- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-2206-1
May 06, 2014
horizon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
Summary:
OpenStack Horizon did not properly process Heat templates.
Software Description:
– horizon: Web interface for OpenStack cloud infrastructure
Details:
Cristian Fiorentino discovered that OpenStack Horizon did not properly
perform input sanitization for Heat templates. If a user were tricked into
using a specially crafted Heat template, an attacker could conduct
cross-site scripting attacks. With cross-site scripting vulnerabilities, if
a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
openstack-dashboard 1:2013.2.3-0ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2206-1
CVE-2014-0157
Package Information:
https://launchpad.net/ubuntu/+source/horizon/1:2013.2.3-0ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJTaP2YAAoJEFHb3FjMVZVzflEP/iPRawEhHWHiykhGewJ0lh5k
VAR408iuDxSKtGySpCyL26YqyvwFWkecEmKs3iixuFYhCJ19w9rs+oMFsrx2HxOD
3WMg6ASqqczEugsT36nA5S99RPj+vtCWCOZ34dC1RIvPCKS+RH0NvGtHpbFHrNN6
til8ZJKFeWBqnxq4HTG/Dcyf6rpuIYWcgF5zISNGB1M6eEI274eli9p9gWrfyjNU
x8wc9hlbUIC/Sq1Z/vclWPnbJCTUt3Fx3G0UR/8pkeCBzjVQSUQSmDhE4/MgtmVO
5VC592QV/5m2DHuoq/wX2bEkmJT2YmEAgcdtbnqNFNMEHAd3gWb6YAAaxV2iHlpj
EakcQaPJpbDMUjxQbsJUS7V5dT3Tlh/GZOX8xy9UAZG+OEcSihhQygp78xE6vbgi
gif7zm0fmaGV5jXzNErzZTX25XtsSex7hklqU3e4www2QPUmZmD/0T2qtYzjJOvF
50VGh241sFBXjMfhzjePB23zLZ3aBh4WO6gAqsFYOfBUjdg32M5g53V1+rs7sJ4J
q8jsySqDOEgNCzKBjQi0vQ5yOzoA7U2+Zowh/6s6KQLoVj9cEGExneV0UBp04/6T
t05HwD08kyFJUc16RVQAN/7hHnhsNOBUaCXW705rS9n+V0N42q3kMPDPzvSDy2KF
+fBVioabFFHnVU2UeNki
=tkH2
—–END PGP SIGNATURE—–
—
| Autor | Marijo Plepelic |
| Cert id | NCERT-REF-2014-05-0008-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
