Low: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

openstack-glance: Glance image status manipulation through locations

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to...

OpenStack Glance Security Bypass Vulnerability

OpenStack is a cloud platform management project. glance is one of the projects that can store, query and retrieve virtual machine images. A security vulnerability exists in OpenStack Glanc that allows an attacker to exploit the vulnerability to bypass security restrictions and perform unauthoriz...

Fedora Update for openstack-glance FEDORA-2015-66439

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2016:0101-1 Security update for openstack-glance

This update for openstack-glance provides the following fixes: - Catch NotAuthenticated exception in import task. bsc947735, CVE-2015-5286 - Cleanup chunks for deleted image if token expired. bsc947735, CVE-2015-5286 - Prevent image status being directly modified via v1. bsc945994, CVE-2015-5251 ...

OpenStack Glance Security Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Glance is a project that stores, queries and retrieves virtual machine images. A security bypass vulnerability exists in OpenStack Glance, which can be exploited by ...

OpenStack Image Service Access Restriction Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. Image Service Glance is one of the projects that can store, query, and retrieve virtual machine Image Service Glance is one of the...

CVE-2015-5286

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

PT-2015-6833 · Openstack +1 · Openstack Image Service +1

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions prior to 2014.2.4 juno OpenStack Image Service Glance versions prior to 2015.1.2 kilo Description: The issue allows remote authenticated users to bypass the storage quota and cause a denial of service...

UBUNTU-CVE-2015-5286

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

PT-2015-6817 · Openstack +1 · Openstack Image Service +1

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions prior to 2014.2.4 juno OpenStack Image Service Glance versions 2015.1.x prior to 2015.1.2 kilo Description: The issue allows remote authenticated users to bypass access restrictions and change the statu...

PT-2015-6790 · Openstack · Openstack Image Service

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. Recommendations: For...

openstack-glance: Glance v2 API host file disclosure through qcow2 backing file

A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

CVE-2015-3289

OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...

OpenStack Glance Denial of Service Vulnerability (CNVD-2015-05221)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace, Inc. OpenStack Image Registry and Delivery Service Glance is a project that stores, queries, and retrieves virtual machine images. A denial-of-service...

Fedora Update for openstack-glance FEDORA-2015-6169

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : openstack-glance-2014.2.3-1.fc22 (2015-6169)

Update to upstream 2014.2.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...