SUSE-SU-2014:0453-1: moderate: Security update for openstack-glance

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 26 17:04:24 MDT 2014


   SUSE Security Update: Security update for openstack-glance
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0453-1
Rating:             moderate
References:         #863484 
Cross-References:   CVE-2014-1948
Affected Products:
                    SUSE Cloud 3
______________________________________________________________________________

   An update that fixes one vulnerability is now available. It
   includes one version update.

Description:


   OpenStack Image Registry and Delivery Service (Glance) in
   SUSE Cloud 3  logged a URL containing the Swift store
   backend password when  authentication fails and WARNING
   level logging is enabled, which allowed  local users to
   obtain sensitive information by reading the log.

   Security Issue references:

   * CVE-2014-1948
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948
   >


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 3:

      zypper in -t patch sleclo30sp3-openstack-glance-8955

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev1.g9d89b8e]:

      openstack-glance-2013.2.3.dev1.g9d89b8e-0.7.3
      python-glance-2013.2.3.dev1.g9d89b8e-0.7.3

   - SUSE Cloud 3 (noarch) [New Version: 2013.2.3.dev1.g9d89b8e]:

      openstack-glance-doc-2013.2.3.dev1.g9d89b8e-0.7.3


References:

   http://support.novell.com/security/cve/CVE-2014-1948.html
   https://bugzilla.novell.com/863484
   http://download.suse.com/patch/finder/?keywords=021078b483b4a044adf82d968bd623e7



More information about the sle-security-updates mailing list