drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in Glance (Aktualisierung)
Name: |
Mangelnde Rechteprüfung in Glance (Aktualisierung) |
|
ID: |
USN-1626-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.10 |
|
Datum: |
Sa, 10. November 2012, 11:15 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573 |
|
Applikationen: |
Glance |
|
Update von: |
Mangelnde Rechteprüfung in Glance |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============0815100373770208528== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig6F1296E745A42129F71496ED"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6F1296E745A42129F71496ED Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1626-2 November 09, 2012
glance vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
Glance could be made to delete arbitrary images.
Software Description: - glance: OpenStack Image Registry and Delivery Service
Details:
USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API.
Original advisory details:
Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: python-glance 2012.2-0ubuntu2.3
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1626-2 http://www.ubuntu.com/usn/usn-1626-1 CVE-2012-4573
Package Information: https://launchpad.net/ubuntu/+source/glance/2012.2-0ubuntu2.3
--------------enig6F1296E745A42129F71496ED Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCgAGBQJQnYFyAAoJEFHb3FjMVZVzFxEP/1+EhITOmYpsHDWQctw23p1v mO+J3gug3WYAcNZ239BBhUKW5eYMAyjSrj9Z7VgXftrIatRG1effzRInBKTnHIl5 fIjp7anXNLTPuI7z25Rod1DKNDQcr6K+eI76f98v7lmq18khD4FgdMh2ObCPrAOL O8sTTA8WTgfCUSAEQU6PaChuCAe8bs4FRjOJdY/bfJKAQR/37X2eatS88FIzjA8Y N/05xRIZzV6HcIFOVUkvQhuum2MnpGXR4N3BZcqzbAhM1cgQ8gU8xsHXtY055Rht aJOnQWAkW/Z6CbggIr07QS9yR9sRcK3AWRDyQeMN7IJSDfg+ry05M5Rp/Ctp4W0r KXVcqTtJ+bn/U0mb1FqLd/EKO/+DA0QObKMXYwBmBXdexXfYBJky7a1JH3oeGy3g jEI2NYa901FggX3Qa0yIKfiFz6pTmoiSaRa0vXEjp+olNFDex/ZKJ8MzxP2OO3eR 0ltg7ZlrB1gcwA8v1jQGaNmtU+Piu4VdCazX7J/unGsi6foFiSgHa73zyx7xlaFk RLQsULaIH7tVHMYilc9RSVYyORPBgmeFRSiuBTVuCO4+tjuyZdTyJk+fcNxdaG5d GJPOVCgZTILEbMsptR077+A3DgoVbnBsxKYqHCQhRcigoEy4xS9IDOQdybH8y/Fn BeQ3iRqV7PaTgNnqq5jq =IoWQ -----END PGP SIGNATURE-----
--------------enig6F1296E745A42129F71496ED--
--===============0815100373770208528== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0815100373770208528==--
|
|
|
|