Security update for openstack-glance
SUSE Security Update: Security update for openstack-glance
Openstack Glance has been updated to fix security issues.
The following security issue has been fixed:
* CVE-2013-1840: Stuart McLaren from HP reported a
vulnerability in the information potentially returned to
the user in Glance v1 API. If an authenticated user
requests, through the v1 API, an image that is already
cached, the headers returned may disclose the Glance
operator's backend credentials for that endpoint. Only
setups accepting the Glance v1 API and using either the
single-tenant Swift store or S3 store are affected.
| Announcement ID: | SUSE-SU-2013:0491-1 |
| Rating: | moderate |
| References: | #808626 |
| Affected Products: |
An update that contains security fixes can now be installed.
Description:
Openstack Glance has been updated to fix security issues.
The following security issue has been fixed:
* CVE-2013-1840: Stuart McLaren from HP reported a
vulnerability in the information potentially returned to
the user in Glance v1 API. If an authenticated user
requests, through the v1 API, an image that is already
cached, the headers returned may disclose the Glance
operator's backend credentials for that endpoint. Only
setups accepting the Glance v1 API and using either the
single-tenant Swift store or S3 store are affected.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-openstack-glance-7493
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 1.0 (x86_64):
- openstack-glance-2012.1+git.1352338057.efd7e75-0.7.1
- python-glance-2012.1+git.1352338057.efd7e75-0.7.1
References:
- https://bugzilla.novell.com/808626
- http://download.suse.com/patch/finder/?keywords=8ce969211306b6bb7632abba021db0d5