RHSA-2012:1558

Vulnerability from csaf_redhat - Published: 2012-12-10 20:57 - Updated: 2025-11-21 17:41
Summary
Red Hat Security Advisory: openstack-glance security update

Notes

Topic
Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex.
Details
The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications. The openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version. A flaw in Keystone allowed an attacker with access to the web and network interfaces to delete arbitrary, non-protected images from Glance servers. (CVE-2012-4573) Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Gabe Westmaas as the original reporter of CVE-2012-4573. All users of openstack-glance are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to other applications.\n\nThe openstack-glance packages have been upgraded to upstream version 2012.1.2, which provide a number of bug fixes and enhancements over the previous version.\n\nA flaw in Keystone allowed an attacker with access to the web and network  \ninterfaces to delete arbitrary, non-protected images from Glance servers. \n(CVE-2012-4573) \n\nRed Hat would like to thank the OpenStack project for reporting this\nissue. Upstream acknowledges Gabe Westmaas as the original reporter of\nCVE-2012-4573.\n\nAll users of openstack-glance are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the Glance services (openstack-glance-api and openstack-glance-registry) will be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2012:1558",
        "url": "https://access.redhat.com/errata/RHSA-2012:1558"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "872302",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872302"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1558.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-glance security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:41:40+00:00",
      "generator": {
        "date": "2025-11-21T17:41:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2012:1558",
      "initial_release_date": "2012-12-10T20:57:00+00:00",
      "revision_history": [
        {
          "date": "2012-12-10T20:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2012-12-10T21:00:25+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:41:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOS Essex Release",
                "product": {
                  "name": "RHOS Essex Release",
                  "product_id": "6Server-Essex",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-doc-0:2012.1.2-2.el6.noarch",
                "product": {
                  "name": "openstack-glance-doc-0:2012.1.2-2.el6.noarch",
                  "product_id": "openstack-glance-doc-0:2012.1.2-2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance-doc@2012.1.2-2.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-glance-0:2012.1.2-2.el6.noarch",
                "product": {
                  "name": "openstack-glance-0:2012.1.2-2.el6.noarch",
                  "product_id": "openstack-glance-0:2012.1.2-2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2012.1.2-2.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-glance-0:2012.1.2-2.el6.noarch",
                "product": {
                  "name": "python-glance-0:2012.1.2-2.el6.noarch",
                  "product_id": "python-glance-0:2012.1.2-2.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-glance@2012.1.2-2.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-glance-0:2012.1.2-2.el6.src",
                "product": {
                  "name": "openstack-glance-0:2012.1.2-2.el6.src",
                  "product_id": "openstack-glance-0:2012.1.2-2.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-glance@2012.1.2-2.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2012.1.2-2.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.noarch"
        },
        "product_reference": "openstack-glance-0:2012.1.2-2.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-0:2012.1.2-2.el6.src as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.src"
        },
        "product_reference": "openstack-glance-0:2012.1.2-2.el6.src",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-glance-doc-0:2012.1.2-2.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-glance-doc-0:2012.1.2-2.el6.noarch"
        },
        "product_reference": "openstack-glance-doc-0:2012.1.2-2.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-glance-0:2012.1.2-2.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:python-glance-0:2012.1.2-2.el6.noarch"
        },
        "product_reference": "python-glance-0:2012.1.2-2.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "OpenStack project"
          ]
        }
      ],
      "cve": "CVE-2012-4573",
      "discovery_date": "2012-11-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "872302"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenStack: Glance Authentication bypass for image deletion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.noarch",
          "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.src",
          "6Server-Essex:openstack-glance-doc-0:2012.1.2-2.el6.noarch",
          "6Server-Essex:python-glance-0:2012.1.2-2.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4573"
        },
        {
          "category": "external",
          "summary": "RHBZ#872302",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=872302"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4573",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4573"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4573",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4573"
        }
      ],
      "release_date": "2012-11-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-12-10T20:57:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata relevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.noarch",
            "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.src",
            "6Server-Essex:openstack-glance-doc-0:2012.1.2-2.el6.noarch",
            "6Server-Essex:python-glance-0:2012.1.2-2.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1558"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.noarch",
            "6Server-Essex:openstack-glance-0:2012.1.2-2.el6.src",
            "6Server-Essex:openstack-glance-doc-0:2012.1.2-2.el6.noarch",
            "6Server-Essex:python-glance-0:2012.1.2-2.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "OpenStack: Glance Authentication bypass for image deletion"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.