OpenStack Dashboard (horizon) provides administrators and users a graphical
interface to access, provision and automate cloud-based resources.
The dashboard allows cloud administrators to get an overall view of the
size and state of the cloud and it provides end-users a self-service portal
to provision their own resources within the limits set by administrators.
A flaw was found in the way OpenStack Dashboard sanitized the Instance Name
string. By embedding HTML tags in an Instance Name, a remote attacker could
use this flaw to execute a script within a victim’s browser, resulting in a
cross-site scripting (XSS) attack. Note that only setups using OpenStack
Dashboard were affected. (CVE-2013-6858)
The python-django-horizon packages have been upgraded to upstream version
2013.1.5, which provides a number of bug fixes over the previous version.
(BZ#1080584)
All python-django-horizon users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | python-django-horizon-doc | < 2013.1.5-1.el6ost | python-django-horizon-doc-2013.1.5-1.el6ost.noarch.rpm |
RedHat | 6 | src | python-django-horizon | < 2013.1.5-1.el6ost | python-django-horizon-2013.1.5-1.el6ost.src.rpm |
RedHat | 6 | noarch | python-django-horizon | < 2013.1.5-1.el6ost | python-django-horizon-2013.1.5-1.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-dashboard | < 2013.1.5-1.el6ost | openstack-dashboard-2013.1.5-1.el6ost.noarch.rpm |