[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1

2024-04-03 Thread Rohit Yadav
Apache CloudStack security releases 4.18.1.1 and 4.19.0.1 address the CVEs listed below. Affected users are recommended to upgrade their CloudStack installations. 1. CVE-2024-29006: x-forwarded-for HTTP header parsed by default Severity: moderate Description: By default the CloudStack

Re: [ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

2016-10-27 Thread Rohit Yadav
is was not officially voted and I've added a note on this tag as well. The git history may be viewed to see what exactly was changed. [1] https://github.com/apache/cloudstack/releases/tag/4.5.2.2 Regards. On Thu, Oct 27, 2016 at 9:37 AM, Rohit Yadav wrote: > # Apache CloudStack Securit

[ANNOUNCE] Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1

2016-10-26 Thread Rohit Yadav
# Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1 The Apache CloudStack project announces security releases 4.8.1.1, 4.9.0.1 that fixes the bug causing vulnerability over previously released minor versions 4.8.1 and 4.9.0 respectively. As a security release, no new features are included but

[ANNOUNCE] Apache CloudStack Security Releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1

2016-06-09 Thread Rohit Yadav
# Apache CloudStack Security Releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 The Apache CloudStack project announces security releases 4.5.2.1, 4.6.2.1, 4.7.1.1, 4.8.0.1 that fixes the bug causing vulnerability over previously released minor versions 4.5.2, 4.6.2, 4.7.1 and 4.8.0 respectively. As a

Re: CloudStack Security

2014-09-22 Thread Daan Hoogland
Giri, you can not have a read-only database in a functional cloud instance. CloudStack writes to the database On Mon, Sep 22, 2014 at 2:46 PM, Giri Prasad wrote: > Hi All, > Can some please inform, what are the directories, that a typical cloud > stack management server and cloud agent, writes

CloudStack Security

2014-09-22 Thread Giri Prasad
Hi All,  Can some please inform, what are the directories, that a typical cloud stack management server and cloud agent, writes into or creates files, when cloudstack is installed on a fresh linux distro.  And also, how to make the cloud database as read only, after the installation of cs and th

Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack

2013-04-24 Thread John Kinsella
Product: Apache CloudStack Vendor: The Apache Software Foundation CVE References: CVE-2013-2756, CVE-2013-2758 Vulnerability Type(s): Authentication bypass (2756), cryptography (2758) Vulnerable version(s): Apache CloudStack version 4.0.0-incubating and 4.0.1-incubating Risk Level: High, Medium CVS