Ubuntu 12.10 : glance vulnerability (USN-1626-2)
Medium Nessus Plugin ID 62888
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionUSN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update provides the corresponding updates for the v2 API.
Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected python-glance package.