Package "python-glance"
Name: |
python-glance
|
Description: |
OpenStack Image Registry and Delivery Service - Python library
|
Latest version: |
1:2014.1.5-0ubuntu1.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
glance |
Homepage: |
http://launchpad.net/glance |
Links
Download "python-glance"
Other versions of "python-glance" in Trusty
Changelog
glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass via status changing
- debian/patches/CVE-2015-5251.patch: prevent image status being
directly modified in glance/api/v1/__init__.py,
glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
glance/tests/integration/legacy_functional/test_v1_api.py,
test-requirements.txt.
- CVE-2015-5251
* SECURITY UPDATE: storage quota bypass
- debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
if token expired in glance/api/v1/upload_utils.py,
glance/api/v2/image_data.py.
- CVE-2015-5286
* SECURITY UPDATE: image status manipulation through locations removal
- debian/patches/CVE-2016-0757.patch: prevent user from removing last
location of the image in glance/api/v2/images.py,
glance/tests/functional/v2/test_images.py,
glance/tests/unit/v2/test_images_resource.py.
- CVE-2016-0757
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 13:10:04 -0400
|
Source diff to previous version |
CVE-2015-5251 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of |
CVE-2015-5286 |
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage q |
CVE-2016-0757 |
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote aut |
|
glance (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Enforce image_size_cap on v2 upload
- debian/patches/CVE-2014-5356.patch: ensure image_size_cap should be
checked and enforced on upload
- CVE-2014-5356
- LP: #1315321
-- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:22:53 -0500
|
1315321 |
[OSSA 2014-028] image_size_cap not checked in v2 (CVE-2014-5356) |
CVE-2014-5356 |
Glance store DoS through disk space exhaustion |
|
About
-
Send Feedback to @ubuntu_updates