2 matches found
CVE-2014-3703
OpenStack PackStack 2012.2.1 vulnerable when the OVS monolithic plug-in is not used; PackStack-generated nova.conf may fail to set libvirt_vif_driver, which can disable the firewall and allow remote access bypass. Red Hat's RHSA-2014:1691 documents this issue and provides the fix in an updated Pa...
CVE-2013-1815
CVE-2013-1815 affects PackStack 2012.2.3 in Red Hat OpenStack Essex/Folsom, where the answer file could be created in insecure directories (e.g., /tmp or cwd), enabling local modification of deployed systems. The RHSA-2013:0671 advisory documents the fix: after the update, PackStack creates the a...