15 Commits

Author SHA1 Message Date
Doug Chivers
4f3db51563 Cinder secure wipe misconfiguration will result in no wipe, on
Grizzly.

DocImpact
Closes-Bug: #1322766

Change-Id: I27e3b321cd8b86dfae74c042a6642121184deb2f
2014-06-02 18:17:13 +01:00
Robert Clark
407fb8f198 Adds OSSN-0013
This adds OSSN-0013 addressing an issue with the way Glance property
protections are processed. In some deployments it is possible that a
configuration will allow actions that the administrator had intended
to restrict, unless permissions are defined in a careful order.

Change-Id: Ib149f2559659702f21793c3394bd0791352e18b3
Closes-Bug: #1271426
2014-05-07 07:55:41 +01:00
Jenkins
3e3088b00d Merge "Add OSSN-0010 - Sample Keystone v3 policy exposes privilege escalation vulnerability" 2014-04-17 18:42:56 +00:00
Jamie Finnigan
1c3455cc2b Add OSSN-0010 - Sample Keystone v3 policy exposes privilege escalation
vulnerability

This adds OSSN-0010, which covers a privilege escalation issue
associated with a sample Keystone v3 policy file.

Change-Id: I3213bbf4b9956b75d733f219660fcefe6a51848d
Related-Bug: #1287219
2014-04-17 09:36:16 -07:00
Nathan Kinder
c338a1fccc Correct typo in OSSN-0012 title
The title for OSSN-0012 has a misspelling in it.  This corrects
the typo.

Change-Id: Ic7c2a7f56d58986453a33b94f2d8b42efedcad05
2014-04-10 00:13:58 -07:00
Nathan Kinder
786d188b5d Add OSSN-0012 - OpenSSL Heartbleed vulnerability
This adds OSSN-0012, which covers the OpenSSL Heartbleed
vulnerability.  This isn't a vulnerability in OpenStack itself, but
OpenStack deployments are likely affected since they would be using
OpenSSL for SSL/TLS.

Change-Id: I2db43e23dc0b090887e937be6188b64e2a0a2ad5
2014-04-09 17:01:45 -07:00
Nathan Kinder
f291579bfb Add OSSN-0011 - Heat templates with invalid references allows unintended network access
This adds OSSN-0011, which covers an issue related to invalid
security group references in CFN templates being improperly evaluated
by Heat.  This results in unintended network access being allowed.

Related-Bug: 1291091

Change-Id: I88ee23aadc74020f150332a619796ebd77ef9698
2014-04-04 15:18:26 -07:00
Jenkins
66136e3c69 Merge "Add gitreview file" 2014-04-02 17:02:16 +00:00
Nathan Kinder
5380798f05 Add OSSN-0009 - Potential token revocation abuse via group membership
This adds OSSN-0009, which covers an issue related to the ability
for a user to to abuse group operations in Keystone to trigger
revocation of tokens for other users.

Change-Id: Ic59048442a78fd37b4dcb608ee1a468af70fa82d
Related-Bug: #1268751
2014-04-01 19:48:58 -07:00
Nathan Kinder
af9cfa77ce Add gitreview file
This adds a .gitreview file to allow one to easily add a gerrit
remote to a newly cloned repo by running 'git review -s'.

Change-Id: I019ec453f3cbcc07c9d51978c7c6bf87baf95f3f
2014-04-01 16:53:46 -07:00
Nathan Kinder
732ab7bec2 Add OSSN-0008 - DoS attack on noVNC/SPICE console due to lack of limiting
This adds OSSN-0008, which covers an issue related to the ability
for a user to exhaust the resources on a noVNC or SPICE console host
resulting in a DoS condition.
2014-03-09 09:58:57 -07:00
Nathan Kinder
ce768e0d54 Modified templates to wrap lines at 72 characters
Some popular mail client PGP software will wrap lines at 72
characters.  If we send an OSSN out that has longer lines,
the formatting gets messed up.  This can make the OSSN hard
to read.  This patch modifies the templates to wrap lines at
72 characters so they match the guidelines posted in the OSSN
process pages on the wiki.

Now that we are publishing OSSNs on the wiki, I changed the
templates to include a link to the OSSN on the wiki instead
of duplicating the Launchpad link like we did previously.
2014-03-06 18:51:31 -08:00
Nathan Kinder
02a381f826 Add OSSN-0007 - unsecure libvirt live migration instructions
This adds OSSN-0007, which covers an issue related to securing
libvirt live migration.
2014-03-06 14:59:19 -08:00
Nathan Kinder
f02609813e Add previously published security notes
This adds all previously published security notes to the repo.  I
also provided some helpful documentation in the README and provided
e-mail and wiki format templates to aid in writing new security
notes.
2014-02-12 21:35:18 -08:00
Nathan Kinder
e5125edcbd Initial commit 2014-02-12 19:41:01 -08:00