Security update for openstack-glance

SUSE Security Update: Security update for openstack-glance
Announcement ID: SUSE-SU-2013:0491-1
Rating: moderate
References: #808626
Affected Products:
  • SUSE Cloud 1.0

  • An update that contains security fixes can now be installed.


    Openstack Glance has been updated to fix security issues.

    The following security issue has been fixed:

    * CVE-2013-1840: Stuart McLaren from HP reported a
    vulnerability in the information potentially returned to
    the user in Glance v1 API. If an authenticated user
    requests, through the v1 API, an image that is already
    cached, the headers returned may disclose the Glance
    operator's backend credentials for that endpoint. Only
    setups accepting the Glance v1 API and using either the
    single-tenant Swift store or S3 store are affected.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Cloud 1.0:
      zypper in -t patch sleclo10sp2-openstack-glance-7493

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Cloud 1.0 (x86_64):
    • openstack-glance-2012.1+git.1352338057.efd7e75-0.7.1
    • python-glance-2012.1+git.1352338057.efd7e75-0.7.1