Comment 8 for bug 1315321
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: image_size_cap not checked in v2 | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
This vulnerability seems to be introduced in Grizzly at least, and as we don't support grizzly anymore we'll mark every versions up to 2013.2.3 affected.
Here is impact description draft #1:
Title: Glance store DoS through disk space exhaustion
Reporter: Thomas Leaman (HP)
Products: Glance
Versions: up to 2013.2.3 and 2014.1
Description:
Thomas Leaman from Hewlett Packard reported a vulnerability in Glance. By uploading a large enough image to a Glance store, an authenticated user may fill the store space because the image_size_cap configuration is not honored. This may prevent further image upload and/or cause service disruption. Only setups using Glance image service are affected.