Publishing details
Changelog
glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass via status changing
- debian/patches/CVE-2015-5251.patch: prevent image status being
directly modified in glance/api/v1/__init__.py,
glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
glance/tests/integration/legacy_functional/test_v1_api.py,
test-requirements.txt.
- CVE-2015-5251
* SECURITY UPDATE: storage quota bypass
- debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
if token expired in glance/api/v1/upload_utils.py,
glance/api/v2/image_data.py.
- CVE-2015-5286
* SECURITY UPDATE: image status manipulation through locations removal
- debian/patches/CVE-2016-0757.patch: prevent user from removing last
location of the image in glance/api/v2/images.py,
glance/tests/functional/v2/test_images.py,
glance/tests/unit/v2/test_images_resource.py.
- CVE-2016-0757
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 13:10:04 -0400
Builds
Built packages
-
glance
OpenStack Image Registry and Delivery Service - Daemons
-
glance-api
OpenStack Image Registry and Delivery Service - API
-
glance-common
OpenStack Image Registry and Delivery Service - Common
-
glance-registry
OpenStack Image Registry and Delivery Service - Registry
-
python-glance
OpenStack Image Registry and Delivery Service - Python library
-
python-glance-doc
OpenStack Image Registry and Delivery Service - Documentation
Package files