CVE-2012-5482

Published: 11 November 2012

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

Priority

Status

Package	Release	Status
glance Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	oneiric	Not vulnerable
	precise	Not vulnerable
	quantal	Released (2012.2-0ubuntu2.3)
	upstream	Released (2012.1.1-3)

References

https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
https://bugs.launchpad.net/glance/+bug/1076506
http://www.openwall.com/lists/oss-security/2012/11/09/5
http://www.openwall.com/lists/oss-security/2012/11/09/1
http://www.openwall.com/lists/oss-security/2012/11/08/2
http://www.openwall.com/lists/oss-security/2012/11/07/6
http://secunia.com/advisories/51174
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
https://ubuntu.com/security/notices/USN-1626-2
https://www.cve.org/CVERecord?id=CVE-2012-5482
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692641

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›