UBUNTU-CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

PT-2015-6130 · Openstack +1 · Openstack Compute +1

Name of the Vulnerable Software and Affected Versions: OpenStack Compute nova versions before 2014.2.4 juno OpenStack Compute nova versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to cause a denial of service, specifically disk consumption, by deleti...

UBUNTU-CVE-2015-5286

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...

Important: Red Hat Security Advisory: openstack-ironic-discoverd security update

Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

SUSE-SU-2015:1846-1 Security update for openstack-swift

openstack-swift was updated to fix three security issues. These security issues were fixed: - CVE-2015-1856: OpenStack Object Storage Swift, when allowversion is configured, allowed remote authenticated users to delete the latest version of an object by leveraging listing access to the...

openstack-neutron: Firewall rules bypass through port update

A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking neutron. An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

openstack-swift: Information leak via Swift tempurls

A flaw was discovered in the OpenStack Object Storage service swift TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project tenant...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

openstack-glance allows illegal modification of image status

A flaw was discovered in the OpenStack Image service glance where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas,...

Moderate: Red Hat Security Advisory: openstack-nova security update

Updated openstack-nova packages that fix one security issue and several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability...

openstack-nova: Nova instance migration process does not stop when instance is deleted

A denial of service flaw was found in the OpenStack Compute nova instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an...

openstack-nova: Deleting instances in resize state fails

A flaw was found in the way OpenStack Compute nova handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of servic...

SUSE-SU-2015:1890-1 Security update for openstack-neutron and crowbar-barclamp-neutron

This update provides security fixes and improvements for openstack-neutron and crowbar-barclamp-neutron. crowbar-barclamp-neutron: - Add infoblox support. - Add configurations required to support DHCP relay. - Create 'floating' network as 'flat' provider network. bsc946882 - Fix search for Nova...

openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware

A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package OpenStack director. The staticweb middleware was incorrectly configured before the Identity Service, and...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update

Updated packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

RHEL 6 : Red Hat Gluster Storage 3.1 update (Moderate) (RHSA-2015:1845)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1845 advisory. Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It...

gluster-swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage swiftonfile. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...