Novell Home

CVE-2013-1665

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1665 at MITRE

Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

SUSE information

SUSE Bugzilla entries: 802278, 803351, 804708, 807175

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • python-django >= 1.4.5-0.6.2.1
Builds
SAT Patch Nr: 7839
openSUSE 12.3
  • openstack-cinder >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-cinder-api >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-cinder-doc >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-cinder-scheduler >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-cinder-test >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-cinder-volume >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • openstack-dashboard >= 2012.2.4+git.1362503968.8ece3c7-2.5.2
  • openstack-dashboard-test >= 2012.2.4+git.1362503968.8ece3c7-2.5.2
  • openstack-glance >= 2012.2.4+git.1363297737.dd849a9-2.6.1
  • openstack-glance-doc >= 2012.2.4+git.1363297737.dd849a9-2.6.1
  • openstack-glance-test >= 2012.2.4+git.1363297737.dd849a9-2.6.1
  • openstack-keystone >= 2012.2.4+git.1362502288.8690166-3.4.1
  • openstack-keystone-doc >= 2012.2.4+git.1362502288.8690166-3.4.1
  • openstack-keystone-test >= 2012.2.4+git.1362502288.8690166-3.4.1
  • openstack-nova >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-api >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-cert >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-compute >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-doc >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-network >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-novncproxy >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-objectstore >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-scheduler >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-test >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-vncproxy >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-nova-volume >= 2012.2.4+git.1363297910.9561484-2.6.1
  • openstack-quantum >= 2012.2.4+git.1362583635.f94b149-2.4.1
  • openstack-quantum-doc >= 2012.2.4+git.1362583635.f94b149-2.4.1
  • openstack-quantum-test >= 2012.2.4+git.1362583635.f94b149-2.4.1
  • openstack-quickstart >= 2012.2+git.1360262230.cb0fbe8-2.4.1
  • openstack-swift >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-account >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-container >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-doc >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-object >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-proxy >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • openstack-swift-test >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
  • python-cinder >= 2012.2.4+git.1362502414.95a620b-2.4.1
  • python-cinderclient >= 1.0.1.5.g82e47d0+git.1355912775.82e47d0-2.4.1
  • python-cinderclient-doc >= 1.0.1.5.g82e47d0+git.1355912775.82e47d0-2.4.1
  • python-cinderclient-test >= 1.0.1.5.g82e47d0+git.1355912775.82e47d0-2.4.1
  • python-django >= 1.4.5-2.4.1
  • python-django_openstack_auth >= 1.0.6-2.4.1
  • python-glance >= 2012.2.4+git.1363297737.dd849a9-2.6.1
  • python-horizon >= 2012.2.4+git.1362503968.8ece3c7-2.5.2
  • python-keystone >= 2012.2.4+git.1362502288.8690166-3.4.1
  • python-keystoneclient >= 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb-2.4.1
  • python-keystoneclient-doc >= 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb-2.4.1
  • python-keystoneclient-test >= 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb-2.4.1
  • python-nova >= 2012.2.4+git.1363297910.9561484-2.6.1
  • python-quantum >= 2012.2.4+git.1362583635.f94b149-2.4.1
  • python-swift >= 1.7.4.1+git.1359529903.0ce3e1d-2.4.1
Patchnames:
openSUSE-2013-237
openSUSE-2013-589
openSUSE Evergreen 11.4
  • python-django >= 1.4.5-9.1
Patchnames:
2013-115

© 2015 Novell