- OpenStack-announce - lists.openstack.org

[OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413)
by Thierry Carrez 12 Sep '12

12 Sep '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2012-014 CVE: CVE-2012-4413 Date: September 12, 2012 Title: Revoking a role does not affect existing tokens Impact: High Reporter: Dolph Mathews (Rackspace) Products: Keystone Affects: Essex, Folsom Description: Dolph Mathews reported a vulnerability in Keystone. Granting and revoking roles from a user is not reflected upon token validation for pre-existing tokens. Pre-existing tokens continue to be valid for the original set of roles for the remainder of the token's lifespan, or until explicitly invalidated. This fix invalidates all tokens held by a user upon role grant/revoke to circumvent the issue. Folsom fix: http://github.com/openstack/keystone/commit/efb6b3fca0ba0ad768b3e803a324043… Essex fix: http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc… References: https://bugs.launchpad.net/keystone/+bug/1041396 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-4413 Notes: This fix will be included in the future Keystone 2012.1.3 stable update and the upcoming Folsom-RC1 development milestone. - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCAAGBQJQULoUAAoJEFB6+JAlsQQjGacQAJUvJb+oIjh73KAYYuDpl/YP PqJa4nmjVin7CyQ8AbxHK63xrAQ7isPFpCCqtEmjZ5kvFCrJRHiQggHNqISRhnvo +HyS6RSn4Vrp001PSZSmQI5MpgkeWhbOy+fk4/ZY7hFgUyS2YqC8YiK7DTMdKRBi toWOHRVWrmA4fUEDDcDdm9XzRseTC0cZAbj9bYAF+vXPdpxeGpq5l9Kb6yDezXGD 62dFvHghVTWdUIN+gK4V4d77PoyeO9NRd4Ud0GjDpV/asQL31dW6B4aRPYVDPhL3 7xcnhRsnZ3Y5J31n+7E/gMF+J+6kOaY/DNFZQ8chNW18kplYnmJnm7s3BJNjD512 UF/S5A5sH1Rk/vwe2nAHSqvQ1Dq3K0sRvW3YCijG2Rdj3mhBOr6OlvT5uJmnkeJT GQQ8SR3y+ZLS/2EEW+cVjDMxV4Gnf9Zzrw/tSjVp6QLmJAkG8qrFmgdisQ/Jao4M ygE8ZVu8lJq7N8b+k8XkB+bhz9E9V6hYOUuGoifEHRIPki/Ed7++BcdVTQdQYpAL kDTaoVZt1+plwAu4ZBLxUg1vhVz19qgDc7UeoY1sPc1JcRWp/ONnp6K4z+Y+7Rsx 3E4FLH0/qgFxKDHdGX91Plehk9dIEjHcGtKaXI8vOvGT17srYQaF6Y7rc+9TwaqI bggBCxcI2PLQgjuWyF4M =+6UN -----END PGP SIGNATURE-----

1 0

OpenStack Community Weekly Newsletter (Aug 31-Sep 7)
by Stefano Maffulli 07 Sep '12

07 Sep '12

Highlights of the week New OpenStack Foundation Gold Members: Intel, VmWare, NEC <http://lists.openstack.org/pipermail/foundation/2012-September/001091.html> Today, the OpenStack Board of Directors approved the applications of three companies wishing to become Gold Members: Intel, NEC and VMware. The factors considered by the Board included a commitment to helping achieve the OpenStack Foundation Mission through demonstrated and potential contribution to the OpenStack community in terms of code, adoption into product roadmaps, adoption as an end user, geographic and industry diversity and community development efforts. Join us to welcome them to the Foundation. Session proposals for the Design Summit now open <http://lists.openstack.org/pipermail/openstack-dev/2012-September/001059.ht…> Differently from previous OpenStack Design Summit and Confernece, this time the "Design Summit" is a specific track in the overall "OpenStack Summit" event. It is different from other tracks, too. Please make sure to read the full announcement <http://lists.openstack.org/pipermail/openstack-dev/2012-September/001059.ht…> and help make this summit the best Design Summit ever. Caimito 0.9 -- WebDAV frontend <http://markmail.org/message/hcnyvanvu6pojjxq>e <http://markmail.org/message/hcnyvanvu6pojjxq>for OpnStack Swift Cloud Storage <http://markmail.org/message/hcnyvanvu6pojjxq> Caimito is an open source (Apache Software License 2.0) WebDAV,caching, and content management and delivery server frontend for cloud storage. Caimito supports Openstack Swift Storage <http://openstack.org/projects/storage/> (Rackspace, Softlayer, etc.), and Amazon S3 <http://aws.amazon.com/s3/>. Caimito also features a REST API in addition to the Web interface for configuring user access. Caimito is designed with an event-driven and non-blocking architecture for Scalability. Caimito is ideal for Hosting and Reseller environments. Quantum vs. Nova-network in Folsom <http://markmail.org/message/kg3arb4gn57cm4rl> tl;dr both Quantum and nova-network will be core and fully supported in Folsom. More details from Quantum and Nova PTLs on Quantum vs. Nova-network in Folsom <http://markmail.org/message/yvkaq7jubab6vkjh>. OpenStack, Xen and XenServer: a match made in Heaven! <http://blogs.citrix.com/2012/09/06/openstack-xen-and-xenserver-a-match-made…> A report from John Garbutt, back from XenSummit in San Diego. There was lots of OpenStack related news in many of the CloudOpen sessions, including the announcement from SUSE that they have an OpenStack distribution that supports Xen. XCP-XAPI on Precise <http://blogs.citrix.com/2012/09/03/xcp-xapi-on-precise-2/> The Citrix-Openstack team is already running automated OpenStack tests against the stable, and the latest XenServer. As the XCP-XAPI is already available for Ubuntu systems, the team plans to run the tests against that platform as well. Register now for OpenStack Summit in San Diego <http://www.openstack.org/summit/san-diego-2012/> The OpenStack room rate is now sold out at the Grand Hyatt. We've set up another room block at the Embassy Suites located across the street. Reserve a room <http://embassysuites.hilton.com/en/es/groups/personalized/S/SANDNES-OPE-201…> at the OpenStack rate. Security announcements * Horizon, Open redirect through 'next' parameter (CVE-2012-3540) <http://lists.openstack.org/pipermail/openstack-announce/2012-August/000026.…> * Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) <http://lists.openstack.org/pipermail/openstack-announce/2012-August/000025.…> Tips and tricks * By Mirantis: Using Software Load Balancing in High Availability (HA) for OpenStack Cloud API Services <http://www.mirantis.com/blog/software-high-availability-load-balancing-open…> * By Mate Lakat: VHD to OpenStack using a XAPI host plugin <http://blogs.citrix.com/2012/09/06/vhd-to-openstack-using-a-xapi-host-plugi…> * By Brian Waldon: Upgrading OpenStack Glance -- Essex to Folsom <http://bcwaldon.cc/2012/09/05/glance-essex-to-folsom-upgrade.html> * A paper on handling compromised components of IaaS with a specific use case in OpenStack. Definitely worth a read: Aryan TaheriMonfared / Martin G Jaatun -- Handling Compromised Components in an IaaS Cloud Installation <http://secstack.org/2012/09/aryan-taherimonfared-martin-g-jaatun-handling-c…> * By Everett Toews: Getting jclouds and OpenStack work together <http://blog.phymata.com/2012/09/04/jclouds-and-openstack/> Upcoming Events * OpenStack Summit <http://openstack.org/> Oct 15 -- 18, 2012 -- San Diego, CA Other news * OpenStack election of Project Tech Leads is ongoing. Results will be announced on September 13th http://wiki.openstack.org/Governance/TCElectionsFall2012 * OpenStack Project Meeting 2012-09-04: Summary <http://eavesdrop.openstack.org/meetings/project/2012/project.2012-09-04-21.…> and Meeting log <http://eavesdrop.openstack.org/meetings/project/2012/project.2012-09-04-21.…> Welcome new contributors Celebrating the first patches submitted this week by: * Matthew Treinish, IBM * lrqrun * Constantine Peresypkin, Litestack * jiangwt100 * John Dunning * Duncan Thomas * Brian Rosmaita, Rackspace * Rosario Di Somma, Dreamhost * Peng Yuwei * Mathew Odden, IBM * Ian Wells, Cisco * Dermot Tynan, HP * Dongdong Zhou * Andrew James, HP /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

[OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)
by Russell Bryant 30 Aug '12

30 Aug '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenStack Security Advisory: 2012-012 CVE: CVE-2012-3540 Date: August 30, 2012 Title: Open redirect through 'next' parameter Impact: Medium Reporter: Thomas Biege (SUSE) Products: Horizon Affects: Essex (2012.1) Description: Thomas Biege from SUSE reported a vulnerability in Horizon authentication mechanism. By adding a malicious 'next' parameter to a Horizon authentication URL and enticing an unsuspecting user to follow it, the victim might get redirected after authentication to a malicious site where useful information could be extracted. Only setups running Essex are affected. Fixes: 2012.1: https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927… References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3540 https://bugs.launchpad.net/horizon/+bug/1039077 Notes: This fix will be included in a future Essex (2012.1) release. - -- Russell Bryant OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA/kVUACgkQFg9ft4s9SAb4NwCePE8oU+FLTONqi/rm3RfKhamK MLwAoIeeTWXn9wsSvzQ6YF6ZC45Zz2D3 =khbg -----END PGP SIGNATURE-----

1 0

[OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)
by Russell Bryant 30 Aug '12

30 Aug '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenStack Security Advisory: 2012-013 CVE: CVE-2012-3542 Date: August 30, 2012 Title: Lack of authorization for adding users to tenants Impact: Critical Reporter: Dolph Mathews (Rackspace) Products: Keystone Affects: Essex, Folsom Description: Dolph Mathews reported a vulnerability in Keystone. When attempting to update a user's default tenant, Keystone will only partially deny the request when a user is not authorized to complete this action. The API responds with 401 Not Authorized and the user's default tenant is not changed. However, the user is still granted membership to this new tenant.The result is that any client that can reach the administrative API (deployed on port 35357, by default) can add any user to any tenant. Fixes: Folsom: https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e… 2012.1: https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d32… References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3542 https://bugs.launchpad.net/keystone/+bug/1040626 Notes: This fix will be included in the folsom-rc1 development milestone and in a future Essex (2012.1) release. - -- Russell Bryant OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlA/iZEACgkQFg9ft4s9SAZ0zQCeKEqxWbDFum/f6l00H0x6FL2L QEEAn3eer5owk4/lEktxTMrdIhtnyaaL =vdh7 -----END PGP SIGNATURE-----

1 0

OpenStack Community Weekly Newsletter (Aug 17-24)
by Stefano Maffulli 24 Aug '12

24 Aug '12

Highlights of the week OpenStack at CloudOpen <http://www.openstack.org/blog/2012/08/openstack-at-cloudopen/> OpenStack is a protagonist of CloudOpen, the only conference providing a collaboration and education space dedicated to advancing the open cloud. Next week, from Aug 29 to 31 in San Diego there will be plenty of chances to hear talks about OpenStack and how it's shaping the cloud industry. On Tuesday Aug 28th join the OpenStack community at The Hopping Pig <http://www.thehoppingpig.com/> for a party! Food & drinks sponsored by HP, Intel, Opscode, Rackspace, SUSE, and Ubuntu. The event will immediately follow the official CloudOpen happy hour, and is within walking distance of the Andaz. Reserve your ticket <http://openstack-cloudopen2012.eventbrite.com/>. OpenStack at PuppetConf: Tim Bell of CERN to Keynote <http://www.openstack.org/blog/2012/08/openstack-at-puppetconf-tim-bell-of-c…> PuppetConf is coming up September 27-28 in San Francisco, and we're excited to announce some great OpenStack content, including a keynote presentation from Tim Bell of CERN! OpenStack Won Unprecedented Popularity in Asia/Pacific <http://www.openstack.org/blog/2012/08/openstack-won-unprecedented-popularit…> On August 10 -11, the first two-day OpenStack Asia-Pacific Conference (OSAC) was held in Beijing and Shanghai concurrently. This conference is jointly organized by CSDN (Chinese Software Develop the Net), the world's largest Chinese IT technology community and the OpenStack user group (COSUG). The presentations are on slideshare: http://www.slideshare.net/HuiCheng2/tag/2012osac Submitting new features to Nova <http://blogs.gnome.org/markmc/2012/08/20/submitting-new-features-to-nova/> Mark McLoughlin wrote down a few pieces advice for someone submitting a large feature patch to Nova. OpenStack Folsom & Glance <http://bcwaldon.cc/2012/08/20/openstack-folsom-glance-overview.html> Brian Waldon recaps what landed in Glance in the past months. These are most of the features that will make it in Folsom release. Tips and Tricks * By Derek Higgins: Listing openstack keystone credentials <http://goodsquishy.com/2012/08/listing-openstack-keystone-credentials/> * By Zmanda Team: Storing Pebbles or Boulders: Optimizing Swift Cloud for different workloads <http://www.zmanda.com/blogs/?p=894> * By Mate Lakat: Hello Xen API host plugin <http://blogs.citrix.com/2012/08/17/hello-xen-api-host-plugin/> * By Derek Higgins: rackspace cloud files from the command line <http://goodsquishy.com/2012/08/rackspace-cloud-files-from-the-command-line/> * By Alessandro Tagliapietra: Hetzner Failover IP routing tool for openstack <http://www.alexnetwork.it/2012/08/20/openstack/hetzner-failover-ip-routing-…> * By Brian Waldon: Using Warlock & JSON Schemas <http://bcwaldon.cc/2012/08/19/using-warlock-and-json-schemas.html> * By Everett Toews: Logging in jclouds <http://blog.phymata.com/2012/08/18/logging-in-jclouds/> and How I get a Token from the Rackspace Open Cloud from the Command Line <http://blog.phymata.com/2012/08/17/get-a-token-from-rackspace/> * By Chmouel Boudjnah <http://blog.chmouel.com/>: Using python-novaclient against Rackspace Cloud next generation (powered by OpenStack) <http://blog.chmouel.com/2012/08/17/using-python-novaclient-against-rackspac…> Upcoming Events * OPENSTACK REVOLUTION <http://openstack-cloudopen2012.eventbrite.com/>Aug 28, 2012 -- San Diego, CA RSVP <http://openstack-cloudopen2012.eventbrite.com/> * Australian OpenStack User Group -- Adelaide Meetup with SAGE-AU <http://aosug.openstack.org.au/events/66911242/> Aug 28, 2012 -- Details <http://aosug.openstack.org.au/events/66911242/> * Block Storage Service is Cemented by Cinder <http://www.meetup.com/OpenStack-LA/events/74425192/> Aug 30, 2012 -- Los Angeles, CA Details <http://www.meetup.com/OpenStack-LA/events/74425192/> * OpenStack Swift meetup <http://www.meetup.com/openstack/events/77706042/> Aug 30, 2012 -- San Francisco, CA Details <http://www.meetup.com/openstack/events/77706042/> * OpenStack Summit <http://openstack.org/> Oct 15 -- 18, 2012 -- San Diego, CA Other news * Feature freeze period started: we're on our way to Folsom release * OpenStack Project Meeting 2012-08-21: Summary <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> and Meeting log <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> Welcome new contributors Celebrating the first patches submitted this week by: * Alex Yang /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

Folsom-3 development milestone for Keystone, Glance, Nova, Horizon, Quantum and Cinder
by Thierry Carrez 17 Aug '12

17 Aug '12

Hi everyone, The third and last development milestone of the Folsom cycle is now available for Keystone, Glance, Nova, Horizon, Quantum and Cinder ! It contains almost all features that will appear in the final release of Folsom, scheduled for September 27th. You can see the full list of new features and fixed bugs, as well as tarball downloads, at: https://launchpad.net/keystone/folsom/folsom-3 https://launchpad.net/glance/folsom/folsom-3 https://launchpad.net/nova/folsom/folsom-3 https://launchpad.net/horizon/folsom/folsom-3 https://launchpad.net/quantum/folsom/folsom-3 https://launchpad.net/cinder/folsom/folsom-3 We are now entering the feature-frozen, bugfixing time before we can produce our release candidates. Please test, try the new features, report bugs, help fix them. Let's all make Folsom another great OpenStack release. Cheers! -- Thierry Carrez (ttx) Release Manager, OpenStack

1 0

OpenStack Community Weekly Newsletter (Aug 10-17)
by Stefano Maffulli 17 Aug '12

17 Aug '12

Highlights of the week OpenStack Foundation Board - Gold Member Election Results <http://www.openstack.org/community/openstack-foundation-board-2012-election…> The Gold Members completed their election as planned. DLA Piper administered the election and has passed along the results. The eight elected companies and the individuals they intend to appoint to the board are listed alphabetically below: * Cisco -- Lew Tucker * Cloudscaling -- Randy Bias * Dell -- John Igoe * Dreamhost -- Simon Anderson * ITRI/CCAT -- Dr. Tzi-cker Chiueh * Mirantis -- Boris Renski * Piston -- Joshua McKenty * Yahoo! -- Sean Roberts Congratulations to the first members of OpenStack Foundation Board of Directors. OpenStack Swift: Where do we go from here? <http://markmail.org/message/yioqxntjsjlqyda6> Swift has many exciting features coming in the OpenStack Folsom Release this fall, but where do we go from here? What's next for Swift in grizzly? Join the discussion with the developers and give your feedback. The Return of Hyper-V <http://markmail.org/message/r46uxsblqviqr2j6> It's back: Hyper-V support is integrated back into Nova with https://review.openstack.org/#/c/11276/. OpenStack Security blog: An oldie but a goodie Josh McKenty's EMEA Launch Slides <http://secstack.org/2012/08/an-oldie-but-a-goodie-josh-mckentys-emea-launch…> This is a pretty antiquated presentation. Plenty of stuff has changed in openstack since it was given, for better and for worse. But it gives you an idea that the origins of OpenStack were built with security in mind. When at NASA we had some pretty good security and policy guys contributing heavily to the sprint planning sessions we had. The result was a code base that was fairly flexible when it came to adjusting itself to meet policy requirements. Understanding VlanManager Network Flows in OpenStack Cloud: Six Scenarios <http://www.mirantis.com/blog/vlanmanager-network-flow-analysis/> In a couple of recent posts <http://www.mirantis.com/author/psiwczakmirantis-com/> Mirantis' engineer Piotr Siwczak <http://www.mirantis.com/author/psiwczakmirantis-com/> covered some fundamental concepts of OpenStack networking, including VlanManager <http://www.mirantis.com/blog/openstack-networking-vlanmanager/> and floating IPs <http://www.mirantis.com/blog/configuring-floating-ip-addresses-networking-o…>. This post builds upon such content and aims to present how traffic flows in different scenarios addressed by OpenStack. First OpenStack User Group Meetup in Delhi NCR, India! <http://www.openstack.org/blog/2012/08/first-openstack-user-group-meetup-in-…> Openstack Delhi NCR chapter started yesterday with our first meet up. Students, Professors and Corporate entities attended the meeting. Announcing proof-of-concept Load Balancing as a Service project <http://markmail.org/message/lltovmmtpr2dksbb> Mirantis in collaboration with Cisco OpenStack team and a number of other community members, started socializing the blueprints for an elastic load balancer API service. Assign, commit and review: a Developer's Guide to OpenStack Contribution <http://www.slideshare.net/lzyeval/assign-commit-and-review> Luo Zhongyue asks for feedback to his presentation at OpenStack APAC Conference http://www.slideshare.net/lzyeval/assign-commit-and-review How I contribute to OpenStack series <http://www.openstack.org/blog/2012/08/how-i-contribute-to-openstack-series/> Rackspace is running a series of interviews to the protagonists of OpenStack development. Titled 'How I contribute to OpenStack', it collects insight straight from key developers on the front lines about how they became involved in OpenStack and the open cloud, and what contributions they've made. The first two installments saw SolidFire <http://solidfire.com/> Software Engineer John Griffith <http://www.rackspace.com/blog/how-i-contribute-to-openstack-solidfires-john…> and Red Hat <http://www.redhat.com/> Principal Software Engineer Mark McLoughlin <http://www.rackspace.com/blog/how-i-contribute-to-openstack-red-hats-mark-m…>. More to come on How I contribute to OpenStack <http://www.rackspace.com/blog/tag/how-i-contribute/>. Tips and Tricks * By Lorin Hochstein: Ansible, Vagrant and OpenStack on your laptop <http://lorinhochstein.wordpress.com/2012/08/12/ansible-vagrant-and-openstac…> * By Alessandro Tagliapietra: Openstack: Force writethrough cache mode in qcow2 images <http://www.alexnetwork.it/2012/08/10/tutorials/openstack-force-writethrough…> * By the Clouds Lab: A Step-by-Step Guide to Deploying OpenStack on CentOS Using the KVM Hypervisor and GlusterFS Distributed File System <http://markmail.org/message/gjwza57oniy4uwpk> Upcoming Events + Hack on Chef OpenStack Cookbooks -- Swedish Style <http://www.meetup.com/OpenStack-LA/events/75878692/> Aug 21, 2012 -- Los Angeles, CA Details <http://www.meetup.com/OpenStack-LA/events/75878692/> + Australian OpenStack User Group -- Adelaide Meetup with SAGE-AU <http://aosug.openstack.org.au/events/66911242/> Aug 28, 2012 -- Details <http://aosug.openstack.org.au/events/66911242/> + Block Storage Service is Cemented by Cinder <http://www.meetup.com/OpenStack-LA/events/74425192/> Aug 30, 2012 -- Los Angeles, CA Details <http://www.meetup.com/OpenStack-LA/events/74425192/> + OpenStack Swift meetup <http://www.meetup.com/openstack/events/77706042/> Aug 30, 2012 -- San Francisco, CA Details <http://www.meetup.com/openstack/events/77706042/> + OpenStack Summit <http://openstack.org/> Oct 15 -- 18, 2012 -- San Diego, CA Other news * Nick Lothian published the results of the survey to discover what tools people are using to manage their resources across multiple cloud providers: http://fifthvertex.com/2012/08/07/cloud-tools-survey/ * OpenStack Nova Meeting notes <http://markmail.org/message/btxjvsvpg4mv62zy> * OpenStack Project Meeting 2012-08-14: Summary <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> and Meeting log <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> Welcome new contributors Celebrating the first patches submitted this week by: * Daryl Walleck, Rackspace * Alessandro Pilotti, CloudBase Solutions /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

OpenStack Community Weekly Newsletter (Aug 3-10)
by Stefano Maffulli 10 Aug '12

10 Aug '12

Highlights of the week OpenStack Foundation Board -- <http://www.openstack.org/community/openstack-foundation-board-2012-election…>Gold Member Election Update 2012 Elections <http://www.openstack.org/community/openstack-foundation-board-2012-election…> Recently the gold member formation committee met to discuss the election of directors for the gold members and agreed on the mechanics and timing of our election. Gold Members will be holding the election using cumulative voting the week before the individual member elections. More http://lists.openstack.org/pipermail/foundation/2012-August/001061.html Openstack Networking for Scalability and Multi-tenancy with VlanManager <http://www.mirantis.com/blog/openstack-networking-vlanmanager/> Second post by Mirantis about OpenStack networking, using VlanManager. While flat managers are designed for simple, small scale deployments, VlanManager is a good choice for large scale internal clouds and public clouds. Can OpenStack Swift Hit Amazon S3 like Cost Points? <http://www.buildcloudstorage.com/2012/01/can-openstack-swift-hit-amazon-s3-…> Amar Kapadia tries to answer the question whether a user creating cloud storage with OpenStack Swift can sell it to internal or external users at a price competitive to Amazon S3. Should You Consider SSDs for OpenStack Swift Cloud Storage? <http://www.zmanda.com/blogs/?p=847> Zmanda folks started publishing a series of blog posts investigating pros and cons of using SSD-based Swift installations. With an ongoing move in the industry to move towards building data centers with SSD based storage <http://www.wired.com/wiredenterprise/2012/06/flash-data-centers/>, there has been a lot of interest in the OpenStack Swift community to consider the faster I/O devices when deploying Swift based storage cloud, such as the discussions in [1] <https://answers.launchpad.net/swift/+question/163356>, [2] <https://answers.launchpad.net/swift/+question/181977> and [3] <https://answers.launchpad.net/swift/+question/159085>. Swift 1.6.0 Release <http://swiftstack.com/blog/2012/08/06/swift-1.6.0-release/> The changes highlighted by the team: the bin/swift CLI client and swift/common/client.py have been moved to the new python-swiftclient OpenStack project; Swift now includes the Keystone middleware "keystoneauth"; the swift-dispersion-report now works with a replica count other than three. Full announcement. Congratulations to the team for Swift's new release, v. 1.6.0 <http://swiftstack.com/blog/2012/08/06/swift-1.6.0-release/> and welcome to the five new Swift developers: François Charlier, Iryoung Jeong, Tsuyuzaki Kota, Dan Prince, Vincent Untz. OpenStack Nova, Glance and Keystone 2012.1.2 released <http://lists.openstack.org/pipermail/openstack-announce/2012-August/000020.…> In the time since the Essex release, the stable release team has been busy selectively back-porting bugfixes to the stable/essex branch according to the "safe source of high-impact fixes" criteria http://wiki.openstack.org/StableBranch. These releases are bugfix updates to Essex and are intended to be relatively risk free with no intentional regressions or API changes. Cloud computing and storage with OpenStack <http://www.ibm.com/developerworks/cloud/library/cl-openstack-cloud/index.ht…> IBM's DeveloperWorks published an introductory article about OpenStack and IaaS in general. Upcoming Events * 2012 OpenStack APEC Conference <http://openstack.csdn.net/index.html> Aug 10 -- 11, 2012 -- Bejing+Shanghai, China Details <http://openstack.csdn.net/index.html> * Openstack User Group Meetup ( Delhi NCR ) <http://www.meetup.com/Indian-OpenStack-User-Group/events/75533162/> Aug 12, 2012 -- Dehli Details <http://www.meetup.com/Indian-OpenStack-User-Group/events/75533162/> * Hobart Meetup -- adjacent to PyCon2012, An OpenStack code dojo! <http://aosug.openstack.org.au/events/72708142/> Aug 17, 2012 -- Hobart, Australia Details <http://aosug.openstack.org.au/events/72708142/> * Australian OpenStack User Group -- Adelaide Meetup with SAGE-AU <http://aosug.openstack.org.au/events/66911242/> Aug 28, 2012 -- Adelaide Details <http://aosug.openstack.org.au/events/66911242/> * OpenStack Summit <http://openstack.org/> Oct 15 -- 18, 2012 -- San Diego, CA Other news * Security update: CVE-2012-3447 : Compute node filesystem injection/corruption <http://secstack.org/2012/08/cve-2012-3447-compute-node-filesystem-injection…> * Call for Help --- OpenStack API XML Support <http://markmail.org/message/iu7wnr26l2yclkzp> * Ceilometer Project Technical Leader election result <http://markmail.org/message/7m5l42mfwahfwq74>: Nick Barcet is the new PTL * OpenStack Project Meeting 2012-08-07: Summary <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> and Meeting log <http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-me…> Welcome new contributors Celebrating the first patches submitted this week by: * Kylin CG * Ronen Kat, IBM /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

[ANNOUNCE] OpenStack Nova, Glance and Keystone 2012.1.2 released
by Mark McLoughlin 10 Aug '12

10 Aug '12

Hey, In the time since the Essex release, we have been busy selectively back-porting bugfixes to the stable/essex branch according to our "safe source of high-impact fixes" criteria documented here: http://wiki.openstack.org/StableBranch We made a first round of those fixes available in the 2012.1.1 release 6 weeks ago and now we're happy to announce a 2012.1.2 release! These releases are bugfix updates to Essex and are intended to be relatively risk free with no intentional regressions or API changes. The list of bugs fixed can be seen here: https://launchpad.net/nova/+milestone/2012.1.2 https://launchpad.net/glance/+milestone/2012.1.2 https://launchpad.net/keystone/+milestone/2012.1.2 Please read (and add to!) the release notes at: http://wiki.openstack.org/ReleaseNotes/2012.1.2 Enjoy! Mark.

1 0

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)
by Thierry Carrez 07 Aug '12

07 Aug '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2012-011 CVE: CVE-2012-3447 Date: August 7, 2012 Title: Compute node filesystem injection/corruption Impact: Critical Reporter: Pádraig Brady (Red Hat) Products: Nova Affects: All versions Description: Pádraig Brady from Red Hat discovered that the fix implemented for CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By crafting a malicious image with root-readable-only symlinks and requesting a server based on it, an authenticated user could still corrupt arbitrary files (all setups affected) or inject arbitrary files (Essex and later setups with OpenStack API enabled and a libvirt-based hypervisor) on the host filesystem, potentially resulting in full compromise of that compute node. Folsom fix: https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f3… Essex fix: https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1… Diablo fix: https://review.openstack.org/#/c/10953/ References: https://bugs.launchpad.net/nova/+bug/1031311 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3447 Notes: This fix will be included in the upcoming Nova 2012.1.2 stable update (due Thursday) and the Folsom-3 development milestone (due next week). - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJQIXv+AAoJEFB6+JAlsQQjnJUQAI+Vp+GCMXAei/ktStVFrkXC ilgIjBB5mcbrj/TGlnqhkS0MB0+kmo8Ucy4tI0O+gAqYaPNcEp6bbGr5pOby8Gdk DehvQuTi4Rvvypnb7ORM+DjqPBtNGGMWKJzO84ls98Ev0z+6Soi4vmQal78wvwpX 3UbyqZG9P85QlDyyK+x/Af2D0YVCQffQ93/7UJi2OwB0hwHy+RS4WN7rYJGD2vh0 50jQYSgw/rrBSUPNupjEH+mXT/DM93z93qWmxHD6TYYUK9MmrfkfUPx8Ki8Fn5oQ 9znwXsIK5h3uexe2dHbABKaIm3AnMP3wCrKynEEjFV/no00r/Evm2zsdam31O3Bv DV8ng6sdSnvltQK2s8F3blp3tNpsAp12QkC0BDI9FlYAACdaTBnDcVhKh4HoO84T cRakJhfj23472GgmwwkIcPNEcfY1fWngUqN4rF2XUggtXzeEHyyqoiZIm4s4ns5+ DkSCmo5qBNbcos1C0BNeyPQ+wdF5U7wzQfggC6SRoKcPj/Mp8P5LCvgjPKwNtBuq gzAVPSlx0Zehlqqey8zkUUGQ4btxiKP5+iwrKajY6QfqgtkqEsG46GR+tm+ygDNR T8ltuixqMWpLPVUFZClaxV0MytSMdjhIgywkzyqHg9bzP4N3MztsGnIBPdQ0HC3a P85xQ28EFbBC5tIZ4WRe =C2MN -----END PGP SIGNATURE-----

1 0