You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa OpenStack horizon

Sigurnosni nedostatak programskog paketa OpenStack horizon

==========================================================================
Ubuntu Security Notice USN-2206-1
May 06, 2014

horizon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10

Summary:

OpenStack Horizon did not properly process Heat templates.

Software Description:
– horizon: Web interface for OpenStack cloud infrastructure

Details:

Cristian Fiorentino discovered that OpenStack Horizon did not properly
perform input sanitization for Heat templates. If a user were tricked into
using a specially crafted Heat template, an attacker could conduct
cross-site scripting attacks. With cross-site scripting vulnerabilities, if
a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
openstack-dashboard 1:2013.2.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2206-1
CVE-2014-0157

Package Information:
https://launchpad.net/ubuntu/+source/horizon/1:2013.2.3-0ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTaP2YAAoJEFHb3FjMVZVzflEP/iPRawEhHWHiykhGewJ0lh5k
VAR408iuDxSKtGySpCyL26YqyvwFWkecEmKs3iixuFYhCJ19w9rs+oMFsrx2HxOD
3WMg6ASqqczEugsT36nA5S99RPj+vtCWCOZ34dC1RIvPCKS+RH0NvGtHpbFHrNN6
til8ZJKFeWBqnxq4HTG/Dcyf6rpuIYWcgF5zISNGB1M6eEI274eli9p9gWrfyjNU
x8wc9hlbUIC/Sq1Z/vclWPnbJCTUt3Fx3G0UR/8pkeCBzjVQSUQSmDhE4/MgtmVO
5VC592QV/5m2DHuoq/wX2bEkmJT2YmEAgcdtbnqNFNMEHAd3gWb6YAAaxV2iHlpj
EakcQaPJpbDMUjxQbsJUS7V5dT3Tlh/GZOX8xy9UAZG+OEcSihhQygp78xE6vbgi
gif7zm0fmaGV5jXzNErzZTX25XtsSex7hklqU3e4www2QPUmZmD/0T2qtYzjJOvF
50VGh241sFBXjMfhzjePB23zLZ3aBh4WO6gAqsFYOfBUjdg32M5g53V1+rs7sJ4J
q8jsySqDOEgNCzKBjQi0vQ5yOzoA7U2+Zowh/6s6KQLoVj9cEGExneV0UBp04/6T
t05HwD08kyFJUc16RVQAN/7hHnhsNOBUaCXW705rS9n+V0N42q3kMPDPzvSDy2KF
+fBVioabFFHnVU2UeNki
=tkH2
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak OpenStack programa quantum i cinder

Otkriven je sigurnosni nedostatak u programskim paketima quantum i cinder za Ubuntu 12.10. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih...

Close