DescriptionMurray McAllister
2014-04-08 03:09:32 UTC
A flaw was found in the Glance Sheepdog backend. A user who is able to insert or modify Glance image metadata could use this flaw to execute arbitrary commands with the privileges of the user who is running the Glance service.
Versions 2013.2 up to 2013.2.3 are affected.
Acknowledgements:
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Paul McMillan (Nebula) as the original reporter.
Comment 6Murray McAllister
2014-04-11 11:34:23 UTC
Comment 10Fedora Update System
2014-05-13 05:03:26 UTC
openstack-glance-2013.2.3-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.