CVE-2012-4573

Publication date 7 November 2012

Last updated 24 July 2024

Ubuntu priority

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glance	12.10 quantal	Fixed 2012.2-0ubuntu2.3
	12.04 LTS precise	Fixed 2012.1.3+stable~20120821-120fcf-0ubuntu1.2
	11.10 oneiric	Not affected
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Notes

jdstrand

Diablo (in Ubuntu 11.10) not affected per upstream also affects v2 api in Folsom+ (Ubuntu 12.10+)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glance	Upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=efd7e75b1f419a52c7103c7840e24af8e5deb29d Upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=90bcdc5a89e350a358cf320a03f5afe99795f6f6 Upstream: https://review.openstack.org/gitweb?p=openstack/glance.git;a=patch;h=fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3

CVE-2012-4573

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references