Glance Exploit Fixed in Ubuntu 12.10 and Ubuntu 12.04

Just perform a system update and the problem will be corrected

By on November 9th, 2012 14:09 GMT

On November 8, Canonical published in a security notice details about a Glance vulnerability for its Ubuntu 12.10 (Quantal Quetzal) and Ubuntu 12.04 LTS (Precise Pangolin) operating systems.

According to Canonical, Glance could have been made to delete arbitrary images.

It was discovered that Glance had not always properly enforced access controls when deleting images. An authenticated user could have deleted arbitrary images by using the v1 API, under certain circumstances.

For a more detailed description of the security problem, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest python-glance package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments