(RHSA-2012:1558) Low: openstack-glance security update

2012-12-10T05:00:00
ID RHSA-2012:1558
Type redhat
Reporter RedHat
Modified 2018-04-11T16:12:55

Description

The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications.

The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version.

A flaw in Keystone allowed an attacker with access to the web and network
interfaces to delete arbitrary, non-protected images from Glance servers. (CVE-2012-4573)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Gabe Westmaas as the original reporter of CVE-2012-4573.

All users of openstack-glance are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically.