—

PYSEC-2015-38

상세

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / glance

최초 영향 버전: 0 수정 버전: 11.0.0a0

수정 pip install --upgrade 'glance>=11.0.0a0'

PyPI / glance

최초 영향 버전: 0 수정 버전: 11.0.0a0

수정 pip install --upgrade 'glance>=11.0.0a0'

참고

https://bugs.launchpad.net/glance/+bug/1420696 [EVIDENCE]
http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html [ADVISORY]
http://rhn.redhat.com/errata/RHSA-2015-0938.html [ADVISORY]
http://www.securityfocus.com/bid/72694 [WEB]