Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorysecurity updatelow severityRed Hat OpenStack Essex: RHSA-2012-1558-01 Low: Glance Image Delete
Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. 2. Relevant releases/architectures: RHOS Essex Release - noarch. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2012:1558-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2012:1558.html Issue date: 2012-12-10 CVE Names: CVE-2012-4573 ==================================================================== 1. Summary: Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. 2. Relevant releases/architectures: RHOS Essex Release - noarch 3. Description: The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications. The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version. A flaw in Keystone allowed an attacker with access to the web and network interfaces to delete arbitrary, non-protected images from Glance servers. (CVE-2012-4573) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Gabe Westmaas as the original reporter of CVE-2012-4573. All users of openstack-glance are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red HatNetwork. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 872302 - CVE-2012-4573 OpenStack: Glance Authentication bypass for image deletion 6. Package List: RHOS Essex Release: Source: noarch: openstack-glance-2012.1.2-2.el6.noarch.rpm openstack-glance-doc-2012.1.2-2.el6.noarch.rpm python-glance-2012.1.2-2.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-4573 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQxk9xXlSAg2UNWIIRAnLFAJ9Yf5a4hLuwSDZczpPP/lDR6NNANgCdFHiQ 4S7YM8tcaTgXog+Kyzx01Vs=obcL -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 10, 2012
•Low
Red Hat
172
security advisorymoderateaccess controlUbuntu 12.10 USN-1626-2 Moderate: Glance Image Deletion Threat
Glance could be made to delete arbitrary images.. =========================================================================Ubuntu Security Notice USN-1626-2 November 09, 2012 glance vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 Summary: Glance could be made to delete arbitrary images. Software Description: - glance: OpenStack Image Registry and Delivery Service Details: USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API. Original advisory details: Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: python-glance 2012.2-0ubuntu2.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1626-2 https://ubuntu.com/security/notices/USN-1626-1 CVE-2012-4573 Package Information: https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.3 . Ubuntu USN-1626-2 details a critical bug in Glance that could let unauthorized users remove images.. glance Vulnerability, Ubuntu Update, Image Access Control. . Severity: Important. LinuxSecurity.com Team
Nov 09, 2012
•Important
Ubuntu
100
security advisoryimportantOpenStackSUSE Cloud: 2012:1455-1 Important: OpenStack Image Deletion Flaw
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for openstack-glance ______________________________________________________________________________ Announcement ID: SUSE-SU-2012:1455-1 Rating: important References: #787814 Cross-References: CVE-2012-4573 Affected Products: SUSE Cloud 1.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: OpenStack glance had a bug where image deletion was allowed for all logged in users (CVE-2012-4573). This has been fixed. Security Issue reference: * CVE-2012-4573 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Cloud 1.0: zypper in -t patch sleclo10sp2-openstack-glance-7033 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Cloud 1.0 (x86_64): openstack-glance-2012.1+git.1344578005.120fcf4-0.7.1 python-glance-2012.1+git.1344578005.120fcf4-0.7.1 References: https://www.suse.com/security/cve/CVE-2012-4573.html . SUSE Security Patch counters major vulnerability in OpenStack Nova. Resolution provided for instance launching defect.. SUSE Cloud, OpenStack Glance, image deletion fix. . Severity: Important. LinuxSecurity.com Team
Nov 08, 2012
•Important
SuSE
172
security advisoryaccess controlubuntuUbuntu 12.04 LTS: USN-1626-1 moderate: Glance Image Deletion Risk
Glance could be made to delete arbitrary images.. =========================================================================Ubuntu Security Notice USN-1626-1 November 08, 2012 glance vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Glance could be made to delete arbitrary images. Software Description: - glance: OpenStack Image Registry and Delivery Service Details: Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: python-glance 2012.2-0ubuntu2.2 Ubuntu 12.04 LTS: python-glance 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1626-1 CVE-2012-4573 Package Information: https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.2 https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2 . Ubuntu Security Notice USN-1627-1 highlights a significant vulnerability within Nova that permits unauthorized instance termination without adequate safeguards.. Glance Vulnerability, Ubuntu Security Notice, Image Deletion Issue. . Severity: Important. LinuxSecurity.com Team
Nov 08, 2012
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!