MEDIUM

GHSA-j4mh-9wq6-8rg6

OpenStack Glance Bypass the storage quota and Denial of service

Details

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / glance

Introduced in: 0 Fixed in: 11.0.0a0

Fix pip install --upgrade 'glance>=11.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2014-9623 [ADVISORY]
https://github.com/openstack/glance/commit/0dc8fbb3479a53c5bba8475d14f4c7206904c5ea [WEB]
https://github.com/openstack/glance/commit/7d5d8657fd70b20518610b3c6f8e41e16c72fa31 [WEB]
https://github.com/openstack/glance/commit/f1260cc771ee068651aa62b972bef49d9af81eb0 [WEB]
https://bugs.launchpad.net/glance/+bug/1383973 [WEB]
https://bugs.launchpad.net/glance/+bug/1398830 [WEB]
https://github.com/openstack/glance [PACKAGE]
https://security.openstack.org/ossa/OSSA-2015-003.html [WEB]
http://rhn.redhat.com/errata/RHSA-2015-0644.html [WEB]
http://rhn.redhat.com/errata/RHSA-2015-0837.html [WEB]
http://rhn.redhat.com/errata/RHSA-2015-0838.html [WEB]
http://secunia.com/advisories/62165 [WEB]
http://www.openwall.com/lists/oss-security/2015/01/18/4 [WEB]
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html [WEB]