Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

Low: Red Hat Security Advisory: openstack-trove security update

Updated openstack-trove packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores,...

Low: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, whi...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update

Updated openstack-neutron packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

Design/Logic Flaw

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1, when the Open vSwitch OVS monolithic plug-in is not used, does not properly set the libvirtvifdriver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access...

CVE-2014-3703

OpenStack PackStack 2012.2.1 vulnerable when the OVS monolithic plug-in is not used; PackStack-generated nova.conf may fail to set libvirt_vif_driver, which can disable the firewall and allow remote access bypass. Red Hat's RHSA-2014:1691 documents this issue and provides the fix in an updated Pa...

[USN-2405-1] OpenStack Cinder vulnerabilities

========================================================================== Ubuntu Security Notice USN-2405-1 November 11, 2014 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

OpenStack multiple security vulnerabilities

OpenStack Cinder information leakage, Keystone information leakage, Nova information leakage and restrictions bypass, Neutron restrictions bypass...

[USN-2407-1] OpenStack Nova vulnerabilities

========================================================================== Ubuntu Security Notice USN-2407-1 November 11, 2014 nova vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2408-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2408-1 November 11, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[USN-2406-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2406-1 November 11, 2014 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

DEBIAN-CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...