Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 552678

Summary: <sys-cluster/nova-2014.2.2-r1: Authentication hijacking vulnerability (CVE-2015-0259)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: openstack, prometheanfire
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 20:31:28 UTC 
CVE-2015-0259 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0259):
  OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo
  before kilo-3 does not validate the origin of websocket requests, which
  allows remote attackers to hijack the authentication of users for access to
  consoles via a crafted webpage.


*nova-2014.2.2-r1 (11 Mar 2015)
	
	  11 Mar 2015; Matthew Thode <prometheanfire@gentoo.org>
	  +files/CVE-2015-0259-2014.2.2.patch, +nova-2014.2.2-r1.ebuild,
	  -nova-2014.2.1.ebuild, -nova-2014.2.2.ebuild:
	  fixing CVE-2015-0259
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2015-06-20 20:32:19 UTC 
Closing noglsa for ~arch only.