CVE-2014-5356

Priority
Medium
Description
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4,
2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does
not properly enforce the image_size_cap configuration option, which allows
remote authenticated users to cause a denial of service (disk consumption)
by uploading a large image.
References
Bugs
Assigned-to
jdstrand
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code-not-present)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.2-0ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:2014.2~b3-0ubuntu3)
Patches:
Upstream:https://git.openstack.org/cgit/openstack/glance/commit/?id=92ab00fca6926eaf3f7f92a955a5e07140063718 (master)
Upstream:https://git.openstack.org/cgit/openstack/glance/commit/?id=31a4d1852a0c27bac5757c192f300f051229a312 (icehouse)
Upstream:https://git.openstack.org/cgit/openstack/glance/commit/?id=12f43cfed5a47cd16f08b7dad2424da0fc362e47 (havana)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-09-15 16:14:33 UTC (commit 8484)