A security vulnerability has been identified in Eucalyptus versions 2.0.0 and 2.0.1. An update is now available that resolves this issue. We advise immediately updating all affected Eucalyptus installations following the instructions below.
An unauthenticated remote attacker could issue password reset requests to gain access to a Eucalyptus system and potentially obtain admin privileges.
Eucalyptus 2.0.2 resolves this issue (see instructions below).
To update Eucalyptus 2.0.0 or 2.0.1 to Eucalyptus 2.0.2:
- Download the updated Eucalyptus software from this location:
- Next, follow the Eucalyptus 2.0 series upgrade instructions for your particular distribution, as shown here:
eucalyptus-2.0.2-centos-i386.tar.gz MD5: 413856848c9748daa457cbb551e31ad2
eucalyptus-2.0.2-centos-x86_64.tar.gz MD5: e89c38e87da4995feb3d123b360f5ee8
eucalyptus-2.0.2-fedora-i386.tar.gz MD5: 433cfd577106a1cfbbbddcb3e9eb325f
eucalyptus-2.0.2-fedora-x86_64.tar.gz MD5: 188e7bd3f621f0bd42912ddd80632f8c
eucalyptus-2.0.2-opensuse-i386.tar.gz MD5: 2456c2d96478cb6e3a99968c65de75b9
eucalyptus-2.0.2-opensuse-x86_64.tar.gz MD5: 1f2426b1fbc67005a057ea2055a22bab
eucalyptus-2.0.2-squeeze.tar.gz MD5: d0199e5851b2f6e8606c2632405cc2a1
eucalyptus-2.0.2-src-deps.tar.gz MD5: d5a0e643502e01a56558f329f7fe950e
eucalyptus-2.0.2-src-offline.tar.gz MD5: b304305b6839f0ed3a4397bbc40c3972
eucalyptus-2.0.2-src-online.tar.gz MD5: 03af41e42fdc0e64c9f4bb15cfc70794
Users running Eucalyptus on Ubuntu should refer to the Ubuntu security announcement USN-1033-1:
Contact and Help
Contact the Eucalyptus Security Team via email at email@example.com.