Security Advisories

These are security advisories for all Eucalyptus products.

View the Severity Level Classification descriptions.

Last Updated Advisory CVEs Product Affected Versions Description Severity
2014-04-10 ESA-18 CVE-2014-0160 Eucalyptus Centos 6.5, RHEL 6 Update OpenSSL Packages To Address HeartBleed Bug Informational
2014-04-10 ESA-17 CVE-2014-0160 EuStore EMI 2714641871 (Fedora 18),
EMI 0355237665 (Fedora 20),
1424900416 (OpenSUSE 12.2),
3550541955 (Debian Wheezy)
The HeartBleed Bug Affects EuStore EMIs Critical
2014-03-11 ESA-16 CVE-2013-4769 Eucalyptus 3.3.0 to 3.4.1 Eucalyptus Can Act As An Open DNS Resolver Moderate
2014-03-11 ESA-15 CVE-2013-4768 Eucalyptus 2.0 to 3.4.1 Web Services Denial Of Service Vulnerability Important
2013-10-24 ESA-14 CVE-2013-4767 Eucalyptus 3.0.0 to 3.3.1 Shell Injection Vulnerability on NC Critical
2013-09-11 ESA-13 CVE-2013-4766 Eucalyptus 3.3.0 and earlier Unauthorized Access to CC/NC Log Files Moderate
2013-07-25 ESA-11 CVE-2013-1899 Eucalyptus 3.2.x, 3.1.x Denial of Service Vulnerability in Postgres Important
2013-06-20 ESA-12 CVE-2013-2297 EuStore EMIs 3868652036 (Centos 6.3), 0400376721 (Fedora 16), 2425352071 (Fedora 17), and 1347115203 (OpenSUSE 12.2) Insecure Configuration in some EuStore EMIs Important
2013-04-16 ESA-10 CVE-2013-2296 Eucalyptus 3.2.1 and earlier Missing Authorization Vulnerability in Walrus Low
2013-04-16 ESA-09 CVE-2012-4067 Eucalyptus 3.2.1 and earlier Insecure XML Parsing Vulnerability in Walrus Important
2013-02-28 ESA-08 CVE-2012-4066 Eucalyptus 3.2.0 and earlier Walrus Request Manipulation Vulnerability Important
2012-08-28 ESA-07 CVE-2012-4065 Eucalyptus 3.1.0 and earlier SOAP Web Services Authorization Bypass Vulnerability Critical
2012-08-28 ESA-06 CVE-2012-4064 Eucalyptus 3.1.0 and earlier SOAP Web Services Privilege Escalation Vulnerability Critical
2012-08-28 ESA-05 CVE-2012-4063 Eucalyptus 3.1.0 and earlier Insecure Apache Santuario (XML Security) Library Configuration Important
2012-07-11 ESA-04 CVE-2012-3241 Eucalyptus 3.0.1 and earlier VMWare Broker Lack of Authentication Vulnerability Critical
2012-07-11 ESA-03 CVE-2012-3240 Eucalyptus 3.0.1 and earlier Walrus Authentication Bypass Vulnerability Critical
2011-05-25 ESA-02 CVE-2011-0730 Eucalyptus 2.0.2 and earlier XML Signature Element Wrapping vulnerability Critical
2010-12-16 ESA-01 CVE-2010-3905 Eucalyptus 2.0.0 and 2.0.1 Password reset vulnerability Critical