On November 8, Canonical published in a security notice details about a Glance vulnerability for its Ubuntu 12.10 (Quantal Quetzal) and Ubuntu 12.04 LTS (Precise Pangolin) operating systems.
According to Canonical, Glance could have been made to delete arbitrary images.
It was discovered that Glance had not always properly enforced access controls when deleting images. An authenticated user could have deleted arbitrary images by using the v1 API, under certain circumstances.
For a more detailed description of the security problem, you can visit Canonical's security
notification.
Users can simply fix the security flaws by upgrading the operating systems to the latest python-glance package, specific to each distribution.
A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
