CVE-2015-3289

Published: 14 August 2015

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.

Priority

Medium

Status

Package Release Status
glance
Launchpad, Ubuntu, Debian
Upstream
Released (2015.1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
Patches:
Upstream: https://review.openstack.org/#/c/181816/ (kilo)
Upstream: https://review.openstack.org/#/c/181345/ (liberty)