(RHSA-2014:0229) Moderate: openstack-glance security and bug fix update

2014-03-04T05:00:00
ID RHSA-2014:0229
Type redhat
Reporter RedHat
Modified 2018-06-07T02:47:47

Description

OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

An information leak flaw was found in the way glance stored certain logging information. An attacker with access to the glance log files could use this flaw to obtain authentication credentials to the OpenStack Object Storage (swift) back end. Note that only setups using the swift back end were affected. (CVE-2014-1948)

The openstack-glance packages have been upgraded to upstream version 2013.2.2, which provides a number of bug fixes over the previous version. (BZ#1065313)

All users of openstack-glance are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the running OpenStack Image services must be manually restarted (using "service [service name] restart") for this update to take effect.