OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion. (CVE-2014-9684, CVE-2015-1881) The openstack-glance packages have been upgraded to upstream version 2014.2.3, which provides a number of bug fixes over the previous version. (BZ#1210457) All openstack-glance users are advised to upgrade to these updated packages, which correct these issues.
lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html
rhn.redhat.com/errata/RHSA-2015-0938.html
www.securityfocus.com/bid/72694
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html
bugs.launchpad.net/glance/+bug/1420696
bugzilla.redhat.com/show_bug.cgi?id=1210457
rhn.redhat.com/errata/RHSA-2015-0938.html