Oracle Solaris Third-Party Patch Update : glance (cve_2014_5356_permissions_privileges)
Medium Nessus Plugin ID 80624
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
SolutionUpgrade to Solaris 22.214.171.124.0.