Bug 1019572 (CVE-2013-4428)
Summary: | CVE-2013-4428 OpenStack Glance: image_download policy not enforced for cached images | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | akscram, alexander.sakhnov, aortega, apevec, apevec, ayoung, bfilippov, breu, chrisw, dallan, d.busby, eglynn, fpercoco, gkotton, gmollett, iheim, itamar, Jan.van.Eldik, jbresnah, jonathansteffan, jose.castro.leon, lhh, lpeer, markmc, mlvov, mmagr, ndipanov, nsantos, p, rbryant, rhos-maint, sclewis, sdake, yeylon | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2014-03-28 00:39:25 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1019575, 1019576, 1019577, 1019580, 1019581 | ||||||||
Bug Blocks: | 1019573 | ||||||||
Attachments: |
|
Description
Kurt Seifried
2013-10-16 06:07:41 UTC
Acknowledgements: Red Hat would like to thank the OpenStack Project for reporting this issue. The OpenStack Project acknowledges Stuart McLaren from HP as the original reporter. Created openstack-glance tracking bugs for this issue: Affects: fedora-all [bug 1019580] Affects: epel-6 [bug 1019581] Created attachment 814782 [details] CVE-2013-4428.folsom.diff Created attachment 814783 [details] CVE-2013-4428.grizzly.diff This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1525 https://rhn.redhat.com/errata/RHSA-2013-1525.html |