Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9684 (GCVE-0-2014-9684)
Vulnerability from cvelistv5
Published
2015-02-24 15:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"name": "RHSA-2015:0938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"name": "72692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"name": "RHSA-2015:0938",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"name": "72692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1371118",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"name": "RHSA-2015:0938",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"name": "72692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9684",
"datePublished": "2015-02-24T15:00:00",
"dateReserved": "2015-02-19T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-9684\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-02-24T15:59:03.537\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.\"},{\"lang\":\"es\",\"value\":\"OpenStack Image Registry and Delivery Service (Glance) 2014.2 hasta 2014.2.2 no elimina correctamente las im\u00e1genes, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante la creaci\u00f3n de un n\u00famero grande de im\u00e1genes al utilizar una API v2 de tareas y posteriormente elimin\u00e1ndolas antes de que terminen las subidas, una vulnerabilidad diferente a CVE-2015-1881.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2014.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"072E34B9-5979-4291-B1D2-762A7C515641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2014.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEAB5B21-2F3D-4A5D-9554-B7F984FF5D48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):2014.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"071E2B7B-5E6B-4108-8E46-5E72AC22B168\"}]}]}],\"references\":[{\"url\":\"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0938.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/72692\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/glance/+bug/1371118\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0938.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/72692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/glance/+bug/1371118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
}
}
pysec-2015-37
Vulnerability from pysec
Published
2015-02-24 15:59
Modified
2024-11-25 18:35
Details
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
Impacted products
| Name | purl | glance | glance |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "glance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "glance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-9684"
],
"details": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.",
"id": "PYSEC-2015-37",
"modified": "2024-11-25T18:35:18.357593Z",
"published": "2015-02-24T15:59:00Z",
"references": [
{
"type": "ADVISORY",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"type": "EVIDENCE",
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"type": "ADVISORY",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/72692"
}
]
}
suse-su-2015:1515-1
Vulnerability from csaf_suse
Published
2015-08-25 08:34
Modified
2015-08-25 08:34
Summary
Security update for openstack and python-oslo.utils
Notes
Title of the patch
Security update for openstack and python-oslo.utils
Description of the patch
This update provides the following fixes provided from the upstream OpenStack-project:
- openstack-suse:
+ do not copy upstream python requirements to the package, we rely on Requires; upstream requirements.txt introduce version caps which we do not follow (bnc#920573)
- openstack-sahara:
+ Fix getting heat stack in Sahara
+ Fixed scaling with new node group with auto sg
+ Open all ports for private network for auto SG
+ Fix for getting auth url for hadoop-swift
+ Fixed auto security group cleanup in case of creation error
+ Add list of open ports for Cloudera plugin
+ Add missed files for migrations in MANIFEST.in
+ Include launch_command.py in MANIFEST.in
+ Fix requires
- openstack-keystone:
+ Updated hybrid backend to include fix for bsc#935892
+ Deal with PEP-0476 certificate chaining checking
+ Backport fixes for v3 API sample policy file (lp#1381809 and lp#1392155).
+ Install v3 sample policy into the doc directory
+ Update hybrid backend to include latest fixes for v3 protocol (bsc#928718)
+ backend_argument should be marked secret
+ Work with pymongo 3.0
+ Speed up memcache lock
+ Fix up _ldap_res_to_model for ldap identity backend
+ Don't try to convert LDAP attributes to boolean
+ Fix the wrong update logic of catalog kvs driver
+ Do parameter check before updating endpoint_group
+ Correct initialization order for logging to use eventlet locks
+ Fix the syntax issue on creating table `endpoint_group`
- openstack-heat:
+ Add env storing for loaded environments
+ Fix block_device_mapping property validation when using get_attr
+ Add default_client_name in Nova::FloatingIPAssoc
+ Fix cloud-init Python syntax for Python < 2.6
+ Allow lists and strings for Json parameters via provider resources
+ RandomString physical_resource_id as id not the string
+ Authenticate the domain user with id instead of username
+ Tell stevedore not to force verify requirements
+ Use properties.data when testing for 'provided by the user'
+ Ship /usr/lib/heat directory in openstack-heat-engine subpackage, since that's where plugin are loaded from.
+ Create openstack-heat-plugin-heat_docker subpackage to ship the heat_docker plugin.
+ Fix update on failed stack
+ Enable https for keystone while creating stack user
+ Change the engine-listener topic
+ Just to delete the stack when adopt rollback
+ Release stack lock when successfully acquire
+ Add dependency on Router External Gateway property
+ Use only FIP dependencies from graph
+ Add dependency hidden on router_interface
+ Update heat.conf.sample
+ Upgrade requirements for kombu and greenlet to Juno versions (bnc#920573)
+ Stop patching oslo.messaging private bits
- openstack-glance:
+ Eventlet green threads not released back to pool
+ Replace assert statements with proper control-flow
+ Fix intermittent unit test failures
+ Initiate deletion of image files if the import was interrupted to prevent denial of service (bnc#918784, CVE-2014-9684)
- openstack-cinder:
+ Remove nonexistent LIO terminate_connection call
+ Disallow backing files when uploading volumes to image
+ LVM: Pass volume size in MiB to copy_volume() during volume migration
+ Remove iscsi_helper calls from base iscsi driver
+ Fix exceptions logging in iSCSI targets
+ Delete the temporary volume if migration fails
+ Get the 'consumer' in a correct way for retyping with qos-specs
+ Fix re-export of iscsi volume when using lioadm
+ Revert 'Add support for customized cluster name'
+ Failed to discovery when iscsi multipath and CHAP both enabled
+ Add support for customized cluster name
+ Only use operational LIFs for iscsi target details
+ Clear migration_status from a destination volume if migration fails
+ Deal with PEP-0476 certificate chaining checking
- openstack-ceilometer:
+ Ensure unique list of consumers created
+ Add bandwidth to measurements
+ Rely on VM UUID to fetch metrics in libvirt
+ Retry to connect database when DB2 or mongodb is restarted
+ Use alarm's evaluation periods in sufficient test
+ [MongoDB] Fix bug with reconnection to new master node
+ Fix the value of query_spec.maxSample to advoid to be zero
+ Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. See also bsc#930574
+ Metering data ttl sql backend breaks resource metadata
+ Stop mocking os.path in test_setup_events_default_config
+ Move the cron job to collector package (bnc#926596)
+ Catch exception when evaluate single alarm
- python-oslo.utils:
+ Update to version 1.4.0
* Add a stopwatch + split for duration(s)
* Allow providing a logger to save_and_reraise_exception
* Utility API to generate EUI-64 IPv6 address
* Add a eventlet utils helper module
* Add microsecond support to iso8601_from_timestamp
* Update Oslo imports to remove namespace package
* Add TimeFixture
* Add microsecond support to timeutils.utcnow_ts()
- python-oslo.i18n:
+ Update to version 1.3.1
* Remove deprecation warning (bnc#931204)
* Correct the translation domain for loading messages
* Workflow documentation is now in infra-manual
* Imported Translations from Transifex
* Activate pep8 check that _ is imported
* Make clear in docs to use _LE() when using LOG.exception()
* Support building wheels (PEP-427)
- python-six:
+ Update to version 1.9.0
* Support the `flush` parameter to `six.print_`.
* Add the `python_2_unicode_compatible` decorator.
* Ensure `six.wraps` respects the *updated* and *assigned* arguments.
* Fix `six.moves` race condition in multi-threaded code.
* Add `six.view(keys|values|itmes)`, which provide dictionary views on Python 2.7+.
* Fix add_metaclass when the class has __slots__ containing '__weakref__' or '__dict__'.
* Always accept *updated* and *assigned* arguments for wraps().
* Fix import six on Python 3.4 with a custom loader.
Patchnames
sleclo50sp3-openstack-201507-12074
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openstack and python-oslo.utils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update provides the following fixes provided from the upstream OpenStack-project:\n\n- openstack-suse:\n + do not copy upstream python requirements to the package, we rely on Requires; upstream requirements.txt introduce version caps which we do not follow (bnc#920573)\n\n- openstack-sahara:\n + Fix getting heat stack in Sahara\n + Fixed scaling with new node group with auto sg\n + Open all ports for private network for auto SG\n + Fix for getting auth url for hadoop-swift\n + Fixed auto security group cleanup in case of creation error\n + Add list of open ports for Cloudera plugin\n + Add missed files for migrations in MANIFEST.in\n + Include launch_command.py in MANIFEST.in\n + Fix requires\n\n- openstack-keystone:\n + Updated hybrid backend to include fix for bsc#935892\n + Deal with PEP-0476 certificate chaining checking\n + Backport fixes for v3 API sample policy file (lp#1381809 and lp#1392155).\n + Install v3 sample policy into the doc directory\n + Update hybrid backend to include latest fixes for v3 protocol (bsc#928718)\n + backend_argument should be marked secret\n + Work with pymongo 3.0\n + Speed up memcache lock\n + Fix up _ldap_res_to_model for ldap identity backend\n + Don\u0027t try to convert LDAP attributes to boolean\n + Fix the wrong update logic of catalog kvs driver\n + Do parameter check before updating endpoint_group\n + Correct initialization order for logging to use eventlet locks\n + Fix the syntax issue on creating table `endpoint_group`\n\n- openstack-heat:\n + Add env storing for loaded environments\n + Fix block_device_mapping property validation when using get_attr\n + Add default_client_name in Nova::FloatingIPAssoc\n + Fix cloud-init Python syntax for Python \u003c 2.6\n + Allow lists and strings for Json parameters via provider resources\n + RandomString physical_resource_id as id not the string\n + Authenticate the domain user with id instead of username\n + Tell stevedore not to force verify requirements\n + Use properties.data when testing for \u0027provided by the user\u0027\n + Ship /usr/lib/heat directory in openstack-heat-engine subpackage, since that\u0027s where plugin are loaded from.\n + Create openstack-heat-plugin-heat_docker subpackage to ship the heat_docker plugin.\n + Fix update on failed stack\n + Enable https for keystone while creating stack user\n + Change the engine-listener topic\n + Just to delete the stack when adopt rollback\n + Release stack lock when successfully acquire\n + Add dependency on Router External Gateway property\n + Use only FIP dependencies from graph\n + Add dependency hidden on router_interface\n + Update heat.conf.sample\n + Upgrade requirements for kombu and greenlet to Juno versions (bnc#920573)\n + Stop patching oslo.messaging private bits\n\n- openstack-glance:\n + Eventlet green threads not released back to pool\n + Replace assert statements with proper control-flow\n + Fix intermittent unit test failures\n + Initiate deletion of image files if the import was interrupted to prevent denial of service (bnc#918784, CVE-2014-9684)\n\n- openstack-cinder:\n + Remove nonexistent LIO terminate_connection call\n + Disallow backing files when uploading volumes to image\n + LVM: Pass volume size in MiB to copy_volume() during volume migration\n + Remove iscsi_helper calls from base iscsi driver\n + Fix exceptions logging in iSCSI targets\n + Delete the temporary volume if migration fails\n + Get the \u0027consumer\u0027 in a correct way for retyping with qos-specs\n + Fix re-export of iscsi volume when using lioadm\n + Revert \u0027Add support for customized cluster name\u0027\n + Failed to discovery when iscsi multipath and CHAP both enabled\n + Add support for customized cluster name\n + Only use operational LIFs for iscsi target details\n + Clear migration_status from a destination volume if migration fails\n + Deal with PEP-0476 certificate chaining checking\n\n- openstack-ceilometer:\n + Ensure unique list of consumers created\n + Add bandwidth to measurements\n + Rely on VM UUID to fetch metrics in libvirt\n + Retry to connect database when DB2 or mongodb is restarted\n + Use alarm\u0027s evaluation periods in sufficient test\n + [MongoDB] Fix bug with reconnection to new master node\n + Fix the value of query_spec.maxSample to advoid to be zero\n + Fix issue when ceilometer-expirer is called from the wrong user via cronjob and the resulting logs end up having wrong ownership. See also bsc#930574\n + Metering data ttl sql backend breaks resource metadata\n + Stop mocking os.path in test_setup_events_default_config\n + Move the cron job to collector package (bnc#926596) \n + Catch exception when evaluate single alarm\n \n- python-oslo.utils:\n + Update to version 1.4.0\n * Add a stopwatch + split for duration(s)\n * Allow providing a logger to save_and_reraise_exception\n * Utility API to generate EUI-64 IPv6 address\n * Add a eventlet utils helper module\n * Add microsecond support to iso8601_from_timestamp\n * Update Oslo imports to remove namespace package\n * Add TimeFixture\n * Add microsecond support to timeutils.utcnow_ts()\n\n- python-oslo.i18n:\n + Update to version 1.3.1\n * Remove deprecation warning (bnc#931204)\n * Correct the translation domain for loading messages\n * Workflow documentation is now in infra-manual\n * Imported Translations from Transifex\n * Activate pep8 check that _ is imported\n * Make clear in docs to use _LE() when using LOG.exception()\n * Support building wheels (PEP-427)\n\n- python-six:\n + Update to version 1.9.0\n * Support the `flush` parameter to `six.print_`.\n * Add the `python_2_unicode_compatible` decorator.\n * Ensure `six.wraps` respects the *updated* and *assigned* arguments.\n * Fix `six.moves` race condition in multi-threaded code.\n * Add `six.view(keys|values|itmes)`, which provide dictionary views on Python 2.7+.\n * Fix add_metaclass when the class has __slots__ containing \u0027__weakref__\u0027 or \u0027__dict__\u0027.\n * Always accept *updated* and *assigned* arguments for wraps().\n * Fix import six on Python 3.4 with a custom loader.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-openstack-201507-12074",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1515-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1515-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151515-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1515-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001581.html"
},
{
"category": "self",
"summary": "SUSE Bug 918784",
"url": "https://bugzilla.suse.com/918784"
},
{
"category": "self",
"summary": "SUSE Bug 920573",
"url": "https://bugzilla.suse.com/920573"
},
{
"category": "self",
"summary": "SUSE Bug 926596",
"url": "https://bugzilla.suse.com/926596"
},
{
"category": "self",
"summary": "SUSE Bug 928718",
"url": "https://bugzilla.suse.com/928718"
},
{
"category": "self",
"summary": "SUSE Bug 930574",
"url": "https://bugzilla.suse.com/930574"
},
{
"category": "self",
"summary": "SUSE Bug 931204",
"url": "https://bugzilla.suse.com/931204"
},
{
"category": "self",
"summary": "SUSE Bug 935892",
"url": "https://bugzilla.suse.com/935892"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9684 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9684/"
}
],
"title": "Security update for openstack and python-oslo.utils",
"tracking": {
"current_release_date": "2015-08-25T08:34:56Z",
"generator": {
"date": "2015-08-25T08:34:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1515-1",
"initial_release_date": "2015-08-25T08:34:56Z",
"revision_history": [
{
"date": "2015-08-25T08:34:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch",
"product": {
"name": "openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch",
"product_id": "openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch"
}
},
{
"category": "product_version",
"name": "openstack-cinder-doc-2014.2.4.dev19-9.12.noarch",
"product": {
"name": "openstack-cinder-doc-2014.2.4.dev19-9.12.noarch",
"product_id": "openstack-cinder-doc-2014.2.4.dev19-9.12.noarch"
}
},
{
"category": "product_version",
"name": "openstack-glance-doc-2014.2.4.dev5-9.7.noarch",
"product": {
"name": "openstack-glance-doc-2014.2.4.dev5-9.7.noarch",
"product_id": "openstack-glance-doc-2014.2.4.dev5-9.7.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-doc-2014.2.4.dev13-9.8.noarch",
"product": {
"name": "openstack-heat-doc-2014.2.4.dev13-9.8.noarch",
"product_id": "openstack-heat-doc-2014.2.4.dev13-9.8.noarch"
}
},
{
"category": "product_version",
"name": "openstack-keystone-doc-2014.2.4.dev5-11.12.noarch",
"product": {
"name": "openstack-keystone-doc-2014.2.4.dev5-11.12.noarch",
"product_id": "openstack-keystone-doc-2014.2.4.dev5-11.12.noarch"
}
},
{
"category": "product_version",
"name": "openstack-sahara-doc-2014.2.4.dev3-9.5.noarch",
"product": {
"name": "openstack-sahara-doc-2014.2.4.dev3-9.5.noarch",
"product_id": "openstack-sahara-doc-2014.2.4.dev3-9.5.noarch"
}
},
{
"category": "product_version",
"name": "openstack-suse-sudo-2014.2-9.2.noarch",
"product": {
"name": "openstack-suse-sudo-2014.2-9.2.noarch",
"product_id": "openstack-suse-sudo-2014.2-9.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-ceilometer-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64",
"product_id": "openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-cinder-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "openstack-cinder-2014.2.4.dev19-9.7.x86_64",
"product_id": "openstack-cinder-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-cinder-api-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "openstack-cinder-api-2014.2.4.dev19-9.7.x86_64",
"product_id": "openstack-cinder-api-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64",
"product_id": "openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64",
"product_id": "openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64",
"product_id": "openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-glance-2014.2.4.dev5-9.5.x86_64",
"product": {
"name": "openstack-glance-2014.2.4.dev5-9.5.x86_64",
"product_id": "openstack-glance-2014.2.4.dev5-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-heat-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "openstack-heat-2014.2.4.dev13-9.6.x86_64",
"product_id": "openstack-heat-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-heat-api-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "openstack-heat-api-2014.2.4.dev13-9.6.x86_64",
"product_id": "openstack-heat-api-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64",
"product_id": "openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64",
"product_id": "openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-heat-engine-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "openstack-heat-engine-2014.2.4.dev13-9.6.x86_64",
"product_id": "openstack-heat-engine-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-keystone-2014.2.4.dev5-11.8.x86_64",
"product": {
"name": "openstack-keystone-2014.2.4.dev5-11.8.x86_64",
"product_id": "openstack-keystone-2014.2.4.dev5-11.8.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-sahara-2014.2.4.dev3-9.5.x86_64",
"product": {
"name": "openstack-sahara-2014.2.4.dev3-9.5.x86_64",
"product_id": "openstack-sahara-2014.2.4.dev3-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-sahara-api-2014.2.4.dev3-9.5.x86_64",
"product": {
"name": "openstack-sahara-api-2014.2.4.dev3-9.5.x86_64",
"product_id": "openstack-sahara-api-2014.2.4.dev3-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64",
"product": {
"name": "openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64",
"product_id": "openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-ceilometer-2014.2.4.dev18-9.7.x86_64",
"product": {
"name": "python-ceilometer-2014.2.4.dev18-9.7.x86_64",
"product_id": "python-ceilometer-2014.2.4.dev18-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "python-cinder-2014.2.4.dev19-9.7.x86_64",
"product": {
"name": "python-cinder-2014.2.4.dev19-9.7.x86_64",
"product_id": "python-cinder-2014.2.4.dev19-9.7.x86_64"
}
},
{
"category": "product_version",
"name": "python-glance-2014.2.4.dev5-9.5.x86_64",
"product": {
"name": "python-glance-2014.2.4.dev5-9.5.x86_64",
"product_id": "python-glance-2014.2.4.dev5-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-heat-2014.2.4.dev13-9.6.x86_64",
"product": {
"name": "python-heat-2014.2.4.dev13-9.6.x86_64",
"product_id": "python-heat-2014.2.4.dev13-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "python-keystone-2014.2.4.dev5-11.8.x86_64",
"product": {
"name": "python-keystone-2014.2.4.dev5-11.8.x86_64",
"product_id": "python-keystone-2014.2.4.dev5-11.8.x86_64"
}
},
{
"category": "product_version",
"name": "python-oslo.i18n-1.3.1-9.6.x86_64",
"product": {
"name": "python-oslo.i18n-1.3.1-9.6.x86_64",
"product_id": "python-oslo.i18n-1.3.1-9.6.x86_64"
}
},
{
"category": "product_version",
"name": "python-oslo.utils-1.4.0-14.2.x86_64",
"product": {
"name": "python-oslo.utils-1.4.0-14.2.x86_64",
"product_id": "python-oslo.utils-1.4.0-14.2.x86_64"
}
},
{
"category": "product_version",
"name": "python-oslotest-1.2.0-2.5.x86_64",
"product": {
"name": "python-oslotest-1.2.0-2.5.x86_64",
"product_id": "python-oslotest-1.2.0-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-sahara-2014.2.4.dev3-9.5.x86_64",
"product": {
"name": "python-sahara-2014.2.4.dev3-9.5.x86_64",
"product_id": "python-sahara-2014.2.4.dev3-9.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-six-1.9.0-9.2.x86_64",
"product": {
"name": "python-six-1.9.0-9.2.x86_64",
"product_id": "python-six-1.9.0-9.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch"
},
"product_reference": "openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "openstack-cinder-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-api-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-api-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "openstack-cinder-api-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-doc-2014.2.4.dev19-9.12.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-doc-2014.2.4.dev19-9.12.noarch"
},
"product_reference": "openstack-cinder-doc-2014.2.4.dev19-9.12.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-glance-2014.2.4.dev5-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.dev5-9.5.x86_64"
},
"product_reference": "openstack-glance-2014.2.4.dev5-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-glance-doc-2014.2.4.dev5-9.7.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.dev5-9.7.noarch"
},
"product_reference": "openstack-glance-doc-2014.2.4.dev5-9.7.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "openstack-heat-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-api-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-api-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "openstack-heat-api-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-doc-2014.2.4.dev13-9.8.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-doc-2014.2.4.dev13-9.8.noarch"
},
"product_reference": "openstack-heat-doc-2014.2.4.dev13-9.8.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-engine-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-heat-engine-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "openstack-heat-engine-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-2014.2.4.dev5-11.8.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-keystone-2014.2.4.dev5-11.8.x86_64"
},
"product_reference": "openstack-keystone-2014.2.4.dev5-11.8.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-keystone-doc-2014.2.4.dev5-11.12.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-keystone-doc-2014.2.4.dev5-11.12.noarch"
},
"product_reference": "openstack-keystone-doc-2014.2.4.dev5-11.12.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-sahara-2014.2.4.dev3-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-sahara-2014.2.4.dev3-9.5.x86_64"
},
"product_reference": "openstack-sahara-2014.2.4.dev3-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-sahara-api-2014.2.4.dev3-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-sahara-api-2014.2.4.dev3-9.5.x86_64"
},
"product_reference": "openstack-sahara-api-2014.2.4.dev3-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-sahara-doc-2014.2.4.dev3-9.5.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-sahara-doc-2014.2.4.dev3-9.5.noarch"
},
"product_reference": "openstack-sahara-doc-2014.2.4.dev3-9.5.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64"
},
"product_reference": "openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-suse-sudo-2014.2-9.2.noarch as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:openstack-suse-sudo-2014.2-9.2.noarch"
},
"product_reference": "openstack-suse-sudo-2014.2-9.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-ceilometer-2014.2.4.dev18-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-ceilometer-2014.2.4.dev18-9.7.x86_64"
},
"product_reference": "python-ceilometer-2014.2.4.dev18-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-cinder-2014.2.4.dev19-9.7.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-cinder-2014.2.4.dev19-9.7.x86_64"
},
"product_reference": "python-cinder-2014.2.4.dev19-9.7.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-glance-2014.2.4.dev5-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-glance-2014.2.4.dev5-9.5.x86_64"
},
"product_reference": "python-glance-2014.2.4.dev5-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-heat-2014.2.4.dev13-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-heat-2014.2.4.dev13-9.6.x86_64"
},
"product_reference": "python-heat-2014.2.4.dev13-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-keystone-2014.2.4.dev5-11.8.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-keystone-2014.2.4.dev5-11.8.x86_64"
},
"product_reference": "python-keystone-2014.2.4.dev5-11.8.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-oslo.i18n-1.3.1-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-oslo.i18n-1.3.1-9.6.x86_64"
},
"product_reference": "python-oslo.i18n-1.3.1-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-oslo.utils-1.4.0-14.2.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-oslo.utils-1.4.0-14.2.x86_64"
},
"product_reference": "python-oslo.utils-1.4.0-14.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-oslotest-1.2.0-2.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-oslotest-1.2.0-2.5.x86_64"
},
"product_reference": "python-oslotest-1.2.0-2.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-sahara-2014.2.4.dev3-9.5.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-sahara-2014.2.4.dev3-9.5.x86_64"
},
"product_reference": "python-sahara-2014.2.4.dev3-9.5.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-six-1.9.0-9.2.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:python-six-1.9.0-9.2.x86_64"
},
"product_reference": "python-six-1.9.0-9.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9684"
}
],
"notes": [
{
"category": "general",
"text": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:openstack-ceilometer-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch",
"SUSE OpenStack Cloud 5:openstack-cinder-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-api-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-doc-2014.2.4.dev19-9.12.noarch",
"SUSE OpenStack Cloud 5:openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.dev5-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.dev5-9.7.noarch",
"SUSE OpenStack Cloud 5:openstack-heat-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-doc-2014.2.4.dev13-9.8.noarch",
"SUSE OpenStack Cloud 5:openstack-heat-engine-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-keystone-2014.2.4.dev5-11.8.x86_64",
"SUSE OpenStack Cloud 5:openstack-keystone-doc-2014.2.4.dev5-11.12.noarch",
"SUSE OpenStack Cloud 5:openstack-sahara-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-sahara-api-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-sahara-doc-2014.2.4.dev3-9.5.noarch",
"SUSE OpenStack Cloud 5:openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-suse-sudo-2014.2-9.2.noarch",
"SUSE OpenStack Cloud 5:python-ceilometer-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:python-cinder-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:python-glance-2014.2.4.dev5-9.5.x86_64",
"SUSE OpenStack Cloud 5:python-heat-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:python-keystone-2014.2.4.dev5-11.8.x86_64",
"SUSE OpenStack Cloud 5:python-oslo.i18n-1.3.1-9.6.x86_64",
"SUSE OpenStack Cloud 5:python-oslo.utils-1.4.0-14.2.x86_64",
"SUSE OpenStack Cloud 5:python-oslotest-1.2.0-2.5.x86_64",
"SUSE OpenStack Cloud 5:python-sahara-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:python-six-1.9.0-9.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9684",
"url": "https://www.suse.com/security/cve/CVE-2014-9684"
},
{
"category": "external",
"summary": "SUSE Bug 918784 for CVE-2014-9684",
"url": "https://bugzilla.suse.com/918784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:openstack-ceilometer-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-central-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-api-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-collector-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-ceilometer-doc-2014.2.4.dev18-9.11.noarch",
"SUSE OpenStack Cloud 5:openstack-cinder-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-api-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-backup-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-doc-2014.2.4.dev19-9.12.noarch",
"SUSE OpenStack Cloud 5:openstack-cinder-scheduler-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-cinder-volume-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:openstack-glance-2014.2.4.dev5-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-glance-doc-2014.2.4.dev5-9.7.noarch",
"SUSE OpenStack Cloud 5:openstack-heat-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-cfn-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-heat-doc-2014.2.4.dev13-9.8.noarch",
"SUSE OpenStack Cloud 5:openstack-heat-engine-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:openstack-keystone-2014.2.4.dev5-11.8.x86_64",
"SUSE OpenStack Cloud 5:openstack-keystone-doc-2014.2.4.dev5-11.12.noarch",
"SUSE OpenStack Cloud 5:openstack-sahara-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-sahara-api-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-sahara-doc-2014.2.4.dev3-9.5.noarch",
"SUSE OpenStack Cloud 5:openstack-sahara-engine-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:openstack-suse-sudo-2014.2-9.2.noarch",
"SUSE OpenStack Cloud 5:python-ceilometer-2014.2.4.dev18-9.7.x86_64",
"SUSE OpenStack Cloud 5:python-cinder-2014.2.4.dev19-9.7.x86_64",
"SUSE OpenStack Cloud 5:python-glance-2014.2.4.dev5-9.5.x86_64",
"SUSE OpenStack Cloud 5:python-heat-2014.2.4.dev13-9.6.x86_64",
"SUSE OpenStack Cloud 5:python-keystone-2014.2.4.dev5-11.8.x86_64",
"SUSE OpenStack Cloud 5:python-oslo.i18n-1.3.1-9.6.x86_64",
"SUSE OpenStack Cloud 5:python-oslo.utils-1.4.0-14.2.x86_64",
"SUSE OpenStack Cloud 5:python-oslotest-1.2.0-2.5.x86_64",
"SUSE OpenStack Cloud 5:python-sahara-2014.2.4.dev3-9.5.x86_64",
"SUSE OpenStack Cloud 5:python-six-1.9.0-9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-08-25T08:34:56Z",
"details": "low"
}
],
"title": "CVE-2014-9684"
}
]
}
fkie_cve-2014-9684
Vulnerability from fkie_nvd
Published
2015-02-24 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html | Vendor Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2015-0938.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/72692 | ||
| cve@mitre.org | https://bugs.launchpad.net/glance/+bug/1371118 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2015-0938.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72692 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/glance/+bug/1371118 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | image_registry_and_delivery_service_\(glance\) | 2014.2 | |
| openstack | image_registry_and_delivery_service_\(glance\) | 2014.2.1 | |
| openstack | image_registry_and_delivery_service_\(glance\) | 2014.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
"matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAB5B21-2F3D-4A5D-9554-B7F984FF5D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "071E2B7B-5E6B-4108-8E46-5E72AC22B168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
},
{
"lang": "es",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 hasta 2014.2.2 no elimina correctamente las im\u00e1genes, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante la creaci\u00f3n de un n\u00famero grande de im\u00e1genes al utilizar una API v2 de tareas y posteriormente elimin\u00e1ndolas antes de que terminen las subidas, una vulnerabilidad diferente a CVE-2015-1881."
}
],
"id": "CVE-2014-9684",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-24T15:59:03.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72692"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-h737-q6g6-8wr6
Vulnerability from github
Published
2022-05-17 03:10
Modified
2024-11-26 18:25
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
Summary
OpenStack Glance Denial of service by creating a large number of images
Details
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "glance"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.0.0a0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-9684"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-14T21:32:19Z",
"nvd_published_at": "2015-02-24T15:59:00Z",
"severity": "HIGH"
},
"details": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.",
"id": "GHSA-h737-q6g6-8wr6",
"modified": "2024-11-26T18:25:27Z",
"published": "2022-05-17T03:10:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9684"
},
{
"type": "WEB",
"url": "https://github.com/openstack/glance/commit/7858d4d95154c8596720365e465cca7858cfec5c"
},
{
"type": "WEB",
"url": "https://github.com/openstack/glance/commit/a880c8e762e94b70c1e5d5692a3defcde734a601"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/glance"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-37.yaml"
},
{
"type": "WEB",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "OpenStack Glance Denial of service by creating a large number of images"
}
gsd-2014-9684
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9684",
"description": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.",
"id": "GSD-2014-9684",
"references": [
"https://www.suse.com/security/cve/CVE-2014-9684.html",
"https://access.redhat.com/errata/RHSA-2015:0938"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-9684"
],
"details": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.",
"id": "GSD-2014-9684",
"modified": "2023-12-13T01:22:48.548023Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1371118",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"name": "RHSA-2015:0938",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"name": "72692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72692"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9684"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1371118",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/glance/+bug/1371118"
},
{
"name": "RHSA-2015:0938",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
},
{
"name": "72692",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/72692"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-01-03T02:59Z",
"publishedDate": "2015-02-24T15:59Z"
}
}
}
rhsa-2015:0938
Vulnerability from csaf_redhat
Published
2015-05-05 13:08
Modified
2024-11-22 09:06
Summary
Red Hat Security Advisory: openstack-glance security and bug fix update
Notes
Topic
Updated openstack-glance packages that fix two security issues and several
bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
OpenStack Image Service (glance) provides discovery, registration, and
delivery services for disk and server images. It provides the ability to
copy or snapshot a server image, and immediately store it away. Stored
images can be used as a template to get new servers up and running quickly
and more consistently than installing a server operating system and
individually configuring additional services.
Multiple flaws were found in the glance task API that could cause untracked
image data to be left in the back end. A malicious user could use these
flaws to deliberately accumulate untracked image data, and cause a denial
of service via resource exhaustion. (CVE-2014-9684, CVE-2015-1881)
The openstack-glance packages have been upgraded to upstream version
2014.2.3, which provides a number of bug fixes over the previous version.
(BZ#1210457)
All openstack-glance users are advised to upgrade to these updated
packages, which correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openstack-glance packages that fix two security issues and several\nbugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenStack Image Service (glance) provides discovery, registration, and\ndelivery services for disk and server images. It provides the ability to\ncopy or snapshot a server image, and immediately store it away. Stored\nimages can be used as a template to get new servers up and running quickly\nand more consistently than installing a server operating system and\nindividually configuring additional services.\n\nMultiple flaws were found in the glance task API that could cause untracked\nimage data to be left in the back end. A malicious user could use these\nflaws to deliberately accumulate untracked image data, and cause a denial\nof service via resource exhaustion. (CVE-2014-9684, CVE-2015-1881)\n\nThe openstack-glance packages have been upgraded to upstream version\n2014.2.3, which provides a number of bug fixes over the previous version.\n(BZ#1210457)\n\nAll openstack-glance users are advised to upgrade to these updated\npackages, which correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:0938",
"url": "https://access.redhat.com/errata/RHSA-2015:0938"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/6/html/Release_Notes/index.html"
},
{
"category": "external",
"summary": "1194697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697"
},
{
"category": "external",
"summary": "1210457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210457"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_0938.json"
}
],
"title": "Red Hat Security Advisory: openstack-glance security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T09:06:23+00:00",
"generator": {
"date": "2024-11-22T09:06:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:0938",
"initial_release_date": "2015-05-05T13:08:26+00:00",
"revision_history": [
{
"date": "2015-05-05T13:08:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-05-05T13:08:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:06:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product": {
"name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-glance-0:2014.2.3-1.el7ost.src",
"product": {
"name": "openstack-glance-0:2014.2.3-1.el7ost.src",
"product_id": "openstack-glance-0:2014.2.3-1.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-glance@2014.2.3-1.el7ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-glance-store-0:0.1.10-3.el7ost.src",
"product": {
"name": "python-glance-store-0:0.1.10-3.el7ost.src",
"product_id": "python-glance-store-0:0.1.10-3.el7ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-glance-store@0.1.10-3.el7ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-glance-0:2014.2.3-1.el7ost.noarch",
"product": {
"name": "openstack-glance-0:2014.2.3-1.el7ost.noarch",
"product_id": "openstack-glance-0:2014.2.3-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-glance@2014.2.3-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"product": {
"name": "openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"product_id": "openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-glance-doc@2014.2.3-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-glance-0:2014.2.3-1.el7ost.noarch",
"product": {
"name": "python-glance-0:2014.2.3-1.el7ost.noarch",
"product_id": "python-glance-0:2014.2.3-1.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-glance@2014.2.3-1.el7ost?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-glance-store-0:0.1.10-3.el7ost.noarch",
"product": {
"name": "python-glance-store-0:0.1.10-3.el7ost.noarch",
"product_id": "python-glance-store-0:0.1.10-3.el7ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-glance-store@0.1.10-3.el7ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-glance-0:2014.2.3-1.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch"
},
"product_reference": "openstack-glance-0:2014.2.3-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-glance-0:2014.2.3-1.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src"
},
"product_reference": "openstack-glance-0:2014.2.3-1.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-glance-doc-0:2014.2.3-1.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch"
},
"product_reference": "openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-glance-0:2014.2.3-1.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch"
},
"product_reference": "python-glance-0:2014.2.3-1.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-glance-store-0:0.1.10-3.el7ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch"
},
"product_reference": "python-glance-store-0:0.1.10-3.el7ost.noarch",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-glance-store-0:0.1.10-3.el7ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7",
"product_id": "7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
},
"product_reference": "python-glance-store-0:0.1.10-3.el7ost.src",
"relates_to_product_reference": "7Server-RH7-RHOS-6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-9684",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2015-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1194697"
}
],
"notes": [
{
"category": "description",
"text": "Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-glance: potential resource exhaustion and denial of service using images manipulation API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-9684"
},
{
"category": "external",
"summary": "RHBZ#1194697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-9684",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9684"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9684",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9684"
}
],
"release_date": "2015-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-05T13:08:26+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise\nLinux 7.1.\n\nThe Red Hat Enterprise Linux OpenStack Platform 6 Release Notes (see\nReferences section) contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat Enterprise Linux OpenStack Platform 6,\nincluding which channels need to be enabled and disabled.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0938"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-glance: potential resource exhaustion and denial of service using images manipulation API"
},
{
"cve": "CVE-2015-1881",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2015-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1194697"
}
],
"notes": [
{
"category": "description",
"text": "Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openstack-glance: potential resource exhaustion and denial of service using images manipulation API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-1881"
},
{
"category": "external",
"summary": "RHBZ#1194697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1194697"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-1881",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1881"
}
],
"release_date": "2015-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-05-05T13:08:26+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system have been applied.\n\nRed Hat Enterprise Linux OpenStack Platform 6 runs on Red Hat Enterprise\nLinux 7.1.\n\nThe Red Hat Enterprise Linux OpenStack Platform 6 Release Notes (see\nReferences section) contain the following:\n* An explanation of the way in which the provided components interact to\nform a working cloud computing environment.\n* Technology Previews, Recommended Practices, and Known Issues.\n* The channels required for Red Hat Enterprise Linux OpenStack Platform 6,\nincluding which channels need to be enabled and disabled.\n\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:0938"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:openstack-glance-0:2014.2.3-1.el7ost.src",
"7Server-RH7-RHOS-6.0:openstack-glance-doc-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-0:2014.2.3-1.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.noarch",
"7Server-RH7-RHOS-6.0:python-glance-store-0:0.1.10-3.el7ost.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openstack-glance: potential resource exhaustion and denial of service using images manipulation API"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…