SecurityHome.eu [USN-1626-2] Glance vulnerability

Home / mailings PDF

[USN-1626-2] Glance vulnerability
Posted on 09 November 2012
Ubuntu Security
==========================
==========================
========================
Ubuntu Security Notice USN-1626-2
November 09, 2012

glance vulnerability
==========================
==========================
========================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Glance could be made to delete arbitrary images.

Software Description:
- glance: OpenStack Image Registry and Delivery Service

Details:

USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update
provides the corresponding updates for the v2 API.

Original advisory details:

Gabe Westmaas discovered that Glance did not always properly enforce acc=
ess
controls when deleting images. An authenticated user could delete arbitr=
ary
images by using the v1 API under certain circumstances.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-glance 2012.2-0ubuntu2.3

In general, a standard system update will make all the necessary changes.=

References:
http://www.ubuntu.com/usn/usn-1626-2
http://www.ubuntu.com/usn/usn-1626-1
CVE-2012-4573

Package Information:
https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.3

------------

TOP

Mailings :

Last 20

Exploits :

Last 20