Added Authors to Security Notes

All OSSN authors, added under the "Author:" metadata field

Change-Id: I81771dd3ec8d2c133ebc6ddf9f2c5f0f958d603a
Closes-Bug: #1599064
This commit is contained in:
Luke Hinds 2016-07-05 12:32:14 +01:00 committed by Robert Clark
parent 7c2198fb37
commit 1bf55f1eb0
60 changed files with 63 additions and 0 deletions

View File

@ -37,6 +37,7 @@ The OSSG recommends against using LXC for enforcing secure separation of
guests. Even with appropriate AppArmour policies applied. guests. Even with appropriate AppArmour policies applied.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
Nova : http://docs.openstack.org/developer/nova/ Nova : http://docs.openstack.org/developer/nova/
LXC : http://lxc.sourceforge.net/ LXC : http://lxc.sourceforge.net/
Libvirt : http://libvirt.org/ Libvirt : http://libvirt.org/

View File

@ -30,6 +30,7 @@ Apache: HTTP Server Project
Apache Config: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody Apache Config: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN Bug: https://bugs.launchpad.net/ossn/+bug/1155566 This OSSN Bug: https://bugs.launchpad.net/ossn/+bug/1155566
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1098177 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1098177
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -37,6 +37,7 @@ Ensure that in your deployment keystone.conf uses the most restrictive
permissions that allow the system to continue proper operations. permissions that allow the system to continue proper operations.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://bugs.launchpad.net/ossn/+bug/1168252 This OSSN : https://bugs.launchpad.net/ossn/+bug/1168252
Original LaunchPad Bug : https://bugs.launchpad.net/devstack/+bug/1168252 Original LaunchPad Bug : https://bugs.launchpad.net/devstack/+bug/1168252
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -53,6 +53,7 @@ Despite this restriction in Horizon, it is recommended to leave the default
directly without using Horizon to initiate a password change. directly without using Horizon to initiate a password change.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://bugs.launchpad.net/ossn/+bug/1237989 This OSSN : https://bugs.launchpad.net/ossn/+bug/1237989
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1237989 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1237989
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -47,6 +47,7 @@ enable_v1_api = False
---- end example glance-api.conf snippet ---- ---- end example glance-api.conf snippet ----
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://bugs.launchpad.net/ossn/+bug/1226078 This OSSN : https://bugs.launchpad.net/ossn/+bug/1226078
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1226078 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1226078
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -57,6 +57,7 @@ authentication plugin can be created that uses the external username that
contains an "@" character as-is. contains an "@" character as-is.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://bugs.launchpad.net/ossn/+bug/1254619 This OSSN : https://bugs.launchpad.net/ossn/+bug/1254619
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1254619 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1254619
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -209,6 +209,7 @@ Please consult the documentation for your firewall software for
instructions on configuring the appropriate firewall rules. instructions on configuring the appropriate firewall rules.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0007 This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0007
Original LaunchPad Bug : https://bugs.launchpad.net/openstack-manuals/+bug/1287194 Original LaunchPad Bug : https://bugs.launchpad.net/openstack-manuals/+bug/1287194
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -43,6 +43,8 @@ Future OpenStack releases are looking to add the ability to restrict
noVNC and SPICE console connections. noVNC and SPICE console connections.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
Author: Sriram Subramanian, CloudDon
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0008 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0008
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1227575 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1227575
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -39,6 +39,7 @@ tokens for other users by performing group deletion operations. You
should take caution with who you delegate these capabilities to. should take caution with who you delegate these capabilities to.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0009 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0009
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1268751 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1268751
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -40,6 +40,7 @@ IDs and consider it for applicability to your Keystone deployment:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=a2fa6a6f01a4884edf369cafa39946636af5cf1a https://git.openstack.org/cgit/openstack/keystone/commit/?id=a2fa6a6f01a4884edf369cafa39946636af5cf1a
### Contacts / References ### ### Contacts / References ###
Author: Jamie Finnigan, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0010 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0010
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1287219 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1287219
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -138,6 +138,7 @@ security group references to ensure that the resulting network rules
are as intended. are as intended.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0011 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0011
Original LaunchPad Bug : https://bugs.launchpad.net/heat/+bug/1291091 Original LaunchPad Bug : https://bugs.launchpad.net/heat/+bug/1291091
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -66,6 +66,8 @@ recommended that cloud administrators change any passwords, tokens, or
other credentials that may have been communicated over SSL/TLS. other credentials that may have been communicated over SSL/TLS.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0012 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0012
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org
OpenStack Security Group : https://launchpad.net/~openstack-ossg OpenStack Security Group : https://launchpad.net/~openstack-ossg

View File

@ -83,6 +83,7 @@ tested to ensure that CRUD actions are constrained in the way the administrator
intended. intended.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0013 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0013
Original Launchpad Bug : https://bugs.launchpad.net/glance/+bug/1271426 Original Launchpad Bug : https://bugs.launchpad.net/glance/+bug/1271426
Original Report : http://lists.openstack.org/pipermail/openstack-dev/2014-January/024861.html Original Report : http://lists.openstack.org/pipermail/openstack-dev/2014-January/024861.html

View File

@ -65,6 +65,7 @@ alternatives such as applying mandatory access control policies
to the files in order to minimize the possible exposure. to the files in order to minimize the possible exposure.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0014 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0014
Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1260679 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1260679
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -40,6 +40,7 @@ restrict the ability to publicize images to users with the "admin" role
in the Juno release of OpenStack. in the Juno release of OpenStack.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0015 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0015
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1313746 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1313746
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -38,6 +38,7 @@ volume_clear option” <logfile>)
### Contacts / References ### ### Contacts / References ###
Author: Doug Chivers, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0016 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0016
Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1322766 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1322766
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -84,6 +84,7 @@ cookie is compromised, an attacker may assume all privileges of the
user for as long as their session is valid. user for as long as their session is valid.
### Contacts / References ### ### Contacts / References ###
Author: Travis McPeak, Symantec
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017
Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -57,6 +57,7 @@ allow traffic coming from the running instances to services controlled
by Nova - DHCP and DNS providers. by Nova - DHCP and DNS providers.
### Contacts / References ### ### Contacts / References ###
Author: Stanislaw Pitucha, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0018 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0018
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316271 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316271
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -56,6 +56,7 @@ that could be used to impersonate a SAN host and enact an Man in the
Middle attack. Middle attack.
### Contacts / References ### ### Contacts / References ###
Author: Tim Kelsey, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0019 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0019
Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1320056 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1320056
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -53,6 +53,7 @@ The Neutron development team plans to address this issue in a future
version of Neutron. version of Neutron.
### Contacts / References ### ### Contacts / References ###
Author Priti Desai, Symantec
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0020 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0020
Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1334926 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1334926
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -63,6 +63,7 @@ In the future, operators will be able to use keystoneclient for a more
convenient method of accessing and updating this information. convenient method of accessing and updating this information.
### Contacts / References ### ### Contacts / References ###
Author: Stanislaw Pitucha, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0021 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0021
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341849 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341849
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -51,6 +51,7 @@ boot <instance_id>" or reboot using "nova reboot --hard <instance_id>"
to force the security group rules to be applied. to force the security group rules to be applied.
### Contacts / References ### ### Contacts / References ###
Author: Doug Chivers, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0022 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0022
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316822 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316822
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -62,6 +62,7 @@ configured to switch to a customised log format using directive
'access_log' only for requests matching location '/v2.0/tokens/...'. 'access_log' only for requests matching location '/v2.0/tokens/...'.
### Contacts / References ### ### Contacts / References ###
Author: Stanislaw Pitucha, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0023 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0023
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1348844 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1348844
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -71,6 +71,7 @@ An alternate approach is to never run a production system with the log
level in DEBUG mode. level in DEBUG mode.
### Contacts / References ### ### Contacts / References ###
Author: Abu Shohel Ahmed, Ericsson
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0024 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0024
Original Launchpad Bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1004114 Original Launchpad Bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1004114
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1004114 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1004114

View File

@ -62,6 +62,7 @@ environment, so test configurations before deploying them in a
production environment. production environment.
### Contacts / References ### ### Contacts / References ###
Author: Nathaniel Dillon, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0025 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0025
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1354512 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1354512
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -50,6 +50,7 @@ plaintext credentials, can result from permissions which allow
malicious users to view sensitive data (read access). malicious users to view sensitive data (read access).
### Contacts / References ### ### Contacts / References ###
Author: Travis McPeak, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0026 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0026
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1343657 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1343657
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -64,6 +64,7 @@ The Neutron development team plan to address this issue in a future
version version
### Contacts / References ### ### Contacts / References ###
Author: Tim Kelsey, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0027 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0027
Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1274034 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1274034
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -57,6 +57,7 @@ underlying compute node by it's serial number may wish to disable
reporting of any sysinfo serial field at all by using the 'none' value. reporting of any sysinfo serial field at all by using the 'none' value.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0028 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0028
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1337349 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1337349
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -57,6 +57,7 @@ independently.
This issue has been fixed in the Juno release of OpenStack. This issue has been fixed in the Juno release of OpenStack.
### Contacts / References ### ### Contacts / References ###
Author: Tim Kelsey, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0029 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0029
Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1365961 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1365961
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -70,6 +70,7 @@ System logs should also be interrogated for any such strings as an
indication of possible attacks. indication of possible attacks.
### Contacts / References ### ### Contacts / References ###
Author: Tim Kelsey, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0030 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0030
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1374055 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1374055
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -27,6 +27,7 @@ is a requirement without a full verifiable boot chain and network
hardware. hardware.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0031 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0031
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1174153 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1174153
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -35,6 +35,7 @@ NOTE: Flushing Memcached can result in losing token revocation
information as addressed in https://bugs.launchpad.net/ossn/+bug/1182920 information as addressed in https://bugs.launchpad.net/ossn/+bug/1182920
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0032 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0032
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1179955 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1179955
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -37,6 +37,7 @@ mentioned in the 'References' section of this note to see if the
projects they require have updated. projects they require have updated.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0033 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0033
Launchpad Bugs : Launchpad Bugs :

View File

@ -38,6 +38,7 @@ suggest you consider using an on-disk DB such as MySQL / PostgreSQL or
perhaps look into Memcachedb. perhaps look into Memcachedb.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0034 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0034
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1182920 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1182920
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -50,6 +50,7 @@ As always, test these configuration settings before deploying them to
production in order to catch any bugs or errors. production in order to catch any bugs or errors.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035
SSL Strip : http://www.thoughtcrime.org/software/sslstrip SSL Strip : http://www.thoughtcrime.org/software/sslstrip
Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191050 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191050

View File

@ -22,6 +22,7 @@ true as described in the Django documentation:
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0036 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0036
Related OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035 Related OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035
Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191051 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191051

View File

@ -36,6 +36,7 @@ For Nginx, you can do this by disabling the gzip module:
http://wiki.nginx.org/HttpGzipModule http://wiki.nginx.org/HttpGzipModule
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, HP
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0037 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0037
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1209250 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1209250
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -43,6 +43,7 @@ the cache should ascertain whether or not their vendor shipped suds package
is susceptible and consider the above advice. is susceptible and consider the above advice.
### Contacts / References ### ### Contacts / References ###
Author: Tim Kelsey, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0038 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0038
Original Launchpad Bug : https://bugs.launchpad.net/ossn/+bug/1341954 Original Launchpad Bug : https://bugs.launchpad.net/ossn/+bug/1341954
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -133,6 +133,7 @@ above to verify that each service is configured as expected.
### Contacts / References ### ### Contacts / References ###
Author: Bryan D. Payne, Nebula
This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0039 This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0039
Original Launchpad Bug: https://bugs.launchpad.net/ossn/+bug/1382270 Original Launchpad Bug: https://bugs.launchpad.net/ossn/+bug/1382270
OpenStack Security ML: openstack-security@lists.openstack.org OpenStack Security ML: openstack-security@lists.openstack.org

View File

@ -42,6 +42,7 @@ Concerned users are encouraged to read (OSSG member) Nathan Kinder's
blog post on this issue and some of the potential future solutions. blog post on this issue and some of the potential future solutions.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, IBM
Nathan Kinder on Token Scoping : https://blog-nkinder.rhcloud.com/?p=101 Nathan Kinder on Token Scoping : https://blog-nkinder.rhcloud.com/?p=101
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0042 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0042
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341816 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341816

View File

@ -52,6 +52,7 @@ of places where these vulnerable functions are used, this effectively
means that vulnerable systems must be restarted after updating glibc. means that vulnerable systems must be restarted after updating glibc.
### Contacts / References ### ### Contacts / References ###
Author: Doug Chivers, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0043 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0043
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1415416 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1415416
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -30,6 +30,7 @@ Upstream patch:
https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
### Contacts / References ### ### Contacts / References ###
Author: Paul McMillan, Nebula
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0044 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0044
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1420942 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1420942
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -72,6 +72,7 @@ and are beyond the scope of this note. Some good starting places are
provided below in the section: "Resources for configuring TLS options". provided below in the section: "Resources for configuring TLS options".
### Contacts / References ### ### Contacts / References ###
Author: Travis McPeak, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0045 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0045
Original LaunchPad Bug : N/A Original LaunchPad Bug : N/A
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -33,6 +33,7 @@ using the debug configuration for affected services in production
environments. environments.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, IBM
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0046 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0046
Original LaunchPad Bug : https://bugs.launchpad.net/ironic/+bug/1425206 Original LaunchPad Bug : https://bugs.launchpad.net/ironic/+bug/1425206
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -113,6 +113,7 @@ identity provider specific 'Location' directives as described above in
addition to using the new 'remote_ids' checking in the Kilo release. addition to using the new 'remote_ids' checking in the Kilo release.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0047 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0047
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1390124 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1390124
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -56,6 +56,7 @@ deployments of glance should consider upgrading to the Juno 2014.2.4
release. release.
### Contacts / References ### ### Contacts / References ###
Author: Michael McCune, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0048 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0048
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1414532 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1414532
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -57,6 +57,7 @@ editted as follows:
debug = False debug = False
### Contacts / References ### ### Contacts / References ###
Author: Michael McCune, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0049 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0049
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1451931 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1451931
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -31,6 +31,7 @@ the `glance-api.conf` file:
debug = false debug = false
### Contacts / References ### ### Contacts / References ###
Author: Nathaniel Dillon, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0052 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0052
Original LaunchPad Bug : https://bugs.launchpad.net/python-swiftclient/+bug/1470740 Original LaunchPad Bug : https://bugs.launchpad.net/python-swiftclient/+bug/1470740
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -56,6 +56,7 @@ installations have increased token lifespans back to the old value of
24 hours - increasing their exposure to this issue. 24 hours - increasing their exposure to this issue.
### Contacts / References ### ### Contacts / References ###
Author: Michael McCune, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0053 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0053
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1455582 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1455582
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -41,6 +41,7 @@ If possible, affected users should upgrade to the Kilo or newer release
of Horizon, allowing them to use the fixed version of Django. of Horizon, allowing them to use the fixed version of Django.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, IBM
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0054 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0054
Django fix : https://www.djangoproject.com/weblog/2015/jul/08/security-releases/ Django fix : https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
Django CVE : CVE-2015-5143 Django CVE : CVE-2015-5143

View File

@ -50,6 +50,7 @@ unexpectedly. In particular, pay attention to unusual IPs using the
service account. service account.
### Contacts / References ### ### Contacts / References ###
Author: Travis McPeak, HPE and Brant Knudson, IBM
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0055 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0055
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1464750 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1464750
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -43,6 +43,8 @@ time. If this is unacceptable, reduce the cache time to reduce the
attack window or disable token caching entirely. attack window or disable token caching entirely.
### Contacts / References ### ### Contacts / References ###
Author: Shellee Arnold, HPE
Author: Dough Chivers, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0056 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0056
Original LaunchPad Bug : https://bugs.launchpad.net/python-keystoneclient/+bug/1287301 Original LaunchPad Bug : https://bugs.launchpad.net/python-keystoneclient/+bug/1287301
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -49,6 +49,7 @@ Adding image metadata... add_image_metadata
---- end example glance-api.log snippet ---- ---- end example glance-api.log snippet ----
### Contacts / References ### ### Contacts / References ###
Author: Eric Brown, VMware
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0057 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0057
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1401170 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1401170
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -50,6 +50,7 @@ the nodes exposing the volumes to only allow traffic through port 3260
from nodes that will need to attach volumes. from nodes that will need to attach volumes.
### Contacts / References ### ### Contacts / References ###
Author: Michael McCune, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0058 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0058
Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1329214 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1329214
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -31,6 +31,7 @@ secure boot with trusted boot. At the same time, Nova team has
discussed deprecating Trusted Filter. discussed deprecating Trusted Filter.
### Contacts / References ### ### Contacts / References ###
Author: Michael Xin, Rackspace
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0059 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0059
Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1456228 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1456228
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -43,6 +43,7 @@ it is recommended that all users ensure that `use_user_token` is left
at the default setting (`True`) or commented out. at the default setting (`True`) or commented out.
### Contacts / References ### ### Contacts / References ###
Author: Travis McPeak, HPE
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0060 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0060
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1493448 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1493448
OpenStack Security Documentation : https://security.openstack.org OpenStack Security Documentation : https://security.openstack.org

View File

@ -35,6 +35,7 @@ A specification for a fix has been proposed by the Glance development
team and is targeted for the Mitaka release. team and is targeted for the Mitaka release.
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, IBM
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0061 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0061
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1516031 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1516031
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -65,6 +65,7 @@ cloud is vulnerable to this issue and you should switch to a different
token provider. token provider.
### Contacts / References ### ### Contacts / References ###
Author: Nathan Kinder, Red Hat
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0062 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0062
Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1490804 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1490804
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -42,6 +42,7 @@ Nova and Cinder. Additionally these patches have been backported to
stable/kilo and stable/liberty. stable/kilo and stable/liberty.
### Contacts / References ### ### Contacts / References ###
Author: Dave McCowan, Cisco
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0063 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0063
Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1523646 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1523646
OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security ML : openstack-security@lists.openstack.org

View File

@ -65,6 +65,7 @@ from the API pipelines in keystone-paste.ini.
---- end good keystone-paste.ini snippet ---- ---- end good keystone-paste.ini snippet ----
### Contacts / References ### ### Contacts / References ###
Author: Robert Clark, IBM
This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0064 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0064
Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1545789 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1545789
Mailing list [Security] tag on : openstack-dev@lists.openstack.org Mailing list [Security] tag on : openstack-dev@lists.openstack.org