4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.023 Low
EPSS
Percentile
88.2%
OpenStack Image service (glance) provides discovery, registration, and
delivery services for disk and server images. It provides the ability to
copy or snapshot a server image, and immediately store it away.
Stored images can be used as a template to get new servers up and running
quickly and more consistently than installing a server operating system and
individually configuring additional services.
A storage quota bypass flaw was found in OpenStack Image (glance). If an
image was deleted while it was being uploaded, it would not count towards a
user’s quota. A malicious user could use this flaw to deliberately fill the
backing store, and cause a denial of service. (CVE-2014-9623)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Tushar Patil of NTT as the original reporter.
The openstack-glance packages have been upgraded to upstream version
2014.1.4, which provides a number of bug fixes over the previous version.
(BZ#1203275)
All openstack-glance users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openstack-glance-doc | < 2014.1.4-1.el7ost | openstack-glance-doc-2014.1.4-1.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-glance | < 2014.1.4-1.el7ost | python-glance-2014.1.4-1.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-glance | < 2014.1.4-1.el7ost | openstack-glance-2014.1.4-1.el7ost.noarch.rpm |