CVE-2014-5356
Published: 20 August 2014
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Priority
Status
Package | Release | Status |
---|---|---|
glance Launchpad, Ubuntu, Debian |
upstream |
Needed
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
(code-not-present)
|
|
trusty |
Does not exist
(trusty was released [1:2014.1.2-0ubuntu1.1])
|
|
Patches: upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=92ab00fca6926eaf3f7f92a955a5e07140063718 (master) upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=31a4d1852a0c27bac5757c192f300f051229a312 (icehouse) upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=12f43cfed5a47cd16f08b7dad2424da0fc362e47 (havana) |