USN-3446-1: OpenStack Glance vulnerabilities
11 October 2017
Several security issues were fixed in OpenStack Glance.
- glance - OpenStack Image Registry and Delivery Service
Hemanth Makkapati discovered that OpenStack Glance incorrectly handled
access restrictions. A remote authenticated user could use this issue to
change the status of images, contrary to access restrictions.
Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly
handled the storage quota. A remote authenticated user could use this issue
to consume disk resources, leading to a denial of service. (CVE-2015-5286)
Erno Kuvaja discovered that OpenStack Glance incorrectly handled the
show_multiple_locations option. When show_multiple_locations is enabled,
a remote authenticated user could change an image status and upload new
image data. (CVE-2016-0757)