drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Glance
| Name: |
Mangelnde Rechteprüfung in Glance |
|
| ID: |
USN-1626-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
| Datum: |
Fr, 9. November 2012, 07:06 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573
https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2 |
|
| Applikationen: |
Glance |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============3166530942585295909==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigD7BE72FFADE5E0DE48714550"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD7BE72FFADE5E0DE48714550
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1626-1
November 08, 2012
glance vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Glance could be made to delete arbitrary images.
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-glance 2012.2-0ubuntu2.2
Ubuntu 12.04 LTS:
python-glance 2012.1.3+stable~20120821-120fcf-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1626-1
CVE-2012-4573
Package Information:
https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.2
https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2
--------------enigD7BE72FFADE5E0DE48714550
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQm+MlAAoJEFHb3FjMVZVzMx0P/3SE8ZGVZH5WT5rZp20uq1Nr
cD76TH/VCIELzlJ1CzrlHWHvjvUlWT0/s7ndMsSvvk9TCXUYZXLgXgltclcFx7eD
L2LpZrpCCsObrOOnMri1r84YDuhMu7Jxkf0o0LoxaApyKUxyH+3eTFnsHFtkX4/9
mcRP/CWrNltwf23jHPXkO22ObrdQQCx2Floh27SPHuB1CbjTCmlGGKqueA+Cjqi2
dyQrmRWEs4xs34MH8G1WCHBL9C2CWoSRlRBJMFy0OOw8TCLCyMyeGezobbRRYVCA
6+QD2LjAkQryFnkVkJbpiUHI0wUgv4xxgAtHXg5xnQVYdvckWLnhtlNWkrv/V3x5
eLAedpzaM6E9PruETY3yazP2LeD2mn1nhKkXUmT0qHX83UFCovbkCyMQ8/u+Gkge
ROlqPJ6k49fCd2UQ1a9JyA1d4s5jK4p2uP7HZquYh+hUNvBbGRbzbZHZHW8N/cez
l7zbbjNl81jpY+MDSsgfM23rvGBsreYt8knlxMFH9wDnSpGycQ/vetB4SGlmVsyf
8MTqOu5E3ECDt1KvtWOj6wypr/PjLSou1Dq80OvasJvr5bSe/EW12TNo6s6bpFoN
oA8jIJKJHS0H9TpOZqki8hpxcolgLQNNWYRPScMHEb34CEtW1MsYd4gMQ6+PFjqd
vWJlFbTYNJt2otYyq+QB
=+BJu
-----END PGP SIGNATURE-----
--------------enigD7BE72FFADE5E0DE48714550--
--===============3166530942585295909==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3166530942585295909==--
|
|
|
|
