(RHSA-2015:0837) Low: openstack-glance security and bug fix update

2015-04-16T04:00:00
ID RHSA-2015:0837
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:43

Description

OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service. (CVE-2014-9623)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter.

The openstack-glance packages have been upgraded to upstream version 2014.1.4, which provides a number of bug fixes over the previous version. (BZ#1203275)

All openstack-glance users are advised to upgrade to these updated packages, which correct these issues.