SECURITY

USN-3447-1: OpenStack Horizon vulnerability Ubuntu Security Notice USN-3447-1 11th October, 2017 horizon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary OpenStack Horizon could be made to expose sensitive information over the network. Software description horizon – Web interface for OpenStack cloud infrastructure Details Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon wasincorrect protected against cross-site scripting (XSS) attacks. A remoteauthenticated user could use this issue to inject web script or HTML ina dashboard form. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: openstack-dashboard 1:2014.1.5-0ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-4428 Source: USN-3447-1: OpenStack Horizon vulnerability

USN-3446-1: OpenStack Glance vulnerabilities Ubuntu Security Notice USN-3446-1 11th October, 2017 glance vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Glance. Software description glance – OpenStack Image Registry and Delivery Service Details Hemanth Makkapati discovered that OpenStack Glance incorrectly handledaccess restrictions. A remote authenticated user could use this issue tochange the status of images, contrary to access restrictions.(CVE-2015-5251) Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectlyhandled the storage quota. A remote authenticated user could use this issueto consume disk resources, leading to a denial of service. (CVE-2015-5286) Erno Kuvaja discovered that OpenStack Glance incorrectly handled theshow_multiple_locations option. When show_multiple_locations is enabled,a remote authenticated user could change an image status and upload newimage data. (CVE-2016-0757) Update instructions The problem can be corrected by updating [ more… ]

USN-3452-1: Ceph vulnerabilities Ubuntu Security Notice USN-3452-1 11th October, 2017 ceph vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in Ceph. Software description ceph – distributed storage and file system Details It was discovered that Ceph incorrectly handled the handle_commandfunction. A remote authenticated user could use this issue to cause Ceph tocrash, resulting in a denial of service. (CVE-2016-5009) Rahul Aggarwal discovered that Ceph incorrectly handled theauthenticated-read ACL. A remote attacker could possibly use this issue tolist bucket contents via a URL. (CVE-2016-7031) Diluga Salome discovered that Ceph incorrectly handled certain POST objectswith null conditions. A remote attacker could possibly use this issue tocuase Ceph to crash, resulting in a denial of service. (CVE-2016-8626) Yang Liu discovered that Ceph incorrectly handled invalid HTTP Originheaders. A remote attacker [ more… ]

USN-3451-1: OpenStack Swift vulnerabilities Ubuntu Security Notice USN-3451-1 11th October, 2017 swift vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Swift. Software description swift – OpenStack distributed virtual object store Details It was discovered that OpenStack Swift incorrectly handled tempurls. Aremote authenticated user in possession of a tempurl key authorized for PUTcould retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swiftincorrectly closed client connections. A remote attacker could possibly usethis issue to consume resources, resulting in a denial of service.(CVE-2016-0737, CVE-2016-0738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: swift 1.13.1-0ubuntu1.5 python-swift 1.13.1-0ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]