[Openstack] [OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163)
tdecacqu at redhat.com
Thu Aug 13 21:11:21 UTC 2015
OSSA-2015-014: Glance v2 API host file disclosure through qcow2 backing file
:Date: August 13, 2015
- Glance: 2015.1 versions through 2015.1.1
Eric Harney from Red Hat reported a vulnerability in Glance. By
importing a qcow2 image with a malicious backing file, an
authenticated user may mislead Glance import task action, resulting in
the disclosure of any file on the Glance server for which the Glance
process user has access to. Only setups using the Glance V2 API are
affected by this flaw.
- https://review.openstack.org/212568 (Kilo)
- https://review.openstack.org/212567 (Liberty)
- Eric Harney from Red Hat (CVE-2015-5163)
- This fix will be included in the future 2015.1.2 (kilo) release.
OpenStack Vulnerability Management Team
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Openstack