CVE-2014-0162

Published: 27 April 2014

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Priority

Medium

Status

Package Release Status
glance
Launchpad, Ubuntu, Debian
Upstream
Released (2014.1, 2013.2.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1:2014.1-0ubuntu1])
Patches:
Upstream: https://review.openstack.org/#/c/86626/ (havana)
Upstream: https://review.openstack.org/#/c/86622/ (master/icehouse)