—

PYSEC-2015-38

Details

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / glance

Introduced in: 0 Fixed in: 11.0.0a0

Fix pip install --upgrade 'glance>=11.0.0a0'

PyPI / glance

Introduced in: 0 Fixed in: 11.0.0a0

Fix pip install --upgrade 'glance>=11.0.0a0'

References

https://bugs.launchpad.net/glance/+bug/1420696 [EVIDENCE]
http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html [ADVISORY]
http://rhn.redhat.com/errata/RHSA-2015-0938.html [ADVISORY]
http://www.securityfocus.com/bid/72694 [WEB]