diff --git a/security-notes/OSSN-0001 b/security-notes/OSSN-0001 index 4faa3bca..95d20e1a 100644 --- a/security-notes/OSSN-0001 +++ b/security-notes/OSSN-0001 @@ -37,6 +37,7 @@ The OSSG recommends against using LXC for enforcing secure separation of guests. Even with appropriate AppArmour policies applied. ### Contacts / References ### +Author: Robert Clark, HP Nova : http://docs.openstack.org/developer/nova/ LXC : http://lxc.sourceforge.net/ Libvirt : http://libvirt.org/ diff --git a/security-notes/OSSN-0002 b/security-notes/OSSN-0002 index cd7f77ed..889b227b 100644 --- a/security-notes/OSSN-0002 +++ b/security-notes/OSSN-0002 @@ -30,6 +30,7 @@ Apache: HTTP Server Project Apache Config: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody ### Contacts / References ### +Author: Robert Clark, HP This OSSN Bug: https://bugs.launchpad.net/ossn/+bug/1155566 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1098177 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0003 b/security-notes/OSSN-0003 index fe2542cc..77e7849f 100644 --- a/security-notes/OSSN-0003 +++ b/security-notes/OSSN-0003 @@ -37,6 +37,7 @@ Ensure that in your deployment keystone.conf uses the most restrictive permissions that allow the system to continue proper operations. ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://bugs.launchpad.net/ossn/+bug/1168252 Original LaunchPad Bug : https://bugs.launchpad.net/devstack/+bug/1168252 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0004 b/security-notes/OSSN-0004 index a2dbda1e..797b7862 100644 --- a/security-notes/OSSN-0004 +++ b/security-notes/OSSN-0004 @@ -53,6 +53,7 @@ Despite this restriction in Horizon, it is recommended to leave the default directly without using Horizon to initiate a password change. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://bugs.launchpad.net/ossn/+bug/1237989 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1237989 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0005 b/security-notes/OSSN-0005 index be4c410b..aa15e754 100644 --- a/security-notes/OSSN-0005 +++ b/security-notes/OSSN-0005 @@ -47,6 +47,7 @@ enable_v1_api = False ---- end example glance-api.conf snippet ---- ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://bugs.launchpad.net/ossn/+bug/1226078 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1226078 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0006 b/security-notes/OSSN-0006 index c9618b5b..9d0666ae 100644 --- a/security-notes/OSSN-0006 +++ b/security-notes/OSSN-0006 @@ -57,6 +57,7 @@ authentication plugin can be created that uses the external username that contains an "@" character as-is. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://bugs.launchpad.net/ossn/+bug/1254619 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1254619 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0007 b/security-notes/OSSN-0007 index cd257eb1..cb8ad613 100644 --- a/security-notes/OSSN-0007 +++ b/security-notes/OSSN-0007 @@ -209,6 +209,7 @@ Please consult the documentation for your firewall software for instructions on configuring the appropriate firewall rules. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0007 Original LaunchPad Bug : https://bugs.launchpad.net/openstack-manuals/+bug/1287194 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0008 b/security-notes/OSSN-0008 index 0a1c2dc2..1b5c9d7b 100644 --- a/security-notes/OSSN-0008 +++ b/security-notes/OSSN-0008 @@ -43,6 +43,8 @@ Future OpenStack releases are looking to add the ability to restrict noVNC and SPICE console connections. ### Contacts / References ### +Author: Nathan Kinder, Red Hat +Author: Sriram Subramanian, CloudDon This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0008 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1227575 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0009 b/security-notes/OSSN-0009 index 8b1c873d..5520dda0 100644 --- a/security-notes/OSSN-0009 +++ b/security-notes/OSSN-0009 @@ -39,6 +39,7 @@ tokens for other users by performing group deletion operations. You should take caution with who you delegate these capabilities to. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0009 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1268751 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0010 b/security-notes/OSSN-0010 index fc41f18d..24191f0c 100644 --- a/security-notes/OSSN-0010 +++ b/security-notes/OSSN-0010 @@ -40,6 +40,7 @@ IDs and consider it for applicability to your Keystone deployment: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a2fa6a6f01a4884edf369cafa39946636af5cf1a ### Contacts / References ### +Author: Jamie Finnigan, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0010 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1287219 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0011 b/security-notes/OSSN-0011 index 88baabbc..017e18fe 100644 --- a/security-notes/OSSN-0011 +++ b/security-notes/OSSN-0011 @@ -138,6 +138,7 @@ security group references to ensure that the resulting network rules are as intended. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0011 Original LaunchPad Bug : https://bugs.launchpad.net/heat/+bug/1291091 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0012 b/security-notes/OSSN-0012 index 99db3dfc..638085f0 100644 --- a/security-notes/OSSN-0012 +++ b/security-notes/OSSN-0012 @@ -66,6 +66,8 @@ recommended that cloud administrators change any passwords, tokens, or other credentials that may have been communicated over SSL/TLS. ### Contacts / References ### +Author: Nathan Kinder, Red Hat +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0012 OpenStack Security ML : openstack-security@lists.openstack.org OpenStack Security Group : https://launchpad.net/~openstack-ossg diff --git a/security-notes/OSSN-0013 b/security-notes/OSSN-0013 index 5449b3f5..f40db4ac 100644 --- a/security-notes/OSSN-0013 +++ b/security-notes/OSSN-0013 @@ -83,6 +83,7 @@ tested to ensure that CRUD actions are constrained in the way the administrator intended. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0013 Original Launchpad Bug : https://bugs.launchpad.net/glance/+bug/1271426 Original Report : http://lists.openstack.org/pipermail/openstack-dev/2014-January/024861.html diff --git a/security-notes/OSSN-0014 b/security-notes/OSSN-0014 index 3116405f..5c318d5a 100644 --- a/security-notes/OSSN-0014 +++ b/security-notes/OSSN-0014 @@ -65,6 +65,7 @@ alternatives such as applying mandatory access control policies to the files in order to minimize the possible exposure. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0014 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1260679 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0015 b/security-notes/OSSN-0015 index 17311aba..00eff3a9 100644 --- a/security-notes/OSSN-0015 +++ b/security-notes/OSSN-0015 @@ -40,6 +40,7 @@ restrict the ability to publicize images to users with the "admin" role in the Juno release of OpenStack. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0015 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1313746 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0016 b/security-notes/OSSN-0016 index fa1668b6..78d2fca8 100644 --- a/security-notes/OSSN-0016 +++ b/security-notes/OSSN-0016 @@ -38,6 +38,7 @@ volume_clear option” ) ### Contacts / References ### +Author: Doug Chivers, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0016 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1322766 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0017 b/security-notes/OSSN-0017 index 4cbf070e..094b2f81 100644 --- a/security-notes/OSSN-0017 +++ b/security-notes/OSSN-0017 @@ -84,6 +84,7 @@ cookie is compromised, an attacker may assume all privileges of the user for as long as their session is valid. ### Contacts / References ### +Author: Travis McPeak, Symantec This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0018 b/security-notes/OSSN-0018 index 62219c54..61dc5677 100644 --- a/security-notes/OSSN-0018 +++ b/security-notes/OSSN-0018 @@ -57,6 +57,7 @@ allow traffic coming from the running instances to services controlled by Nova - DHCP and DNS providers. ### Contacts / References ### +Author: Stanislaw Pitucha, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0018 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316271 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0019 b/security-notes/OSSN-0019 index adb1c398..49c2222f 100644 --- a/security-notes/OSSN-0019 +++ b/security-notes/OSSN-0019 @@ -56,6 +56,7 @@ that could be used to impersonate a SAN host and enact an Man in the Middle attack. ### Contacts / References ### +Author: Tim Kelsey, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0019 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1320056 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0020 b/security-notes/OSSN-0020 index 83323fd1..b405ca53 100644 --- a/security-notes/OSSN-0020 +++ b/security-notes/OSSN-0020 @@ -53,6 +53,7 @@ The Neutron development team plans to address this issue in a future version of Neutron. ### Contacts / References ### +Author Priti Desai, Symantec This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0020 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1334926 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0021 b/security-notes/OSSN-0021 index 44c1eefd..3440317a 100644 --- a/security-notes/OSSN-0021 +++ b/security-notes/OSSN-0021 @@ -63,6 +63,7 @@ In the future, operators will be able to use keystoneclient for a more convenient method of accessing and updating this information. ### Contacts / References ### +Author: Stanislaw Pitucha, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0021 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341849 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0022 b/security-notes/OSSN-0022 index cd052a24..3bc8f280 100644 --- a/security-notes/OSSN-0022 +++ b/security-notes/OSSN-0022 @@ -51,6 +51,7 @@ boot " or reboot using "nova reboot --hard " to force the security group rules to be applied. ### Contacts / References ### +Author: Doug Chivers, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0022 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316822 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0023 b/security-notes/OSSN-0023 index 5bc8c1dd..d6049ce3 100644 --- a/security-notes/OSSN-0023 +++ b/security-notes/OSSN-0023 @@ -62,6 +62,7 @@ configured to switch to a customised log format using directive 'access_log' only for requests matching location '/v2.0/tokens/...'. ### Contacts / References ### +Author: Stanislaw Pitucha, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0023 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1348844 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0024 b/security-notes/OSSN-0024 index 70fada6c..db46a5a3 100644 --- a/security-notes/OSSN-0024 +++ b/security-notes/OSSN-0024 @@ -71,6 +71,7 @@ An alternate approach is to never run a production system with the log level in DEBUG mode. ### Contacts / References ### +Author: Abu Shohel Ahmed, Ericsson This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0024 Original Launchpad Bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1004114 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1004114 diff --git a/security-notes/OSSN-0025 b/security-notes/OSSN-0025 index c8024e2e..bef6010d 100644 --- a/security-notes/OSSN-0025 +++ b/security-notes/OSSN-0025 @@ -62,6 +62,7 @@ environment, so test configurations before deploying them in a production environment. ### Contacts / References ### +Author: Nathaniel Dillon, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0025 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1354512 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0026 b/security-notes/OSSN-0026 index 32933071..1e014168 100644 --- a/security-notes/OSSN-0026 +++ b/security-notes/OSSN-0026 @@ -50,6 +50,7 @@ plaintext credentials, can result from permissions which allow malicious users to view sensitive data (read access). ### Contacts / References ### +Author: Travis McPeak, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0026 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1343657 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0027 b/security-notes/OSSN-0027 index 91a0b112..fa6fb4e8 100644 --- a/security-notes/OSSN-0027 +++ b/security-notes/OSSN-0027 @@ -64,6 +64,7 @@ The Neutron development team plan to address this issue in a future version ### Contacts / References ### +Author: Tim Kelsey, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0027 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1274034 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0028 b/security-notes/OSSN-0028 index fec84159..8169f0d6 100644 --- a/security-notes/OSSN-0028 +++ b/security-notes/OSSN-0028 @@ -57,6 +57,7 @@ underlying compute node by it's serial number may wish to disable reporting of any sysinfo serial field at all by using the 'none' value. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0028 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1337349 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0029 b/security-notes/OSSN-0029 index 2c86b73c..217f37d9 100644 --- a/security-notes/OSSN-0029 +++ b/security-notes/OSSN-0029 @@ -57,6 +57,7 @@ independently. This issue has been fixed in the Juno release of OpenStack. ### Contacts / References ### +Author: Tim Kelsey, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0029 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1365961 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0030 b/security-notes/OSSN-0030 index 375a6b5b..66428489 100644 --- a/security-notes/OSSN-0030 +++ b/security-notes/OSSN-0030 @@ -70,6 +70,7 @@ System logs should also be interrogated for any such strings as an indication of possible attacks. ### Contacts / References ### +Author: Tim Kelsey, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0030 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1374055 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0031 b/security-notes/OSSN-0031 index 18f9d2cc..b63cff87 100644 --- a/security-notes/OSSN-0031 +++ b/security-notes/OSSN-0031 @@ -27,6 +27,7 @@ is a requirement without a full verifiable boot chain and network hardware. ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0031 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1174153 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0032 b/security-notes/OSSN-0032 index bb05d73c..a94cf017 100644 --- a/security-notes/OSSN-0032 +++ b/security-notes/OSSN-0032 @@ -35,6 +35,7 @@ NOTE: Flushing Memcached can result in losing token revocation information as addressed in https://bugs.launchpad.net/ossn/+bug/1182920 ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0032 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1179955 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0033 b/security-notes/OSSN-0033 index a759a6c9..ef2556f7 100644 --- a/security-notes/OSSN-0033 +++ b/security-notes/OSSN-0033 @@ -37,6 +37,7 @@ mentioned in the 'References' section of this note to see if the projects they require have updated. ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0033 Launchpad Bugs : diff --git a/security-notes/OSSN-0034 b/security-notes/OSSN-0034 index 642a6ecf..c286788a 100644 --- a/security-notes/OSSN-0034 +++ b/security-notes/OSSN-0034 @@ -38,6 +38,7 @@ suggest you consider using an on-disk DB such as MySQL / PostgreSQL or perhaps look into Memcachedb. ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0034 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1182920 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0035 b/security-notes/OSSN-0035 index 383a1dd8..e7bf79b4 100644 --- a/security-notes/OSSN-0035 +++ b/security-notes/OSSN-0035 @@ -50,6 +50,7 @@ As always, test these configuration settings before deploying them to production in order to catch any bugs or errors. ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035 SSL Strip : http://www.thoughtcrime.org/software/sslstrip Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191050 diff --git a/security-notes/OSSN-0036 b/security-notes/OSSN-0036 index c31399ad..6f38d6a2 100644 --- a/security-notes/OSSN-0036 +++ b/security-notes/OSSN-0036 @@ -22,6 +22,7 @@ true as described in the Django documentation: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0036 Related OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191051 diff --git a/security-notes/OSSN-0037 b/security-notes/OSSN-0037 index ee8d0574..7004fef4 100644 --- a/security-notes/OSSN-0037 +++ b/security-notes/OSSN-0037 @@ -36,6 +36,7 @@ For Nginx, you can do this by disabling the gzip module: http://wiki.nginx.org/HttpGzipModule ### Contacts / References ### +Author: Robert Clark, HP This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0037 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1209250 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0038 b/security-notes/OSSN-0038 index 30575591..075ac4ed 100644 --- a/security-notes/OSSN-0038 +++ b/security-notes/OSSN-0038 @@ -43,6 +43,7 @@ the cache should ascertain whether or not their vendor shipped suds package is susceptible and consider the above advice. ### Contacts / References ### +Author: Tim Kelsey, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0038 Original Launchpad Bug : https://bugs.launchpad.net/ossn/+bug/1341954 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0039 b/security-notes/OSSN-0039 index 29e36501..14598f97 100644 --- a/security-notes/OSSN-0039 +++ b/security-notes/OSSN-0039 @@ -133,6 +133,7 @@ above to verify that each service is configured as expected. ### Contacts / References ### +Author: Bryan D. Payne, Nebula This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0039 Original Launchpad Bug: https://bugs.launchpad.net/ossn/+bug/1382270 OpenStack Security ML: openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0042 b/security-notes/OSSN-0042 index 3d774856..18c96383 100644 --- a/security-notes/OSSN-0042 +++ b/security-notes/OSSN-0042 @@ -42,6 +42,7 @@ Concerned users are encouraged to read (OSSG member) Nathan Kinder's blog post on this issue and some of the potential future solutions. ### Contacts / References ### +Author: Robert Clark, IBM Nathan Kinder on Token Scoping : https://blog-nkinder.rhcloud.com/?p=101 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0042 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341816 diff --git a/security-notes/OSSN-0043 b/security-notes/OSSN-0043 index 77090295..cf2a5203 100644 --- a/security-notes/OSSN-0043 +++ b/security-notes/OSSN-0043 @@ -52,6 +52,7 @@ of places where these vulnerable functions are used, this effectively means that vulnerable systems must be restarted after updating glibc. ### Contacts / References ### +Author: Doug Chivers, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0043 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1415416 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0044 b/security-notes/OSSN-0044 index 579b794f..019d1c13 100644 --- a/security-notes/OSSN-0044 +++ b/security-notes/OSSN-0044 @@ -30,6 +30,7 @@ Upstream patch: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd ### Contacts / References ### +Author: Paul McMillan, Nebula This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0044 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1420942 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0045 b/security-notes/OSSN-0045 index c2b64a3c..f2626fa9 100644 --- a/security-notes/OSSN-0045 +++ b/security-notes/OSSN-0045 @@ -72,6 +72,7 @@ and are beyond the scope of this note. Some good starting places are provided below in the section: "Resources for configuring TLS options". ### Contacts / References ### +Author: Travis McPeak, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0045 Original LaunchPad Bug : N/A OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0046 b/security-notes/OSSN-0046 index 204b5d25..7cfe8ad1 100644 --- a/security-notes/OSSN-0046 +++ b/security-notes/OSSN-0046 @@ -33,6 +33,7 @@ using the debug configuration for affected services in production environments. ### Contacts / References ### +Author: Robert Clark, IBM This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0046 Original LaunchPad Bug : https://bugs.launchpad.net/ironic/+bug/1425206 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0047 b/security-notes/OSSN-0047 index 1e7ef66b..553e809f 100644 --- a/security-notes/OSSN-0047 +++ b/security-notes/OSSN-0047 @@ -113,6 +113,7 @@ identity provider specific 'Location' directives as described above in addition to using the new 'remote_ids' checking in the Kilo release. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0047 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1390124 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0048 b/security-notes/OSSN-0048 index 3962cf84..a14b78f3 100644 --- a/security-notes/OSSN-0048 +++ b/security-notes/OSSN-0048 @@ -56,6 +56,7 @@ deployments of glance should consider upgrading to the Juno 2014.2.4 release. ### Contacts / References ### +Author: Michael McCune, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0048 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1414532 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0049 b/security-notes/OSSN-0049 index 36bc419b..804a6b50 100644 --- a/security-notes/OSSN-0049 +++ b/security-notes/OSSN-0049 @@ -57,6 +57,7 @@ editted as follows: debug = False ### Contacts / References ### +Author: Michael McCune, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0049 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1451931 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0052 b/security-notes/OSSN-0052 index 6ee48b20..25453f14 100644 --- a/security-notes/OSSN-0052 +++ b/security-notes/OSSN-0052 @@ -31,6 +31,7 @@ the `glance-api.conf` file: debug = false ### Contacts / References ### +Author: Nathaniel Dillon, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0052 Original LaunchPad Bug : https://bugs.launchpad.net/python-swiftclient/+bug/1470740 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0053 b/security-notes/OSSN-0053 index b67baf01..ca35e88e 100644 --- a/security-notes/OSSN-0053 +++ b/security-notes/OSSN-0053 @@ -56,6 +56,7 @@ installations have increased token lifespans back to the old value of 24 hours - increasing their exposure to this issue. ### Contacts / References ### +Author: Michael McCune, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0053 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1455582 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0054 b/security-notes/OSSN-0054 index 2c701e60..bd1d57c9 100644 --- a/security-notes/OSSN-0054 +++ b/security-notes/OSSN-0054 @@ -41,6 +41,7 @@ If possible, affected users should upgrade to the Kilo or newer release of Horizon, allowing them to use the fixed version of Django. ### Contacts / References ### +Author: Robert Clark, IBM This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0054 Django fix : https://www.djangoproject.com/weblog/2015/jul/08/security-releases/ Django CVE : CVE-2015-5143 diff --git a/security-notes/OSSN-0055 b/security-notes/OSSN-0055 index 47201198..f37733c3 100644 --- a/security-notes/OSSN-0055 +++ b/security-notes/OSSN-0055 @@ -50,6 +50,7 @@ unexpectedly. In particular, pay attention to unusual IPs using the service account. ### Contacts / References ### +Author: Travis McPeak, HPE and Brant Knudson, IBM This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0055 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1464750 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0056 b/security-notes/OSSN-0056 index c45ffe0b..0bbad68c 100644 --- a/security-notes/OSSN-0056 +++ b/security-notes/OSSN-0056 @@ -43,6 +43,8 @@ time. If this is unacceptable, reduce the cache time to reduce the attack window or disable token caching entirely. ### Contacts / References ### +Author: Shellee Arnold, HPE +Author: Dough Chivers, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0056 Original LaunchPad Bug : https://bugs.launchpad.net/python-keystoneclient/+bug/1287301 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0057 b/security-notes/OSSN-0057 index 8183bf4c..b1aea72a 100644 --- a/security-notes/OSSN-0057 +++ b/security-notes/OSSN-0057 @@ -49,6 +49,7 @@ Adding image metadata... add_image_metadata ---- end example glance-api.log snippet ---- ### Contacts / References ### +Author: Eric Brown, VMware This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0057 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1401170 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0058 b/security-notes/OSSN-0058 index 2fbf2257..fb2018f8 100644 --- a/security-notes/OSSN-0058 +++ b/security-notes/OSSN-0058 @@ -50,6 +50,7 @@ the nodes exposing the volumes to only allow traffic through port 3260 from nodes that will need to attach volumes. ### Contacts / References ### +Author: Michael McCune, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0058 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1329214 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0059 b/security-notes/OSSN-0059 index ec33a5ae..937ba93c 100644 --- a/security-notes/OSSN-0059 +++ b/security-notes/OSSN-0059 @@ -31,6 +31,7 @@ secure boot with trusted boot. At the same time, Nova team has discussed deprecating Trusted Filter. ### Contacts / References ### +Author: Michael Xin, Rackspace This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0059 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1456228 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0060 b/security-notes/OSSN-0060 index 8796addf..8258d6da 100644 --- a/security-notes/OSSN-0060 +++ b/security-notes/OSSN-0060 @@ -43,6 +43,7 @@ it is recommended that all users ensure that `use_user_token` is left at the default setting (`True`) or commented out. ### Contacts / References ### +Author: Travis McPeak, HPE This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0060 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1493448 OpenStack Security Documentation : https://security.openstack.org diff --git a/security-notes/OSSN-0061 b/security-notes/OSSN-0061 index 73767555..55ea8bfc 100644 --- a/security-notes/OSSN-0061 +++ b/security-notes/OSSN-0061 @@ -35,6 +35,7 @@ A specification for a fix has been proposed by the Glance development team and is targeted for the Mitaka release. ### Contacts / References ### +Author: Robert Clark, IBM This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0061 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1516031 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0062 b/security-notes/OSSN-0062 index 068f9d8a..26082738 100644 --- a/security-notes/OSSN-0062 +++ b/security-notes/OSSN-0062 @@ -65,6 +65,7 @@ cloud is vulnerable to this issue and you should switch to a different token provider. ### Contacts / References ### +Author: Nathan Kinder, Red Hat This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0062 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1490804 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0063 b/security-notes/OSSN-0063 index 496da4f0..a48e361b 100644 --- a/security-notes/OSSN-0063 +++ b/security-notes/OSSN-0063 @@ -42,6 +42,7 @@ Nova and Cinder. Additionally these patches have been backported to stable/kilo and stable/liberty. ### Contacts / References ### +Author: Dave McCowan, Cisco This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0063 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1523646 OpenStack Security ML : openstack-security@lists.openstack.org diff --git a/security-notes/OSSN-0064 b/security-notes/OSSN-0064 index 82b347d5..7dd7214b 100644 --- a/security-notes/OSSN-0064 +++ b/security-notes/OSSN-0064 @@ -65,6 +65,7 @@ from the API pipelines in keystone-paste.ini. ---- end good keystone-paste.ini snippet ---- ### Contacts / References ### +Author: Robert Clark, IBM This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0064 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1545789 Mailing list [Security] tag on : openstack-dev@lists.openstack.org