The Eucalyptus team is pleased to announce the release of Eucalyptus 2.0.3. This update resolves the security issue identified in ESA-02: SOAP interfaces vulnerable to XML Signature Element Wrapping attacks.

This vulnerability allows an unauthenticated remote attacker who has access to the network traffic between authenticated user and a Eucalyptus installation, to modify intercepted SOAP requests and submit valid commands to the Eucalyptus SOAP interface. Special thanks to Juraj Somorovsky, Jörg Schwenk, and Meiko Jensen who alerted us to this vulnerability, thereby giving us all the needed details to produce the current release.