SUSE-SU-2013:0491-1: moderate: Security update for openstack-glance

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Mar 19 16:04:47 MDT 2013


   SUSE Security Update: Security update for openstack-glance
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:0491-1
Rating:             moderate
References:         #808626 
Affected Products:
                    SUSE Cloud 1.0
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   Openstack Glance has been updated to fix security issues.

   The following security issue has been fixed:

   * CVE-2013-1840: Stuart McLaren from HP reported a
   vulnerability in the information potentially returned to
   the user in Glance v1 API. If an authenticated user
   requests, through the v1 API, an image that is already
   cached, the headers returned may disclose the Glance
   operator's backend credentials for that endpoint. Only
   setups accepting the Glance v1 API and using either the
   single-tenant Swift store or S3 store are affected.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 1.0:

      zypper in -t patch sleclo10sp2-openstack-glance-7493

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Cloud 1.0 (x86_64):

      openstack-glance-2012.1+git.1352338057.efd7e75-0.7.1
      python-glance-2012.1+git.1352338057.efd7e75-0.7.1


References:

   https://bugzilla.novell.com/808626
   http://download.novell.com/patch/finder/?keywords=8ce969211306b6bb7632abba021db0d5



More information about the sle-security-updates mailing list