Debian iTOps Tube

Monday, May 7, 2012

USN-1439-1: Horizon vulnerabilities

Ubuntu Security Notice USN-1439-1

7th May, 2012

horizon vulnerabilities

A security issue affects these releases of Ubuntu and its

  • Ubuntu 12.04 LTS


Horizon could be made to expose sensitive information over the network.

Software description

  • horizon
    - Web interface for OpenStack cloud infrastructure


Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability
in Horizon via the log viewer refrash mechanism. If a user were tricked
into viewing a specially crafted log message, a remote attacker could
exploit this to modify the contents or steal confidential data within the
same domain. (CVE-2012-2094)

Thomas Biege discovered a session fixation vulnerability in Horizon. An
attacker could exploit this to potentially allow access to unauthorized
information and capabilities. (CVE-2012-2144)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:



To update your system, please follow these instructions:

In general, a standard system update will make all the necessary changes.




No comments:

Post a Comment