Security update for openstack-glance
SUSE Security Update: Security update for openstack-glance
OpenStack Image Registry and Delivery Service (Glance) in
SUSE Cloud 3 logged a URL containing the Swift store
backend password when authentication fails and WARNING
level logging is enabled, which allowed local users to
obtain sensitive information by reading the log.
Security Issue references:
* CVE-2014-1948
>
Announcement ID: | SUSE-SU-2014:0453-1 |
Rating: | moderate |
References: | #863484 |
Affected Products: |
An update that fixes one vulnerability is now available. It includes one version update.
Description:
OpenStack Image Registry and Delivery Service (Glance) in
SUSE Cloud 3 logged a URL containing the Swift store
backend password when authentication fails and WARNING
level logging is enabled, which allowed local users to
obtain sensitive information by reading the log.
Security Issue references:
* CVE-2014-1948
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 3:
zypper in -t patch sleclo30sp3-openstack-glance-8955
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev1.g9d89b8e]:
- openstack-glance-2013.2.3.dev1.g9d89b8e-0.7.3
- python-glance-2013.2.3.dev1.g9d89b8e-0.7.3
- SUSE Cloud 3 (noarch) [New Version: 2013.2.3.dev1.g9d89b8e]:
- openstack-glance-doc-2013.2.3.dev1.g9d89b8e-0.7.3
References:
- http://support.novell.com/security/cve/CVE-2014-1948.html
- https://bugzilla.novell.com/863484
- http://download.suse.com/patch/finder/?keywords=021078b483b4a044adf82d968bd623e7