM Cloud Manager with OpenStack has addressed these...