Eucalyptus Security Announcement

Dear Subscriber, HP Helion Eucalyptus is transitioning to HP's global process for publishing

ESA-31: The VENOM Vulnerability in QEMU/KVM =========================================================

ESA-29: The GHOST Vulnerability in Glibc ============================================================

ESA-29: The GHOST Vulnerability in Glibc ============================================================

ESA-27: XSS in the Eucalyptus Management Console ====================================================

ESA-26: Sensitive Information in the Eucalyptus Log Files ===========================================

ESA-25: Sensitive Information in the Eucalyptus Requests Log ========================================

ESA-28: The POODLE Attack ====================================================================

ESA-28: The POODLE Attack ====================================================================

ESA-24: The Shellshock Bash Vulnerability ===========================================================

ESA-23: Sensitive Information in Eucalyptus Log Files ===============================================

ESA-22: XSS in the Eucalyptus Management Console ====================================================

ESA-21: EuStore EMIs are affected by OpenSSL Vulnerabilities ========================================

ESA-19: Update OpenSSL Packages to Address OpenSSL CCS Injection Vulnerability ======================

ESA-20: OpenSSL CCS Injection Vulnerability Affects Load Balancing and Imaging Service EMIs =========

ESA-18: Update OpenSSL Packages to Address HeartBleed Bug ===========================================

==================================================================== Eucalyptus Security Advisory

ESA-16: Eucalyptus can act as an Open DNS Resolver ==================================================

ESA-15: Web Services Denial of Service Vulnerability ================================================

ESA-14: Shell Injection Vulnerability on NC =========================================================

ESA-13: Unauthorized Access to CC/NC Log Files ======================================================

We found that upgrades to Eucalyptus 3.3.0 packages did not always cause the PostgreSQL 9.1.9 package

ESA-12: Insecure Configuration in some EuStore EMIs =================================================

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-10: Missing Authorization Vulnerability in Walrus

ESA-09: Insecure XML Parsing Vulnerability in Walrus ================================================

ESA-11: Denial of Service Vulnerability in Postgres =================================================

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-08: Walrus Request Manipulation Vulnerability ===

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-07: SOAP Web Services Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-06: SOAP Web Services Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-05: Insecure Apache Santuario (XML Security)