Your submission was sent successfully! Close

CVE-2014-0162

Published: 27 April 2014

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Notes

AuthorNote
jdstrand
fixed in 1:2013.2.3-0ubuntu1 in saucy-updates. Needs a no-change
rebuild for saucy-security
Priority

Medium

Status

Package Release Status
glance
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code-not-present)
quantal Not vulnerable
(code-not-present)
saucy
Released (1:2013.2.3-0ubuntu1.1)
trusty Does not exist
(trusty was not-affected [1:2014.1-0ubuntu1])
upstream
Released (2014.1, 2013.2.3)
Patches:
upstream: https://review.openstack.org/#/c/86626/ (havana)
upstream: https://review.openstack.org/#/c/86622/ (master/icehouse)