[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1

2024-04-03 Thread Rohit Yadav
Apache CloudStack security releases 4.18.1.1 and 4.19.0.1 address the CVEs listed below. Affected users are recommended to upgrade their CloudStack installations. 1. CVE-2024-29006: x-forwarded-for HTTP header parsed by default Severity: moderate Description: By default the CloudStack

[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1

2024-04-03 Thread Rohit Yadav
Apache CloudStack security releases 4.18.1.1 and 4.19.0.1 address the CVEs listed below. Affected users are recommended to upgrade their CloudStack installations. 1. CVE-2024-29006: x-forwarded-for HTTP header parsed by default Severity: moderate Description: By default the CloudStack

Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

2016-10-27 Thread Rohit Yadav
. This was not officially voted and I've added a note on this tag as well. The git history may be viewed to see what exactly was changed. [1] https://github.com/apache/cloudstack/releases/tag/4.5.2.2 Regards. On Thu, Oct 27, 2016 at 9:37 AM, Rohit Yadav <bhais...@apache.org> wrote: > # Apache C

[ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

2016-10-26 Thread Rohit Yadav
# Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 that fixes the bug causing vulnerability over previously released minor versions 4.8.1 and 4.9.0 respectively. As a security release, no new features are included

[ANNOUNCE] Apache CloudStack Security Releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1

2016-06-09 Thread Rohit Yadav
# Apache CloudStack Security Releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 The Apache CloudStack project announces security releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 that fixes the bug causing vulnerability over previously released minor versions 4.5.2, 4.6.2, 4.7.1 and 4.8.0 respectively

CloudStack Security

2014-09-22 Thread Giri Prasad
Hi All,  Can some please inform, what are the directories, that a typical cloud stack management server and cloud agent, writes into or creates files, when cloudstack is installed on a fresh linux distro.  And also, how to make the cloud database as read only, after the installation of cs and

Re: CloudStack Security

2014-09-22 Thread Daan Hoogland
Giri, you can not have a read-only database in a functional cloud instance. CloudStack writes to the database On Mon, Sep 22, 2014 at 2:46 PM, Giri Prasad g_p...@yahoo.com.invalid wrote: Hi All, Can some please inform, what are the directories, that a typical cloud stack management server

Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack

2013-04-24 Thread John Kinsella
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability Type(s): Authentication bypass (2756), cryptography (2758) Vulnerable version(s): Apache CloudStack version