USN-3447-1: OpenStack Horizon vulnerability
USN-3447-1: OpenStack Horizon vulnerability Ubuntu Security Notice USN-3447-1 11th October, 2017 horizon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary OpenStack Horizon could be made to expose sensitive information over the network. Software description horizon – Web interface for OpenStack cloud infrastructure Details Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon wasincorrect protected against cross-site scripting (XSS) attacks. A remoteauthenticated user could use this issue to inject web script or HTML ina dashboard form. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: openstack-dashboard 1:2014.1.5-0ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-4428 Source: USN-3447-1: OpenStack Horizon vulnerability