Eucalyptus Security Advisories

These are security advisories for all Eucalyptus products.

Last Updated Advisory CVEs Affected Products Description Severity
2015-01-30 ESA-29 CVE-2015-0235 Eucalyptus 4.0.2 and earlier The GHOST Vulnerability in Glibc Critical
2014-11-03 ESA-27 CVE-2014-5039 Eucalyptus Management Console 4.0.1 XSS In The Eucalyptus Management Console Critical
2014-11-03 ESA-26 CVE-2014-5038 Eucalyptus 3.0.0 to Eucalyptus 4.0.1 Sensitive Information In The Eucalyptus Log Files Low
2014-11-03 ESA-25 CVE-2014-5037 Eucalyptus 4.0.0 to Eucalyptus 4.0.1 Sensitive Information In The Eucalyptus Requests Log Moderate
2014-10-22 ESA-28 CVE-2014-3566 Eucalyptus Management Console, Eucalyptus 4.0 The POODLE Attack Important
2014-10-04 ESA-24 CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 The Shellshock Bash Vulnerability Informational
2014-08-27 ESA-23 CVE-2014-5036 Eucalyptus 3.4.2 to 4.0.0 Sensitive Information In Eucalyptus Log Files Low
2014-08-27 ESA-22 CVE-2013-4770 Eucalyptus Management Console 4.0.0 XSS In The Eucalyptus Management Console Critical
2014-06-12 ESA-21 CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-5298 EuStore EMIs before 2014-06-10 EuStore EMIs Are Affected By OpenSSL Vulnerabilities Important
2014-06-06 ESA-20 CVE-2014-0224 Eucalyptus 3.4.2 and Eucalyptus 4.0.0 OpenSSL CCS Injection Vulnerability Affects Load Balancing And Imaging Service EMIs Important
2014-06-06 ESA-19 CVE-2014-0224 Centos 6.5, RHEL 6 Update OpenSSL Packages To Address OpenSSL CCS Injection Vulnerability Informational
2014-04-10 ESA-18 CVE-2014-0160 Centos 6.5, RHEL 6 Update OpenSSL Packages To Address HeartBleed Bug Informational
2014-04-10 ESA-17 CVE-2014-0160 EuStore EMI 2714641871 (Fedora 18), EMI 0355237665 (Fedora 20), 1424900416 (OpenSUSE 12.2), 3550541955 (Debian Wheezy) The HeartBleed Bug Affects EuStore EMIs Critical
2014-03-11 ESA-16 CVE-2013-4769 Eucalyptus 3.3.0 to Eucalyptus 3.4.1 Eucalyptus Can Act As An Open DNS Resolver Moderate
2014-03-11 ESA-15 CVE-2013-4768 Eucalyptus 2.0 to Eucalyptus 3.4.1 Web Services Denial Of Service Vulnerability Important
2013-10-24 ESA-14 CVE-2013-4767 Eucalyptus 3.0.0 to Eucalyptus 3.3.1 Shell Injection Vulnerability on NC Critical
2013-09-11 ESA-13 CVE-2013-4766 Eucalyptus 3.3.0 and earlier Unauthorized Access to CC/NC Log Files Moderate
2013-07-25 ESA-11 CVE-2013-1899 Eucalyptus 3.2.x, 3.1.x Denial of Service Vulnerability in Postgres Important
2013-06-20 ESA-12 CVE-2013-2297 EuStore EMI EMI 3868652036 (Centos 6.3), EMI 0400376721 (Fedora 16), EMI 2425352071 (Fedora 17), 1347115203 (OpenSUSE 12.2) Insecure Configuration In Some EuStore EMIs Important
2013-04-16 ESA-10 CVE-2013-2296 Eucalyptus 3.2.1 and earlier Missing Authorization Vulnerability in Walrus Low
2013-04-16 ESA-09 CVE-2012-4067 Eucalyptus 3.2.1 and earlier Insecure XML Parsing Vulnerability in Walrus Important
2013-02-28 ESA-08 CVE-2012-4066 Eucalyptus 3.2.0 and earlier Walrus Request Manipulation Vulnerability Important
2012-08-28 ESA-07 CVE-2012-4065 Eucalyptus 3.0.2, 3.1.0 and earlier SOAP Web Services Authorization Bypass Vulnerability Critical
2012-08-28 ESA-06 CVE-2012-4064 Eucalyptus 3.0.2, 3.1.0 and earlier SOAP Web Services Privilege Escalation Vulnerability Critical
2012-08-28 ESA-05 CVE-2012-4063 Eucalyptus 3.0.2, 3.1.0 and earlier Insecure Apache Santuario (XML Security) Library Configuration Important
2012-07-11 ESA-04 CVE-2012-3241 Eucalyptus 2.0.3, 3.0.1 and earlier VMWare Broker Lack of Authentication Vulnerability Critical
2012-07-11 ESA-03 CVE-2012-3240 Eucalyptus 2.0.3, 3.0.1 and earlier Walrus Authentication Bypass Vulnerability Critical
2011-05-25 ESA-02 CVE-2011-0730 Eucalyptus EE 2.0.1, Eucalyptus 2.0.2 and earlier SOAP Interfaces Vulnerable to XML Signature Element Wrapping Attacks Critical
2010-12-16 ESA-01 CVE-2010-3905 Eucalyptus 2.0.0, Eucalyptus 2.0.1 Password Reset Vulnerability Critical