Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.
5b7b6a9f75cfd520067e6ce6a174281f6d497b3744e0c37c37a61dd014f8632f
Ubuntu Security Notice 2311-2 - USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.
ad7b0e30b51d9f8a5abbb08b6f790464b6327d5cce37067210a3bd846815e2be
Red Hat Security Advisory 2014-1050-01 - OpenStack Telemetry collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection; this data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets. It was found that authentication tokens were not properly sanitized from the message queue by the notifier middleware. An attacker with read access to the message queue could possibly use this flaw to intercept an authentication token and gain elevated privileges. Note that all services using the notifier middleware configured after the auth_token middleware pipeline were affected.
cb9a2c571fca82c415ce3eb267afabaf89e98f4dea867dffa975e61279670ce0
Ubuntu Security Notice 2311-1 - Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests.
105241bbb753224508871fe229922a8e366df3ce2dae5a0022eeaa4c5a037445