From $URL : Description A security issue has been reported in OpenStack Glance, which can be exploited by malicious users to disclose certain sensitive information. The security issue is caused due to an error within the error reporting mechanism, which logs the operator's Swift credentials when accessing a non-existing or mis-configured endpoint. This can lead to the operator's Swift credentials being disclosed via error messages. The security issue is reported in versions Folsom (2012.2) and Essex (2012.1). Solution Fixed in the GIT repository. Further details available to Secunia VIM customers Provided and/or discovered by Dan Prince, Red Hat in a bug report. Original Advisory https://bugs.launchpad.net/glance/+bug/1098962 http://www.openwall.com/lists/oss-security/2013/01/29/10
Will be fixed once this is released. It is fixed in git head, so 9999 works. https://launchpad.net/glance/+milestone/2012.2.3 bug glance side https://bugs.launchpad.net/glance/+bug/1098962
2012.2.1 out of tree and 2012.2.3 in tree (along with 9999). you should be good to close methinks
Thanks, Matthew. Closing noglsa for ~arch only.
CVE-2013-0212 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0212): store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.