CVE-2013-4428

Publication date 16 October 2013

Last updated 24 July 2024


Ubuntu priority

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

Read the notes from the security team

Status

Package Ubuntu Release Status
glance 13.10 saucy
Not affected
13.04 raring
Fixed 1:2013.1.3-0ubuntu1.1
12.10 quantal
Fixed 2012.2.4-0ubuntu1.1
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Notes


jdstrand

Essex (Ubuntu 12.04 LTS) does not have the download_image

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
glance

References

Related Ubuntu Security Notices (USN)

Other references