Ubuntu Update For Glance USN-1764-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.

Affected

glance on Ubuntu 12.10 , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2013-1840

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Ubuntu Update for dbus-glib USN-1138-1
Ubuntu Update for apt USN-1477-1
Ubuntu Update for libconfig-inifiles-perl USN-1543-1
Ubuntu Update for dbus vulnerability USN-401-1
Ubuntu Update for linux USN-1275-1

Ubuntu Update for glance USN-1764-1

Take action and discover your vulnerabilities