CVE-2014-5356
Published: 20 August 2014
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
Priority
Status
Package | Release | Status |
---|---|---|
glance Launchpad, Ubuntu, Debian |
Upstream |
Needed
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [1:2014.1.2-0ubuntu1.1])
|
|
Patches: Upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=92ab00fca6926eaf3f7f92a955a5e07140063718 (master) Upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=31a4d1852a0c27bac5757c192f300f051229a312 (icehouse) Upstream: https://git.openstack.org/cgit/openstack/glance/commit/?id=12f43cfed5a47cd16f08b7dad2424da0fc362e47 (havana) |