(RHSA-2015:0837) Low: openstack-glance security and bug fix update

OpenStack Image service (glance) provides discovery, registration, and
delivery services for disk and server images. It provides the ability to
copy or snapshot a server image, and immediately store it away.
Stored images can be used as a template to get new servers up and running
quickly and more consistently than installing a server operating system and
individually configuring additional services.

A storage quota bypass flaw was found in OpenStack Image (glance). If an
image was deleted while it was being uploaded, it would not count towards a
user’s quota. A malicious user could use this flaw to deliberately fill the
backing store, and cause a denial of service. (CVE-2014-9623)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Tushar Patil of NTT as the original reporter.

The openstack-glance packages have been upgraded to upstream version
2014.1.4, which provides a number of bug fixes over the previous version.
(BZ#1203275)

All openstack-glance users are advised to upgrade to these updated
packages, which correct these issues.