drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Glance (Aktualisierung)
| Name: |
Mangelnde Rechteprüfung in Glance (Aktualisierung) |
|
| ID: |
USN-1626-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 12.10 |
|
| Datum: |
Sa, 10. November 2012, 11:15 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573 |
|
| Applikationen: |
Glance |
|
| Update von: |
Mangelnde Rechteprüfung in Glance |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0815100373770208528==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig6F1296E745A42129F71496ED"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6F1296E745A42129F71496ED
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-1626-2
November 09, 2012
glance vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
Glance could be made to delete arbitrary images.
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update
provides the corresponding updates for the v2 API.
Original advisory details:
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-glance 2012.2-0ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1626-2
http://www.ubuntu.com/usn/usn-1626-1
CVE-2012-4573
Package Information:
https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.3
--------------enig6F1296E745A42129F71496ED
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQnYFyAAoJEFHb3FjMVZVzFxEP/1+EhITOmYpsHDWQctw23p1v
mO+J3gug3WYAcNZ239BBhUKW5eYMAyjSrj9Z7VgXftrIatRG1effzRInBKTnHIl5
fIjp7anXNLTPuI7z25Rod1DKNDQcr6K+eI76f98v7lmq18khD4FgdMh2ObCPrAOL
O8sTTA8WTgfCUSAEQU6PaChuCAe8bs4FRjOJdY/bfJKAQR/37X2eatS88FIzjA8Y
N/05xRIZzV6HcIFOVUkvQhuum2MnpGXR4N3BZcqzbAhM1cgQ8gU8xsHXtY055Rht
aJOnQWAkW/Z6CbggIr07QS9yR9sRcK3AWRDyQeMN7IJSDfg+ry05M5Rp/Ctp4W0r
KXVcqTtJ+bn/U0mb1FqLd/EKO/+DA0QObKMXYwBmBXdexXfYBJky7a1JH3oeGy3g
jEI2NYa901FggX3Qa0yIKfiFz6pTmoiSaRa0vXEjp+olNFDex/ZKJ8MzxP2OO3eR
0ltg7ZlrB1gcwA8v1jQGaNmtU+Piu4VdCazX7J/unGsi6foFiSgHa73zyx7xlaFk
RLQsULaIH7tVHMYilc9RSVYyORPBgmeFRSiuBTVuCO4+tjuyZdTyJk+fcNxdaG5d
GJPOVCgZTILEbMsptR077+A3DgoVbnBsxKYqHCQhRcigoEy4xS9IDOQdybH8y/Fn
BeQ3iRqV7PaTgNnqq5jq
=IoWQ
-----END PGP SIGNATURE-----
--------------enig6F1296E745A42129F71496ED--
--===============0815100373770208528==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0815100373770208528==--
|
|
|
|
