Summary: | app-admin/glance: Glance import task leaks image in backend (CVE-2014-9684,CVE-2015-1881) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q1/600 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2015-02-19 15:48:27 UTC
fixed in 2014.2.2-r1 no vuln versions in tree CVE-2015-1881 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1881): OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. CVE-2014-9684 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9684): OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. |