CVE-2012-5482

Publication date 11 November 2012

Last updated 24 July 2024

Ubuntu priority

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glance	12.10 quantal	Fixed 2012.2-0ubuntu2.3
	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
https://bugs.launchpad.net/glance/+bug/1076506
http://www.openwall.com/lists/oss-security/2012/11/09/5
http://www.openwall.com/lists/oss-security/2012/11/09/1
http://www.openwall.com/lists/oss-security/2012/11/08/2
http://www.openwall.com/lists/oss-security/2012/11/07/6
http://secunia.com/advisories/51174
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
https://www.cve.org/CVERecord?id=CVE-2012-5482