You are here
Home > Preporuke > Sigurnosni nedostatak programa OpenStack Glance

Sigurnosni nedostatak programa OpenStack Glance

==========================================================================
Ubuntu Security Notice USN-2193-1
May 05, 2014

glance vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10

Summary:

OpenStack Glance could be made to run programs as the glance user if it
processed a specially crafted request.

Software Description:
– glance: OpenStack Image Registry and Delivery Service

Details:

Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did
not properly handle untrusted input. A remote authenticated attacker
exploit this to execute arbitrary commands as the glance user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
python-glance 1:2013.2.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2193-1
CVE-2014-0162

Package Information:
https://launchpad.net/ubuntu/+source/glance/1:2013.2.3-0ubuntu1.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTZ/RIAAoJEFHb3FjMVZVziP8P/j6YmeCB5EtFCKtgRfOP4fcz
btkIhvxaxdHTotpcMt9gv9vGVLwK/pDFHITtXE43D5WCneMi10hRWlKF0cH3Tkib
2gwfmaS4N775QbChYr5jHvO4Lx5xd1bJ7DRgWkfpeU9gTWw9bNzmUsKG0Bd4Au9l
twmbOks7Lw9bBgElhMgDiVMVhd4VauaCIaoOKQahCSBDFn8XqMgOAsYMHnmMD7Ob
A78icn1n0Zk7HNdIe42S0SwmLI+ZB/i5cgbz9tPYYSv6Fg18KWkiHXkZNQAgmeS+
tHJHmaFz89qLqW2OCY+HSCU5FsQqz1nZG/hAUH+Lg8mNgbrkesUzQqpbAFgBPu+0
/jP9OByAHZqcKYD+cGCuKeFVjGRT37cn/C1XVlni8HtZHLM8qMl0/3GY8eyxRtk5
73sEj1ktI7vsK0crQexBZLUSe17wcgoFLPCz+WQlntd8R1ksaWbSbROhmvFJ5b/J
BNXNmCzVJPmvPNmhARP5Y+02B3KGp3z32Rag94L31b3RcGZJrfVZFF3p3LliCJLU
S5mczQJXGKe5kwLPRPM2NC7PKe3jwcTCE2A/y/czlIspsg8yZ8wuSCfL1fpfVMU8
sayqvOFZ9tYbR1oV40yd2js2l6I7hWoS1s3TfjS91R2M+eeQsVjXW0beNLnUpAGs
0EzNdHhtVRwp5SSU1OaR
=g3b3
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa icedove

Otkriveni su sigurnosni nedostaci u programskom paketu icedove. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem usluge, stjecanje uvećanih ovlasti,...

Close