Date: Thu, 19 Feb 2015 10:36:54 -0500 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: CVE request for vulnerability in OpenStack Glance A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Glance import task leaks image in backend Reporter: Abhishek Kekane (NTT) Products: Glance Affects: 2014.2 versions through 2014.2.2 Description: Abhishek Kekane from NTT reported a vulnerability in the Glance import task. By creating numerous images using the task API and deleting them, an authenticated attacker may accumulate untracked image data in the backend resulting in potential resource exhaustion and denial of service. All glance setups using API v2 are affected. References: https://launchpad.net/bugs/1420696 https://launchpad.net/bugs/1422716 Thanks in advance, -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ