Home / mailings [USN-1626-1] Glance vulnerability
Posted on 08 November 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1626-1
November 08, 2012
glance vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Glance could be made to delete arbitrary images.
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
Gabe Westmaas discovered that Glance did not always properly enforce acce=
ss
controls when deleting images. An authenticated user could delete arbitra=
ry
images by using the v1 API under certain circumstances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-glance 2012.2-0ubuntu2.2
Ubuntu 12.04 LTS:
python-glance 2012.1.3+stable~20120821-120fcf-0ubuntu=
1.2
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-1626-1
CVE-2012-4573
Package Information:
https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.2
https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120f=
cf-0ubuntu1.2
------------
