==========================================================================
Ubuntu Security Notice USN-3447-1
October 11, 2017
horizon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.04 LTS
Summary:
OpenStack Horizon could be made to expose sensitive information over the
network.
Software Description:
– horizon: Web interface for OpenStack cloud infrastructure
Details:
Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was
incorrect protected against cross-site scripting (XSS) attacks. A remote
authenticated user could use this issue to inject web script or HTML in
a dashboard form.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
openstack-dashboard 1:2014.1.5-0ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3447-1
CVE-2016-4428
Package Information:
https://launchpad.net/ubuntu/+source/horizon/1:2014.1.5-0ubuntu2.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJZ3htqAAoJEGVp2FWnRL6TauoQAJjAIFIMi6pn9diI3xosMhth
IVS0ojix2y4N9RPu5+Nfd9FYRIxQkTmU91i95Er20RtxPkFScSEReRRLl9D7kQQi
deVNqQvZU5Hrl9/Ma4E3wbFvkanxS2QeMajAICA/cpMHSKY58IAVqyOWKVwoTReo
p7/OUfdo9xoYxOCIGZ9OEQSRay4hoL0b9vo1fJSNEgeGGHTNny7BQw7DUyNCVkvp
t7ilnYSdYY+1kf0yGxMhPKEpfc5195jtTdtWZgq8EGpuBGJGtaB/h9qg80kIRWXK
X9gIcvhlRwpANCkNfENhXXtlIth79BbeWZSWLXkM2HPh7JaN2FhXQYPVQWFPq5xH
TO6/txwHbtyUtCdOkzJ5U9i7AOA2pOncj+fk9pAeYs0B6eQUqfjm/FJYut71Q8+f
j5d5v7xktnOVkTtrpQAYTeXAZRcwnRiYhPQiZBcWhGGlmVzRRvgEHRwoOzWimB1J
iubsuDZEuh9YSpQRg/4i++uciEZM+kzXfSGmLCqR/zbZJ1joh7Bny0gM9Qqz7Zc1
afXm2CMI4gT+uF0FIPs8Vxaczi2QcA118y3P3m8/I//D/pp5z/XGuQUlfVByPO9o
kE5iZ5jzaBRtruukt0oQWR1I2kY8Sxq80GNFyUVJ9eNGw7ah9xWRqwWJesjAw3HW
fpGYWq0VwaaiTAlVpPDx
=KAI7
—–END PGP SIGNATURE—–
—