The OVAL Repository5.42015-09-03T07:05:53.127-04:00DoS for arbitrary chosen IP addressesopenSUSE 11.4openSUSE 12.2openSUSE 12.3The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDopenSUSE 12.2 is installedopenSUSE 12.2openSUSE 12.2 is installed.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDopenSUSE 11.4 is installedopenSUSE 11.4openSUSE 11.4 is installed.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDopenSUSE-SU-2013:1087-1: update for openstack-novaopenSUSE 12.3keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.Maria KedovskayaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDOpenStack keystone password disclosure on command lineopenSUSE 12.3The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDNULL pointer crashopenSUSE 12.3X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the "!" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDDoS in system services caused by _dbus_printf_string_upper_boundopenSUSE 12.3The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDopenSUSE 12.3 is installedopenSUSE 12.3openSUSE 12.3 is installed.Maria KedovskayaDRAFTINTERIMACCEPTEDJerome AthiasINTERIMACCEPTEDACCEPTEDfail2banopenstack-nova-certpython-greenlet-develpython-greenlet-debugsourceopenstack-novaopenstack-nova-vncproxyopenstack-nova-schedulerpython-novaopenstack-nova-volumeopenstack-nova-objectstoreopenstack-nova-apiopenstack-nova-testopenstack-nova-novncproxyopenstack-nova-docopenstack-nova-networkopenstack-nova-computepython-greenlet-debuginfopython-greenletpython-keystoneclient-docpython-keystoneclientpython-keystoneclient-testxdm-debugsourcexdmxdm-debuginfoopenSUSE-releasedbus-1-develdbus-1-32bitlibdbus-1-3-debuginfodbus-1-x11dbus-1-x11-debugsourcedbus-1-x11-debuginfolibdbus-1-3-32bitldbus-1-devel-32bitdbus-1-debuginfo-32bitdbus-1-debuginfodbus-1-debugsourcedbus-1-devel-docdbus-1libdbus-1-3-debuginfo-32bitlibdbus-1-312.211.4noarch0:0.8.6-2.9.1noarch0:0.8.4-22.1noarch0:0.8.8-2.8.1noarch0:0.4.0-3.3.1noarch0:2012.2.4+git.1363297910.9561484-2.10.1^(i586)|(x86_64)$0:0.4.0-3.3.1noarch0:0.2.1.3.gd37a3fb+git.1357543650.d37a3fb-2.8.1^(i586)|(x86_64)$0:1.1.10-14.10.112.3noarch0:1.6.8-2.6.1^x86_64$0:1.6.8-2.6.1^(i586)|(x86_64)$0:1.6.8-2.6.1