Candidate: CVE-2014-9684
PublicDate: 2015-02-24 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9684
 http://seclists.org/oss-sec/2015/q1/600
 http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html
Description:
 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through
 2014.2.2 does not properly remove images, which allows remote authenticated
 users to cause a denial of service (disk consumption) by creating a large
 number of images using the task v2 API and then deleting them before the
 uploads finish, a different vulnerability than CVE-2015-1881.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/glance/+bug/1422716
 https://bugs.launchpad.net/glance/+bug/1371118
Priority: medium
Discovered-by: Mike Fedosin
Assigned-to: mdeslaur
CVSS: 

Patches_glance:
 upstream: https://review.openstack.org/#/c/122427/ (kilo)
 upstream: https://review.openstack.org/#/c/157067/ (juno)
upstream_glance: needs-triage
lucid_glance: DNE
precise_glance: not-affected (code not present)
trusty_glance: not-affected (code not present)
trusty/esm_glance: DNE (trusty was not-affected [code not present])
utopic_glance: not-affected (1:2014.2.3-0ubuntu1)
vivid_glance: not-affected (1:2015.1~b2-0ubuntu1)
devel_glance: not-affected (1:2015.1~b2-0ubuntu1)