| |||||||||||||||||||
Fedora alert FEDORA-2012-18085 (openstack-glance)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2012-18085 2012-11-13 00:32:23 -------------------------------------------------------------------------------- Name : openstack-glance Product : Fedora 17 Version : 2012.1.2 Release : 2.fc17 URL : http://glance.openstack.org Summary : OpenStack Image Service Description : OpenStack Image Service (code-named Glance) provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images. This package contains the API and registry servers. -------------------------------------------------------------------------------- Update Information: - Fix Glance Authentication bypass for image deletion - Update to stable/essex 2012.1.2 including... - Support zero-size image creation via the v1 API - Allow admins to share images regardless of owner - Log sensitive store info, rather than exposing over API - Fix the qpid_heartbeat option to avoid connection timeouts - Fix image.upload notification to not send stale metadata - Include chunk_name in swift debug message - Fix scrubber exception when microsecs in DB (PostgreSQL) dates -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 12 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.2-2 - Fix Glance Authentication bypass for image deletion (CVE-2012-4573) * Mon Nov 12 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.2-1 - Update to stable/essex 2012.1.2 including... - Support zero-size image creation via the v1 API - Allow admins to share images regardless of owner - Log sensitive store info, rather than exposing over API - Fix the qpid_heartbeat option to avoid connection timeouts - Fix image.upload notification to not send stale metadata - Include chunk_name in swift debug message - Fix scrubber exception when microsecs in DB (PostgreSQL) dates * Mon Jul 9 2012 Pádraig Brady <P@draigBrady.com> - 2012.1.1-1 - Update to stable/essex 2012.1.1 - Remove world readable bit on sensitive config files * Tue May 22 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-8 - Fix an issue with glance-manage db_sync (#823702) * Mon May 21 2012 Pádraig Brady <P@draigBrady.com> - 2012.1-6 - Sync with essex stable - Don't auto create database on service start - Remove openstack-glance-db-setup. use openstack-db instead * Fri May 18 2012 Alan Pevec <apevec@redhat.com> - 2012.1-5 - Drop hard dep on python-kombu, notifications are configurable -------------------------------------------------------------------------------- References: [ 1 ] Bug #874567 - CVE-2012-4573, CVE-2012-5482 OpenStack: Glance Authentication bypass for image deletion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=874567 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openstack-glance' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||