| |||||||||||||||||||
Ubuntu alert USN-1565-1 (horizon)
========================================================================== Ubuntu Security Notice USN-1565-1 September 13, 2012 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: OpenStack Horizon could help expose sensitive information. Software Description: - horizon: Web interface for OpenStack cloud infrastructure Details: Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: openstack-dashboard 2012.1.3+stable~20120815-691dd2-0ubuntu1.1 python-django-horizon 2012.1.3+stable~20120815-691dd2-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1565-1 CVE-2012-3540 Package Information: https://launchpad.net/ubuntu/+source/horizon/2012.1.3+sta... -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|||||||||||||||||||