Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
172
security advisoryUbuntuglanceUbuntu 20.04 18.04 OpenStack Glance Security Flaws USN-8199-1
Several security issues were fixed in OpenStack Glance.. ========================================================================== Ubuntu Security Notice USN-8199-1 April 22, 2026 glance vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenStack Glance. Software Description: - glance: OpenStack Image Registry and Delivery Service Details: Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498) Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS glance 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro glance-api 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro glance-common 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro python3-glance 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS glance 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-api 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-common 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-registry 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro python-glance 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS glance 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-api 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-common 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-glare 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-registry 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro python-glance 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8199-1 CVE-2024-32498, CVE-2026-34881 . Review of Ubuntu's USN-8199-1 highlighting fixed security issues in OpenStack Glance affecting multiple LTS versions.. OpenStack Glance security, Ubuntu vulnerabilities, image processing issues. . Severity: Important. LinuxSecurity.com Team
Apr 27, 2026
•Important
Ubuntu
98
security advisorysecurity updateimportantRed Hat OpenStack 17.0 (RHSA-2023-1017-01) Important: Arbitrary File Access
An update for openstack-glance is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 17.0 (openstack-glance) security update Advisory ID: RHSA-2023:1017-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1017 Issue date: 2023-02-28 CVE Names: CVE-2022-47951 ==================================================================== 1. Summary: An update for openstack-glance is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 17.0 - noarch 3. Description: OpenStack Image Service (code-named Glance) provides discovery,registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images. Security Fix(es): * Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in theReferences section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor 6. Package List: Red Hat OpenStack Platform 17.0: Source: openstack-glance-22.1.1-0.20220919210603.677c89c.el9ost.src.rpm noarch: openstack-glance-22.1.1-0.20220919210603.677c89c.el9ost.noarch.rpm python3-glance-22.1.1-0.20220919210603.677c89c.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-47951 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/5H5dzjgjWX9erEAQj0cA//YKlYwfmt9Gh8xwQRDhHPAiDRrMo4bTYD vsQHfXexqnswMgkbgAIlDmALaP0TwPcl628JBXRYbq9Og9T2gJkuAH97tkJucwtj RdbBAyyr5Z/gx07dAFQ+uCa6Y+z4NwPXcvt0EInBVrz0WDMizryOnVzdCHfKzcPv 41oy0yEZtzqWaWITHQQkio34Va+lCpLdWxFKibFHEw7ZbAAYYWi25CBi6uf5F+nL A0lEhitkjhrRuyUadFo6D0SdrMtYKhwqWYZkibpSOhefxf8o8CnfHO3TOBf7eZiM Sdrrp/Bv8aCTCZHK0rSUb98BhG2Rz3osfZctY+XzTbeIy76R13Sye8KOUMTUSt4q fNkxLgeoWmSZ3rwhdQ8OEyLJiAZi+dt1a4UwQEWbEL310DgnXuP1j1eITLBhi4YC XgIeYDkYt/gb1MxQAAW6rejtm8Q9kIZeBcT3FMZt6LoHEradI60bCfg2iWxQSJfF wxW7EeguuNn4z1FKi6M1qQPIQ4ZY3hCViF2nDfU8tzlO8uuOO2cXRTuZyCu2ZTkI jfbZPWRgX/xpDxXSk64uTgOsKwx/OTnp48yMEc3BWhKvU6p5yulH6MW2CU5vHyK/ SPoHlpc++707Unmo/xoZ02bI397ot1x5m8JlRV//vKE2HRw8a/UIoaJBErIkAZYs JWONvEltO9M=oYmy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 28, 2023
•Important
Red Hat
98
security advisoryRed Hatkernel updateRed Hat OpenStack 5.0: RHSA-2016-0354-01 Low: Glance Issue
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a Low. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0354-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:0354.html Issue date: 2016-03-03 CVE Names: CVE-2016-0757 ==================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data,regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.5-5.el7ost.src.rpm noarch: openstack-glance-2014.1.5-5.el7ost.noarch.rpm openstack-glance-doc-2014.1.5-5.el7ost.noarch.rpm python-glance-2014.1.5-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW2K27XlSAg2UNWIIRAhu/AJ4ssaUMrH3z3273/elSP64YLx/tcACdERVf lL1U3ayPsHXmu0c4dtIeZPM=bhfU -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 03, 2016
•Low
Red Hat
98
security advisoryRed Hatpackage updateRed Hat OpenStack 6.0 RHSA-2016:0309-01 Low: Image Service Issue
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a Low. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security update Advisory ID: RHSA-2016:0309-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2016:0309.html Issue date: 2016-02-29 CVE Names: CVE-2016-0757 ==================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of itsoriginal creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757) Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Erno Kuvaja of HPE as the original reporter. All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1302607 - CVE-2016-0757 openstack-glance: Glance image status manipulation through locations 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-4.el7ost.src.rpm noarch: openstack-glance-2014.2.3-4.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-4.el7ost.noarch.rpm python-glance-2014.2.3-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-0757 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW09TmXlSAg2UNWIIRAlWKAJ46lYcUBlTkWHKIpN+2J2jIkyPIBQCeJ8+L uq5Qsnn2Ts2uT+SkteTt7eM=1QaQ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 29, 2016
•Low
Red Hat
89
security advisorymoderatefedoraFedora 23 FEDORA-2015-66439aa9e2 Moderate: OpenStack Image Service Update
Update to upstream 2015.1.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-66439aa9e2 2016-01-15 20:06:26.126000 -------------------------------------------------------------------------------- Name : openstack-glance Product : Fedora 23 Version : 2015.1.2 Release : 1.fc23 URL : Summary : OpenStack Image Service Description : OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images. This package contains the API and registry servers. -------------------------------------------------------------------------------- Update Information: Update to upstream 2015.1.2 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openstack-glance' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jan 15, 2016
Fedora
98
security advisorymoderateRed HatRed Hat OpenStack 5.0: RHSA-2015-1897-01 Moderate: Image Service Issues
Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security update Advisory ID: RHSA-2015:1897-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1897.html Issue date: 2015-10-15 CVE Names: CVE-2015-5251 CVE-2015-5286 ==================================================================== 1. Summary: Updated openstack-glance packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images bysubmitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents. (CVE-2015-5251) A race-condition flaw was discovered in the OpenStack Image service. When images in the upload state were deleted using a token close to expiration, untracked image data could accumulate in the back end. Because untracked data does not count towards the storage quota, an attacker could use this flaw to cause a denial of service through resource exhaustion. (CVE-2015-5286) Red Hat would like to thank the OpenStack project for reporting these issues. Upstream acknowledges Hemanth Makkapati of Rackspace as the original reporter of CVE-2015-5251, and Mike Fedosin and Alexei Galkin of Mirantis as the original reporters of CVE-2015-5286. All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, running Image service services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1263511 - CVE-2015-5251 openstack-glance allows illegal modification of image status 1267516 - CVE-2015-5286 openstack-glance: Storage overrun by deleting images 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL6: Source: openstack-glance-2014.1.5-3.el6ost.src.rpm noarch: openstack-glance-2014.1.5-3.el6ost.noarch.rpm openstack-glance-doc-2014.1.5-3.el6ost.noarch.rpm python-glance-2014.1.5-3.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: openstack-glance-2014.1.5-3.el7ost.src.rpm noarch: openstack-glance-2014.1.5-3.el7ost.noarch.rpm openstack-glance-doc-2014.1.5-3.el7ost.noarch.rpm python-glance-2014.1.5-3.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-3.el7ost.src.rpm noarch: openstack-glance-2014.2.3-3.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-3.el7ost.noarch.rpm python-glance-2014.2.3-3.el7ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7: Source: openstack-glance-2015.1.1-3.el7ost.src.rpm noarch: openstack-glance-2015.1.1-3.el7ost.noarch.rpm openstack-glance-doc-2015.1.1-3.el7ost.noarch.rpm python-glance-2015.1.1-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5251 https://access.redhat.com/security/cve/CVE-2015-5286 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWIBBwXlSAg2UNWIIRAq9IAJ4qQhPpihluro4bBRVrm0uAGRZWNACgwyXB zLtlHqKmvfkA7W9D0S07n74=qTyR -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 15, 2015
Red Hat
98
security advisoryRed Hatbug fixUbuntu Cloud 8.0 USN-2021:0010-01 Moderate Image Management Vulnerabilities
Updated openstack-glance packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-glance security and bug fix update Advisory ID: RHSA-2015:0938-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0938.html Issue date: 2015-05-05 CVE Names: CVE-2014-9684 CVE-2015-1881 ==================================================================== 1. Summary: Updated openstack-glance packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of servicevia resource exhaustion. (CVE-2014-9684, CVE-2015-1881) The openstack-glance packages have been upgraded to upstream version 2014.2.3, which provides a number of bug fixes over the previous version. (BZ#1210457) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise Linux 7.1. The Red Hat Enterprise Linux OpenStack Platform 6 Release Notes (see References section) contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 6, including which channels need to be enabled and disabled. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1194697 - CVE-2014-9684 CVE-2015-1881 openstack-glance: potential resource exhaustion and denial of service using images manipulation API 1210457 - Rebase openstack-glance to 2014.2.3 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.3-1.el7ost.src.rpm python-glance-store-0.1.10-3.el7ost.src.rpm noarch: openstack-glance-2014.2.3-1.el7ost.noarch.rpm openstack-glance-doc-2014.2.3-1.el7ost.noarch.rpm python-glance-2014.2.3-1.el7ost.noarch.rpm python-glance-store-0.1.10-3.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9684 https://access.redhat.com/security/cve/CVE-2015-1881 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVSVoAXlSAg2UNWIIRAkmlAJ4iB1TI0T9e6o0LUJONPOZjtgquoQCgwrdV R1jFxq/NfoN/3Tnb/SiSI94=jBUc -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 06, 2015
Red Hat
98
security advisoryRed Hat Enterprise LinuxDDoSRed Hat Enterprise Linux OpenStack: RHSA-2015-0644 Low Risk DDoS Issue
Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: openstack-glance security and bug fix update Advisory ID: RHSA-2015:0644-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0644.html Issue date: 2015-03-05 CVE Names: CVE-2014-9623 ==================================================================== 1. Summary: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service. (CVE-2014-9623) RedHat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter. The openstack-glance packages have been upgraded to upstream version 2014.2.2, which provides a number of bug fixes over the previous version. (BZ#1188390) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 911568 - [Tracking] Swift+Glance stops working after changing service password 1175367 - python-glanceclient requires python-oslo-utils 1183647 - CVE-2014-9623 openstack-glance: user storage quota bypass 1188390 - Rebase openstack-glance to 2014.2.2 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-glance-2014.2.2-1.el7ost.src.rpm python-glanceclient-0.14.2-2.el7ost.src.rpm noarch: openstack-glance-2014.2.2-1.el7ost.noarch.rpm openstack-glance-doc-2014.2.2-1.el7ost.noarch.rpm python-glance-2014.2.2-1.el7ost.noarch.rpm python-glanceclient-0.14.2-2.el7ost.noarch.rpm python-glanceclient-doc-0.14.2-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-9623 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+L4kXlSAg2UNWIIRApjuAJ0VO/xVQ1CaQZskTu7N2pnWxOIIMwCfb9PS 5NGRU5P8PfhoFupgAErKc90=rRyL -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 05, 2015
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!