SUSE-SU-2014:0453-1: moderate: Security update for openstack-glance
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Mar 26 17:04:24 MDT 2014
SUSE Security Update: Security update for openstack-glance
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0453-1
Rating: moderate
References: #863484
Cross-References: CVE-2014-1948
Affected Products:
SUSE Cloud 3
______________________________________________________________________________
An update that fixes one vulnerability is now available. It
includes one version update.
Description:
OpenStack Image Registry and Delivery Service (Glance) in
SUSE Cloud 3 logged a URL containing the Swift store
backend password when authentication fails and WARNING
level logging is enabled, which allowed local users to
obtain sensitive information by reading the log.
Security Issue references:
* CVE-2014-1948
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1948
>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 3:
zypper in -t patch sleclo30sp3-openstack-glance-8955
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 3 (x86_64) [New Version: 2013.2.3.dev1.g9d89b8e]:
openstack-glance-2013.2.3.dev1.g9d89b8e-0.7.3
python-glance-2013.2.3.dev1.g9d89b8e-0.7.3
- SUSE Cloud 3 (noarch) [New Version: 2013.2.3.dev1.g9d89b8e]:
openstack-glance-doc-2013.2.3.dev1.g9d89b8e-0.7.3
References:
http://support.novell.com/security/cve/CVE-2014-1948.html
https://bugzilla.novell.com/863484
http://download.suse.com/patch/finder/?keywords=021078b483b4a044adf82d968bd623e7
More information about the sle-security-updates
mailing list