========================================================================== Ubuntu Security Notice USN-3446-1 October 11, 2017 glance vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenStack Glance. Software Description: - glance: OpenStack Image Registry and Delivery Service Details: Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. (CVE-2015-5251) Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly handled the storage quota. A remote authenticated user could use this issue to consume disk resources, leading to a denial of service. (CVE-2015-5286) Erno Kuvaja discovered that OpenStack Glance incorrectly handled the show_multiple_locations option. When show_multiple_locations is enabled, a remote authenticated user could change an image status and upload new image data. (CVE-2016-0757) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: glance-common 1:2014.1.5-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3446-1 CVE-2015-5251, CVE-2015-5286, CVE-2016-0757 Package Information: https://launchpad.net/ubuntu/+source/glance/1:2014.1.5-0ubuntu1.1