지락문화예술공작단

USN-3447-1: OpenStack Horizon vulnerability Ubuntu Security Notice USN-3447-1 11th October, 2017 horizon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary OpenStack Horizon could be made to expose sensitive information over the network. Software description horizon – Web interface for OpenStack cloud infrastructure Details Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon wasincorrect protected against cross-site scripting (XSS) attacks. A remoteauthenticated user could use this issue to inject web script or HTML ina dashboard form. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: openstack-dashboard 1:2014.1.5-0ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-4428 Source: USN-3447-1: OpenStack Horizon vulnerability

USN-3448-1: OpenStack Keystone vulnerability Ubuntu Security Notice USN-3448-1 11th October, 2017 keystone vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary OpenStack Keystone would allow unintended access over the network. Software description keystone – OpenStack identity service Details Boris Bobrov discovered that OpenStack Keystone incorrectly handledfederation mapping when there are rules in which group-based assignmentsare not used. A remote authenticated user may receive all the rolesassigned to a project regardless of the federation mapping, contrary toexpectations. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: keystone 2:9.3.0-0ubuntu3.1 python-keystone 2:9.3.0-0ubuntu3.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-2673 Source: USN-3448-1: OpenStack Keystone vulnerability

USN-3449-1: OpenStack Nova vulnerabilities Ubuntu Security Notice USN-3449-1 11th October, 2017 nova vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Nova. Software description nova – OpenStack Compute cloud infrastructure Details George Shuklin discovered that OpenStack Nova incorrectly handled themigration process. A remote authenticated user could use this issue toconsume resources, resulting in a denial of service. (CVE-2015-3241) George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectlyhandled deleting instances. A remote authenticated user could use thisissue to consume disk resources, resulting in a denial of service.(CVE-2015-3280) It was discovered that OpenStack Nova incorrectly limited qemu-img calls. Aremote authenticated user could use this issue to consume resources,resulting in a denial of service. (CVE-2015-5162) Matthew Booth discovered that OpenStack Nova incorrectly handled snapshots.A remote authenticated user could [ more… ]

USN-3450-1: Open vSwitch vulnerabilities Ubuntu Security Notice USN-3450-1 11th October, 2017 openvswitch vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Summary Several security issues were fixed in Open vSwitch. Software description openvswitch – Ethernet virtual switch Details Bhargava Shastry discovered that Open vSwitch incorrectly handled certainOFP messages. A remote attacker could possibly use this issue to causeOpen vSwitch to crash, resulting in a denial of service. (CVE-2017-9214) It was discovered that Open vSwitch incorrectly handled certain OpenFlowrole messages. A remote attacker could possibly use this issue to causeOpen vSwitch to crash, resulting in a denial of service. (CVE-2017-9263) It was discovered that Open vSwitch incorrectly handled certain malformedpackets. A remote attacker could possibly use this issue to cause OpenvSwitch to crash, resulting in a denial of service. This issue onlyaffected Ubuntu [ more… ]

USN-3451-1: OpenStack Swift vulnerabilities Ubuntu Security Notice USN-3451-1 11th October, 2017 swift vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenStack Swift. Software description swift – OpenStack distributed virtual object store Details It was discovered that OpenStack Swift incorrectly handled tempurls. Aremote authenticated user in possession of a tempurl key authorized for PUTcould retrieve other objects in the same Swift account. (CVE-2015-5223) Romain Le Disez and Örjan Persson discovered that OpenStack Swiftincorrectly closed client connections. A remote attacker could possibly usethis issue to consume resources, resulting in a denial of service.(CVE-2016-0737, CVE-2016-0738) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: swift 1.13.1-0ubuntu1.5 python-swift 1.13.1-0ubuntu1.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, [ more… ]