django_openstack_auth Horizon dependency requires the additional
patch above.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8124
https://launchpad.net/bugs/1394370
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
https://launchpad.net/bugs/1378450
OSSA History:
2014-12-10 - Errata 1
2014-11-19 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
?name=CVE-2014-8153
Notes
~
- This fix will be included in a future 2014.2.2 release.
- The OSSA announce format for the 2015 advisories has been changed to
RST.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
OpenStack VMT recommends revoking all credentials stored in files
accessible by Glance as a precautionary measure.
- A CVE has been requested for this issue, the OpenStack VMT will issue an
errata with the correct CVE number assigned once this information is
available.
--
Tristan Cacqueray
accessible by Glance as a precautionary measure.
OSSA History
- 2015-01-20 - Errata 1
- 2015-01-15 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
ences
~~
- https://launchpad.net/bugs/1398830
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9623
Notes
~
- This fix will be included in the kilo-2 development milestone and in future
2014.2.2 (juno) and 2014.1.4 (icehouse) releases.
--
Tristan Cacqueray
OpenStack Vulnerab
included
in the kilo-3 development milestone and in the future 2014.2.3 (juno)
release.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856
Notes
~
- This fix will be included in the upcoming 2.3.0 release.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
e=CVE-2015-1852
Notes
~
- This fix will be included in keystonemiddleware 1.6.0 release and
python-keystoneclient 1.4.0 release.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
_
OSSA-2015-008: Potential Keystone cache backend password leak in log
:Date: May 04, 2015
:CVE: CVE-2015-3646
Affects
~~~
- Keystone: versions through 2014
)
Credits
~~~
- Sunil Yadav from IBM (CVE-2015-3988)
References
~~
- https://launchpad.net/bugs/1449260
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988
Notes
~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.1
(kilo) releases.
--
Tristan Cacqueray
Konovalov from Mirantis (CVE-2015-3219)
References
~~
- https://launchpad.net/bugs/1453074
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3219
Notes
~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.1
(kilo) releases.
--
Tristan Cacqueray
OpenStack
) releases.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe
[dropped openstack-announces]
On 06/16/2015 12:14 PM, Haïkel wrote:
>> Notes
>> > ~
>> > - This fix will be included in future 2014.1.5 (icehouse), 2014.2.4
>> > (juno) and 2015.1.1 (kilo) releases.
>> >
> There were discussions about not issueing stable point releases anymore.
> Will there
?name=CVE-2015-1851
Notes
~
- This fix will be included in future 2014.1.5 (icehouse), 2014.2.4
(juno) and 2015.1.1 (kilo) releases.
OSSA History
- 2015-06-17 - Errata 1
- 2015-06-16 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
need to use 0.0.0.0/1 and 128.0.0.1/1 or ::/1 and 8000::/1 instead. The
fix_zero_length_ip_prefix.py tool is provided to clean ports previously
configured with a zero prefixed address pair
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenP
)
References
~~
- https://launchpad.net/bugs/1471912
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5163
Notes
~
- This fix will be included in the future 2015.1.2 (kilo) release.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP
~
- This fix requires oslo.concurrency >= 1.8.2 for Kilo and >= 2.3.0 for
Liberty. Juno fix embeds a patched version of oslo.concurrency.
- This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo)
releases.
--
Tristan Cacqueray
OpenStack Vulnerability Managemen
(CVE-2015-5223)
References
~~
- https://launchpad.net/bugs/1453948
- https://launchpad.net/bugs/1449212
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5223
Notes
~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo)
releases.
--
Tristan Cacqueray
future 2014.2.4 (juno) and 2015.1.2
(kilo) releases.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to
edits
~~~
- Kevin Benton from Mirantis (CVE-2015-5240)
References
~~
- https://launchpad.net/bugs/1489111
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5240
Notes
~
- This fix will be included in future 2014.2.4 (juno) and
2015.1.2 (kilo) releases.
--
Tristan Cacq
2015-5286)
References
~~
- https://bugs.launchpad.net/bugs/1498163
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286
Notes
~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.2
(kilo) releases.
--
Tristan Cacqueray
OpenStack Vulnerability Manage
(CVE-2015-7713)
References
~~
- https://bugs.launchpad.net/bugs/1491307
- https://bugs.launchpad.net/bugs/1484738
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7713
Notes
~
- This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo)
releases.
--
Tristan
On 01/08/2014 12:05 PM, Sayali Lunkad wrote:
> Hey,
>
> I am trying to authenticate on Keystone using a Java application.
> Are there any libraries that can be imported in Java for OpenStack clients
> using which I can get easy access to OpenStack.
> Any help would be highly appreciated.
>
> Than
with
the server, including any used credentials.
python-swiftclient fix (included in 2.0 release):
https://review.openstack.org/#/c/69187
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6396
https://bugs.launchpad.net/bugs/1199783
--
Tristan Cacqueray
OpenStack Vulnerab
On 02/28/2014 07:52 PM, david.co...@oracle.com wrote:
>> OpenStack Security Advisory: 2014-005
>> CVE: CVE-2013-6396
>> Date: February 17, 2014
>> Title: Missing SSL certificate check in Python Swift client
>> Reporter: Thomas Leaman (HP)
>> Products: python-swiftclient
>> Versions: 1.0 version up
nchpad.net/bugs/1260080
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@list
auth_token with memcache
are vulnerable.
python-keystoneclient fix (included in 0.7.0 release):
https://review.openstack.org/81078
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
https://bugs.launchpad.net/bugs/1282865
--
Tristan Cacqueray
OpenStack Vulnerability
ix will be included in the icehouse-rc1 development milestone and
in a future 2013.2.3 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134
https://launchpad.net/bugs/1221190
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Descriptio
:
This fix will be included in the icehouse-rc2 development milestone and
in a future 2013.2.4 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157
https://launchpad.net/bugs/1289033
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
milestone and
in a future 2013.2.4 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167
https://launchpad.net/bugs/1290537
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
will be included in the icehouse-rc2 development milestone and
in a future 2013.2.4 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0162
https://launchpad.net/bugs/1298698
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP
future 2013.2.4 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
https://launchpad.net/bugs/1300274
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
will be included in the juno-1 development milestone and in
future 2013.2.4 and 2014.1.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0187
https://launchpad.net/bugs/1300785
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description
2014.1.1 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
https://launchpad.net/bugs/1309228
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing
releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3801
https://launchpad.net/bugs/1311223
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list
ed in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
https://launchpad.net/bugs/1324592
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP di
and in
future 2013.2.4 and 2014.1.2 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4167
https://launchpad.net/bugs/1309195
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
) fix:
https://review.openstack.org/101031
Icehouse (1.13.*) fix:
https://review.openstack.org/101032
Notes:
This fix will be included in the upcoming 2.0.0 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3497
https://launchpad.net/bugs/1327414
--·
Tristan Cacqueray
Open
:
Ceilometer Juno (master) branch is not affected.
Those fixes will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4615
https://launchpad.net/bugs/1321080
--
Tristan Cacqueray
OpenStack
/cvename.cgi?name=CVE-2014-3520
https://launchpad.net/bugs/1331912
--·
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo
i-bin/cvename.cgi?name=CVE-2014-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475
https://launchpad.net/bugs/1308727
https://launchpad.net/bugs/1320235
https://launchpad.net/bugs/1322197
--
Tristan Cacqueray
OpenStack Vulnerab
e=CVE-2014-3555
https://launchpad.net/bugs/1336207
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Po
eferences:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
https://launchpad.net/bugs/1347961
https://launchpad.net/bugs/1348820
https://launchpad.net/bugs/1349597
--
Tr
://review.openstack.org/115313
Notes:
This fix will be included in the Juno-3 development milestone and in
future 2013.2.4 and 2014.1.3 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594
https://launchpad.net/bugs/1349491
--
Tristan Cacqueray
OpenStack Vulnerability
://review.openstack.org/115289
Notes:
This fix will be included in the Juno-3 development milestone and in
future 2013.2.4 and 2014.1.3 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5356
https://launchpad.net/bugs/1315321
--
Tristan Cacqueray
OpenStack Vulnerability Management
.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
https://launchpad.net/bugs/1354208
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http
2014.1.3 release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3608
https://launchpad.net/bugs/1338830
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list
-3641
https://launchpad.net/bugs/1350504
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to
nces:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7231
https://launchpad.net/bugs/1377981
https://launchpad.net/bugs/1343604
https://launchpad.net/bugs/1345233
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
sig
/125492
Notes:
This fix was included in the 2014.2 release and will appear in a future
2014.1.4 stable point release.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8333
https://launchpad.net/bugs/1359138
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
/131462
Icehouse fix:
https://review.openstack.org/131461
Notes:
This fix will be included in future 2014.1.4 and 2014.2.1 releases.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3708
https://launchpad.net/bugs/1358583
--·
Tristan Cacqueray
OpenStack Vulnerability Management
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http
~~~
- Matthew Booth from Red Hat (CVE-2015-7548)
References
~~
- https://bugs.launchpad.net/bugs/1524274
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7548
Notes
~
- This fix will be included in future 2015.1.3 (kilo) and 12.0.1
(liberty) releases.
--
Tristan Cacqueray
0.1
(liberty) releases.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openst
roxy)
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0738 (proxy to
server)
Notes
~
- The client to proxy issue (CVE-2016-0737) is already fixed in Liberty
- The remaining fix will be included in future 2.3.1 (Kilo) and 2.5.1
(Liberty) releases.
--
Tristan Cacqueray
OpenStack V
.4 (Kilo)
and 2.3.3 (Liberty) releases.
- Both keystone and keystonemiddleware needs to be updated
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstac
are relying on the false assumption that it would be ok to replace
the data of existing image in the special case that the multiple
locations has been configured.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP dig
m Red Hat (CVE-2016-2140)
References
~~
- https://bugs.launchpad.net/bugs/1548450
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2140
Notes
~
- This fix will be included in future 2015.1.3 (kilo) and 12.0.3
(liberty) releases.
--
Tristan Cacqueray
OpenStack Vulnerabil
On 03/08/2016 08:16 PM, Tristan Cacqueray wrote:
> ===
> OSSA-2016-007: Nova host data leak through resize/migration
> ===
>
> :Date: March 08, 2016
> :
2140
OSSA History
- 2016-03-09 - Errata 1
- 2016-03-08 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.org/cgi-b
in future 2015.1.4 (kilo) and 12.0.3
(liberty) releases.
OSSA History
- 2016-03-30 - Errata 2
- 2016-03-09 - Errata 1
- 2016-03-08 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPG
CMPv6)
- https://bugs.launchpad.net/bugs/1558658 (MAC, DHCP)
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5362
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5363
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8914
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
(CVE-2016-4428)
- Brandon Sawyers from Virginia Tech (CVE-2016-4428)
References
~~
- https://bugs.launchpad.net/bugs/1567673
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP dig
://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7498
Notes
~
- This bug is similar to OSSA-2015-017 (CVE-2015-3280) and was
re-introduced in the first release of Mitaka version of Nova and it
was re-fixed in nova-13.1.0.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
~
- https://launchpad.net/bugs/1606500
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9185
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
signature.asc
Description: OpenPGP digital signature
___
Mailing list: http://lists.openstack.or
k.org/442454 (Newton)
- https://review.openstack.org/442453 (Ocata)
- https://review.openstack.org/442277 (Pike)
Credits
~~~
- Eric Brown from VMware (CVE-2017-7400)
References
~~
- https://launchpad.net/bugs/1667086
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400
on)
- https://review.openstack.org/459732 (Ocata)
- https://review.openstack.org/459705 (Pike)
Credits
~~~
- Boris Bobrov from Mail.Ru (CVE-2017-2673)
References
~~
- https://launchpad.net/bugs/1677723
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
--
Tristan Cacquera
George Shuklin from Servers.com (CVE-2017-16239)
References
~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
pgpvM2xkw3ZcM.pgp
Description
9)
References
~~
- https://launchpad.net/bugs/1664931
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16239
OSSA History
- 2017-12-05 - Errata 1
- 2017-11-14 - Original Version
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
pgpIX5EJBfaxc.pgp
Description
pad.net/bugs/1739593
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18191
Notes
~
- Pike and Ocata patches disable encrypted volume swapping, this feature is now
only supported in Nova version >= 17.0.0.
--
Tristan Cacqueray
OpenStack Vulnerability Management Team
pgpYVP6CazoiT.
71 matches
Mail list logo