Red Hat Security Advisory 2012-1558-01 - The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications. The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version. A flaw in Keystone allowed an attacker with access to the web and network interfaces to delete arbitrary, non-protected images from Glance servers.
ab35d9476afeff9aff0481b2bf8dd16637682e6afdbe90c9ffe38d320070f561Ubuntu Security Notice 1626-2 - USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Various other issues were also addressed.
d1cd550c12237f49996ea83a305fac2a6e6c9e3b6494a91a893864615516148dUbuntu Security Notice 1626-1 - Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
1448e620a78c5a2839b913c68bbbbc9d60ee54b306e4ffb6d1910709c13f079e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed