drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Glance
Name: |
Mangelnde Rechteprüfung in Glance |
|
ID: |
USN-1626-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Fr, 9. November 2012, 07:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573
https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2 |
|
Applikationen: |
Glance |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============3166530942585295909== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD7BE72FFADE5E0DE48714550"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD7BE72FFADE5E0DE48714550 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1626-1 November 08, 2012
glance vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
Glance could be made to delete arbitrary images.
Software Description: - glance: OpenStack Image Registry and Delivery Service
Details:
Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: python-glance 2012.2-0ubuntu2.2
Ubuntu 12.04 LTS: python-glance 2012.1.3+stable~20120821-120fcf-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1626-1 CVE-2012-4573
Package Information: https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.2
https://launchpad.net/ubuntu/+source/glance/2012.1.3+stable~20120821-120fcf-0ubuntu1.2
--------------enigD7BE72FFADE5E0DE48714550 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQm+MlAAoJEFHb3FjMVZVzMx0P/3SE8ZGVZH5WT5rZp20uq1Nr cD76TH/VCIELzlJ1CzrlHWHvjvUlWT0/s7ndMsSvvk9TCXUYZXLgXgltclcFx7eD L2LpZrpCCsObrOOnMri1r84YDuhMu7Jxkf0o0LoxaApyKUxyH+3eTFnsHFtkX4/9 mcRP/CWrNltwf23jHPXkO22ObrdQQCx2Floh27SPHuB1CbjTCmlGGKqueA+Cjqi2 dyQrmRWEs4xs34MH8G1WCHBL9C2CWoSRlRBJMFy0OOw8TCLCyMyeGezobbRRYVCA 6+QD2LjAkQryFnkVkJbpiUHI0wUgv4xxgAtHXg5xnQVYdvckWLnhtlNWkrv/V3x5 eLAedpzaM6E9PruETY3yazP2LeD2mn1nhKkXUmT0qHX83UFCovbkCyMQ8/u+Gkge ROlqPJ6k49fCd2UQ1a9JyA1d4s5jK4p2uP7HZquYh+hUNvBbGRbzbZHZHW8N/cez l7zbbjNl81jpY+MDSsgfM23rvGBsreYt8knlxMFH9wDnSpGycQ/vetB4SGlmVsyf 8MTqOu5E3ECDt1KvtWOj6wypr/PjLSou1Dq80OvasJvr5bSe/EW12TNo6s6bpFoN oA8jIJKJHS0H9TpOZqki8hpxcolgLQNNWYRPScMHEb34CEtW1MsYd4gMQ6+PFjqd vWJlFbTYNJt2otYyq+QB =+BJu -----END PGP SIGNATURE-----
--------------enigD7BE72FFADE5E0DE48714550--
--===============3166530942585295909== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============3166530942585295909==--
|
|
|
|