[USN-3446-1] OpenStack Glance vulnerabilities
marc.deslauriers at canonical.com
Wed Oct 11 13:23:38 UTC 2017
Ubuntu Security Notice USN-3446-1
October 11, 2017
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Several security issues were fixed in OpenStack Glance.
- glance: OpenStack Image Registry and Delivery Service
Hemanth Makkapati discovered that OpenStack Glance incorrectly handled
access restrictions. A remote authenticated user could use this issue to
change the status of images, contrary to access restrictions.
Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly
handled the storage quota. A remote authenticated user could use this issue
to consume disk resources, leading to a denial of service. (CVE-2015-5286)
Erno Kuvaja discovered that OpenStack Glance incorrectly handled the
show_multiple_locations option. When show_multiple_locations is enabled,
a remote authenticated user could change an image status and upload new
image data. (CVE-2016-0757)
The problem can be corrected by updating your system to the following
Ubuntu 14.04 LTS:
In general, a standard system update will make all the necessary changes.
CVE-2015-5251, CVE-2015-5286, CVE-2016-0757
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-security-announce