SUSE-SU-2013:0491-1: moderate: Security update for openstack-glance

sle-updates at sle-updates at
Tue Mar 19 16:04:47 MDT 2013

   SUSE Security Update: Security update for openstack-glance

Announcement ID:    SUSE-SU-2013:0491-1
Rating:             moderate
References:         #808626 
Affected Products:
                    SUSE Cloud 1.0

   An update that contains security fixes can now be installed.


   Openstack Glance has been updated to fix security issues.

   The following security issue has been fixed:

   * CVE-2013-1840: Stuart McLaren from HP reported a
   vulnerability in the information potentially returned to
   the user in Glance v1 API. If an authenticated user
   requests, through the v1 API, an image that is already
   cached, the headers returned may disclose the Glance
   operator's backend credentials for that endpoint. Only
   setups accepting the Glance v1 API and using either the
   single-tenant Swift store or S3 store are affected.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Cloud 1.0:

      zypper in -t patch sleclo10sp2-openstack-glance-7493

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Cloud 1.0 (x86_64):



More information about the sle-updates mailing list