SUSE-SU-2013:0491-1: moderate: Security update for openstack-glance
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 19 16:04:47 MDT 2013
SUSE Security Update: Security update for openstack-glance
______________________________________________________________________________
Announcement ID: SUSE-SU-2013:0491-1
Rating: moderate
References: #808626
Affected Products:
SUSE Cloud 1.0
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
Openstack Glance has been updated to fix security issues.
The following security issue has been fixed:
* CVE-2013-1840: Stuart McLaren from HP reported a
vulnerability in the information potentially returned to
the user in Glance v1 API. If an authenticated user
requests, through the v1 API, an image that is already
cached, the headers returned may disclose the Glance
operator's backend credentials for that endpoint. Only
setups accepting the Glance v1 API and using either the
single-tenant Swift store or S3 store are affected.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-openstack-glance-7493
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 1.0 (x86_64):
openstack-glance-2012.1+git.1352338057.efd7e75-0.7.1
python-glance-2012.1+git.1352338057.efd7e75-0.7.1
References:
https://bugzilla.novell.com/808626
http://download.novell.com/patch/finder/?keywords=8ce969211306b6bb7632abba021db0d5
More information about the sle-security-updates
mailing list