Red Hat Security Advisory 2012-1558-01 - The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications. The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version. A flaw in Keystone allowed an attacker with access to the web and network interfaces to delete arbitrary, non-protected images from Glance servers.
ab35d9476afeff9aff0481b2bf8dd16637682e6afdbe90c9ffe38d320070f561
Ubuntu Security Notice 1626-2 - USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Various other issues were also addressed.
d1cd550c12237f49996ea83a305fac2a6e6c9e3b6494a91a893864615516148d
Ubuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
1448e620a78c5a2839b913c68bbbbc9d60ee54b306e4ffb6d1910709c13f079e