(RHSA-2015:1639) Important: openstack-glance security update

2015-08-18T05:19:46
ID RHSA-2015:1639
Type redhat
Reporter RedHat
Modified 2018-03-19T16:27:17

Description

OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

A flaw was found in the OpenStack Image Service (glance) import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw. (CVE-2015-5163)

Red Hat thanks the OpenStack team for reporting this issue. Upstream acknowledges Eric Harney of Red Hat as the original reporter.

All openstack-glance users are advised to upgrade to these updated packages, which address this vulnerability.