from:"Grant Murphy"

[Openstack] [OSSA-2014-041] Glance v2 API unrestricted path traversal

2014-12-23 Thread Grant Murphy

-- Grant Murphy OpenStack Vulnerability Management Team pgppAnpVjY7JN.pgp Description: PGP signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http

[Openstack] [OSSA 2014-041.1] Glance v2 API unrestricted path traversal (CVE-2014-9493) ERRATA 1

2015-01-05 Thread Grant Murphy

-2014-9493 https://launchpad.net/bugs/1400966 OSSA History: 2015-01-05 - Errata 1 2014-12-23 - Original Version -- Grant Murphy OpenStack Vulnerability Management Team pgpi5VSK4tRGN.pgp Description: PGP signature ___ Mailing list: http

[Openstack] [OSSA 2015-013] Glance task flow may fail to delete image from backend

2015-07-28 Thread Grant Murphy

= OSSA-2015-013: Glance task flow may fail to delete image from backend = :Date: July 28, 2015 :CVE: CVE-2015-3289 Affects ~~~ - Glance: versions 2015.1.0

[Openstack] [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)

2014-01-23 Thread Grant Murphy

d.net/nova/+bug/1251590 -- Grant Murphy OpenStack Vulnerability Management Team signature.asc Description: This is a digitally signed message part ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to :

[Openstack] [OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056)

2014-03-27 Thread Grant Murphy

://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0056 https://bugs.launchpad.net/bugs/1243327 -- Grant Murphy OpenStack Vulnerability Management Team signature.asc Description: This is a digitally signed message part ___ Mailing list: http

[Openstack] [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)

2014-07-17 Thread Grant Murphy

://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517 https://launchpad.net/bugs/1325128 -- Grant Murphy OpenStack Vulnerability Management Team pgpsz6l2bAeA7.pgp Description: PGP signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo

[Openstack] [OSSA 2014-030] TLS cert verification option not honoured in paste configs (CVE-2014-7144)

2014-09-25 Thread Grant Murphy

fix: https://review.openstack.org/112232 Notes: These fixes are included in the keystonemiddleware 1.2.0 release and in the python-keystoneclient 0.11.0 release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7144 https://launchpad.net/bugs/1353315 -- Grant Murphy OpenStack Vulnerability

[Openstack] [OSSA 2014-031] Admin-only network attributes may be reset to defaults by non-privileged users (CVE-2014-6414)

2014-09-29 Thread Grant Murphy

release 2014.2.0 and in future 2014.1.3 release. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6414 https://launchpad.net/bugs/1357379 -- Grant Murphy OpenStack Vulnerability Management Team pgpyNE751SxW_.pgp Description: PGP signature

[Openstack] [OSSA-2014-041] Glance v2 API unrestricted path traversal

[Openstack] [OSSA 2014-041.1] Glance v2 API unrestricted path traversal (CVE-2014-9493) ERRATA 1

[Openstack] [OSSA 2015-013] Glance task flow may fail to delete image from backend

[Openstack] [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)

[Openstack] [OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056)

[Openstack] [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517)

[Openstack] [OSSA 2014-030] TLS cert verification option not honoured in paste configs (CVE-2014-7144)

[Openstack] [OSSA 2014-031] Admin-only network attributes may be reset to defaults by non-privileged users (CVE-2014-6414)

8 matches

Site Navigation

Mail list logo

Footer information