4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
78.9%
OpenStack Image service (glance) provides discovery, registration, and
delivery services for disk and server images. It provides the ability to
copy or snapshot a server image, and immediately store it away. Stored
images can be used as a template to get new servers up and running quickly
and more consistently than installing a server operating system and
individually configuring additional services.
It was discovered that the image_size_cap configuration option in glance
was not honored. An authenticated user could use this flaw to upload an
image to glance and consume all available storage space, resulting in a
denial of service. (CVE-2014-5356)
The openstack-glance packages have been upgraded to upstream version
2013.2.4, which provides a number of bug fixes over the previous version.
(BZ#1146089)
All openstack-glance users are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the running glance services will be restarted automatically.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | openstack-glance | < 2013.2.4-1.el6ost | openstack-glance-2013.2.4-1.el6ost.src.rpm |
RedHat | 6 | noarch | openstack-glance | < 2013.2.4-1.el6ost | openstack-glance-2013.2.4-1.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-glance-doc | < 2013.2.4-1.el6ost | openstack-glance-doc-2013.2.4-1.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-glance | < 2013.2.4-1.el6ost | python-glance-2013.2.4-1.el6ost.noarch.rpm |