[SECURITY] Fedora 17 Update: openstack-glance-2012.1.2-2.fc17
updates at fedoraproject.org
updates at fedoraproject.org
Wed Nov 21 04:05:54 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-18085
2012-11-13 00:32:23
--------------------------------------------------------------------------------
Name : openstack-glance
Product : Fedora 17
Version : 2012.1.2
Release : 2.fc17
URL : http://glance.openstack.org
Summary : OpenStack Image Service
Description :
OpenStack Image Service (code-named Glance) provides discovery, registration,
and delivery services for virtual disk images. The Image Service API server
provides a standard REST interface for querying information about virtual disk
images stored in a variety of back-end stores, including OpenStack Object
Storage. Clients can register new virtual disk images with the Image Service,
query for information on publicly available disk images, and use the Image
Service's client library for streaming virtual disk images.
This package contains the API and registry servers.
--------------------------------------------------------------------------------
Update Information:
- Fix Glance Authentication bypass for image deletion
- Update to stable/essex 2012.1.2 including...
- Support zero-size image creation via the v1 API
- Allow admins to share images regardless of owner
- Log sensitive store info, rather than exposing over API
- Fix the qpid_heartbeat option to avoid connection timeouts
- Fix image.upload notification to not send stale metadata
- Include chunk_name in swift debug message
- Fix scrubber exception when microsecs in DB (PostgreSQL) dates
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 12 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.2-2
- Fix Glance Authentication bypass for image deletion (CVE-2012-4573)
* Mon Nov 12 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.2-1
- Update to stable/essex 2012.1.2 including...
- Support zero-size image creation via the v1 API
- Allow admins to share images regardless of owner
- Log sensitive store info, rather than exposing over API
- Fix the qpid_heartbeat option to avoid connection timeouts
- Fix image.upload notification to not send stale metadata
- Include chunk_name in swift debug message
- Fix scrubber exception when microsecs in DB (PostgreSQL) dates
* Mon Jul 9 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.1-1
- Update to stable/essex 2012.1.1
- Remove world readable bit on sensitive config files
* Tue May 22 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-8
- Fix an issue with glance-manage db_sync (#823702)
* Mon May 21 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-6
- Sync with essex stable
- Don't auto create database on service start
- Remove openstack-glance-db-setup. use openstack-db instead
* Fri May 18 2012 Alan Pevec <apevec at redhat.com> - 2012.1-5
- Drop hard dep on python-kombu, notifications are configurable
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #874567 - CVE-2012-4573, CVE-2012-5482 OpenStack: Glance Authentication bypass for image deletion [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=874567
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update openstack-glance' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list