UbuntuUpdates.org

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons

Latest version: 1:2014.1.5-0ubuntu1.1
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://launchpad.net/glance

Links


Download "glance"


Other versions of "glance" in Trusty

Repository Area Version
base main 1:2014.1-0ubuntu1
security main 1:2014.1.5-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:2014.1.5-0ubuntu1.1 2017-10-11 15:06:49 UTC

  glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: access restrictions bypass via status changing
    - debian/patches/CVE-2015-5251.patch: prevent image status being
      directly modified in glance/api/v1/__init__.py,
      glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
      glance/tests/integration/legacy_functional/test_v1_api.py,
      test-requirements.txt.
    - CVE-2015-5251
  * SECURITY UPDATE: storage quota bypass
    - debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
      if token expired in glance/api/v1/upload_utils.py,
      glance/api/v2/image_data.py.
    - CVE-2015-5286
  * SECURITY UPDATE: image status manipulation through locations removal
    - debian/patches/CVE-2016-0757.patch: prevent user from removing last
      location of the image in glance/api/v2/images.py,
      glance/tests/functional/v2/test_images.py,
      glance/tests/unit/v2/test_images_resource.py.
    - CVE-2016-0757

 -- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 13:10:04 -0400

Source diff to previous version
CVE-2015-5251 OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of
CVE-2015-5286 OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage q
CVE-2016-0757 OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote aut

Version: 1:2014.1.5-0ubuntu1 2015-07-08 05:07:15 UTC

  glance (1:2014.1.5-0ubuntu1) trusty; urgency=medium

  * Resynchronize with stable/icehouse (f66170d) (LP: #1467533):
    - [f66170d] Fix Icehouse RBD delete image on creation failure
  * d/p/fix-requirements.patch: Rebased

 -- Corey Bryant Mon, 22 Jun 2015 10:12:40 -0400

Source diff to previous version

Version: 1:2014.1.4-0ubuntu2 2015-04-13 21:06:18 UTC

  glance (1:2014.1.4-0ubuntu2) trusty; urgency=medium

  * d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).
 -- Corey Bryant <email address hidden> Mon, 30 Mar 2015 08:54:37 -0400

Source diff to previous version

Version: 1:2014.1.3-0ubuntu1 2014-10-20 20:06:41 UTC

  glance (1:2014.1.3-0ubuntu1) trusty; urgency=medium

  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (01ebe84) (LP: #1377136):
    - [f43b1c2] Block sqlalchemy-migrate 0.9.2
    - [d0453ae] Check on schemes not stores
    - [bba31d0] Fix collection order issues and unit test failures
    - [31a4d18] Enforce image_size_cap on v2 upload
    - [fcc9379] Fix image killed after deletion
    - [01ebe84] Set python hash seed to 0 in tox.ini
 -- Chuck Short <email address hidden> Mon, 06 Oct 2014 08:49:14 -0400

Source diff to previous version

Version: 1:2014.1.2-0ubuntu1.1 2014-08-21 21:06:23 UTC

  glance (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Enforce image_size_cap on v2 upload
    - debian/patches/CVE-2014-5356.patch: ensure image_size_cap should be
      checked and enforced on upload
    - CVE-2014-5356
    - LP: #1315321
 -- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:22:53 -0500

1315321 [OSSA 2014-028] image_size_cap not checked in v2 (CVE-2014-5356)
CVE-2014-5356 Glance store DoS through disk space exhaustion



About   -   Send Feedback to @ubuntu_updates