[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-5.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

CVE-2013-4202

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

CVE-2013-4179

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

CVE-2013-4183

The clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2013-4155

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

CVE-2013-2256

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.2-4.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 19 : novnc-0.4-7.fc19 / openstack-nova-2013.1.2-4.fc19 (2013-13244)

Update to the latest Grizzly stable 2013.1.2 - Fix CVE-2013-2096 - Move openstack-nova-novncproxy from novnc to openstack-nova Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 Grizzly. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Foreman (Red Hat OpenStack/Satellite) Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....

Fedora 19 : openstack-keystone-2013.1.2-3.fc19 (2013-10467)

Stable Grizzly update 2013.1.2 Force simple Bind for authentication CVE-2013-2157 restrict /var/log/keystone/ rhbz956814 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.2-3.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

OpenStack多个产品SSL证书校验漏洞(CVE-2013-2255)

CVE ID:CVE-2013-2255 OpenStack Computer提供给一个组织云的工具,其中的功能包括运行虚拟机实例, 管理网络以及通过用户和项目来控制对云的访问OpenStack keystone是openstack中用于身份验证的项目，任何服务请求需要经过它的验证获得服务的endpoint OpenStack Computer/keystone在连接服务器时没有校验所提供的SSL证书的合法性，允许远程攻击者利用漏洞伪造合法服务器，进行中间人等攻击 0 OpenStack Compute Nova 2013.x OpenStack Keystone 2013.x 厂商解决...

openstack-keystone: Authentication bypass when using LDAP backend

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...