Thursday, November 8, 2012

[USN-1626-1] Glance vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQm+MlAAoJEFHb3FjMVZVzMx0P/3SE8ZGVZH5WT5rZp20uq1Nr
cD76TH/VCIELzlJ1CzrlHWHvjvUlWT0/s7ndMsSvvk9TCXUYZXLgXgltclcFx7eD
L2LpZrpCCsObrOOnMri1r84YDuhMu7Jxkf0o0LoxaApyKUxyH+3eTFnsHFtkX4/9
mcRP/CWrNltwf23jHPXkO22ObrdQQCx2Floh27SPHuB1CbjTCmlGGKqueA+Cjqi2
dyQrmRWEs4xs34MH8G1WCHBL9C2CWoSRlRBJMFy0OOw8TCLCyMyeGezobbRRYVCA
6+QD2LjAkQryFnkVkJbpiUHI0wUgv4xxgAtHXg5xnQVYdvckWLnhtlNWkrv/V3x5
eLAedpzaM6E9PruETY3yazP2LeD2mn1nhKkXUmT0qHX83UFCovbkCyMQ8/u+Gkge
ROlqPJ6k49fCd2UQ1a9JyA1d4s5jK4p2uP7HZquYh+hUNvBbGRbzbZHZHW8N/cez
l7zbbjNl81jpY+MDSsgfM23rvGBsreYt8knlxMFH9wDnSpGycQ/vetB4SGlmVsyf
8MTqOu5E3ECDt1KvtWOj6wypr/PjLSou1Dq80OvasJvr5bSe/EW12TNo6s6bpFoN
oA8jIJKJHS0H9TpOZqki8hpxcolgLQNNWYRPScMHEb34CEtW1MsYd4gMQ6+PFjqd
vWJlFbTYNJt2otYyq+QB
=+BJu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1626-1
November 08, 2012

glance vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Glance could be made to delete arbitrary images.

Software Description:
- glance: OpenStack Image Registry and Delivery Service

Details:

Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python-glance 2012.2-0ubuntu2.2

Ubuntu 12.04 LTS:
python-glance 2012.1.3+stable~20120821-120fcf-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1626-1
CVE-2012-4573

Package Information:
https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.2

https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)