Security update for openstack-glance

SUSE Security Update: Security update for openstack-glance
Announcement ID: SUSE-SU-2014:0453-1
Rating: moderate
References: #863484
Affected Products:
  • SUSE Cloud 3

  • An update that fixes one vulnerability is now available. It includes one version update.


    OpenStack Image Registry and Delivery Service (Glance) in
    SUSE Cloud 3 logged a URL containing the Swift store
    backend password when authentication fails and WARNING
    level logging is enabled, which allowed local users to
    obtain sensitive information by reading the log.

    Security Issue references:

    * CVE-2014-1948

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Cloud 3:
      zypper in -t patch sleclo30sp3-openstack-glance-8955

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev1.g9d89b8e]:
    • openstack-glance-2013.2.3.dev1.g9d89b8e-0.7.3
    • python-glance-2013.2.3.dev1.g9d89b8e-0.7.3
    • SUSE Cloud 3 (noarch) [New Version: 2013.2.3.dev1.g9d89b8e]:
    • openstack-glance-doc-2013.2.3.dev1.g9d89b8e-0.7.3