USN-2322-1: OpenStack Glance vulnerability
Publication date
21 August 2014
Overview
OpenStack Glance could be made to stop serving requests.
Releases
Packages
- glance - OpenStack Image Registry and Delivery Service
Details
Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not
properly honor the image_size_cap configuration option. A remote
authenticated attacker could exploit this to cause a denial of service via
disk consumption.
Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not
properly honor the image_size_cap configuration option. A remote
authenticated attacker could exploit this to cause a denial of service via
disk consumption.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
14.04 trusty | glance-common – 1:2014.1.2-0ubuntu1.1 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.