Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 17 Update: openstack-glance-2012.1.2-2.fc17
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Wednesday 21st November 2012 04:05:54 UTC (over 4 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-18085
2012-11-13 00:32:23
--------------------------------------------------------------------------------

Name        : openstack-glance
Product     : Fedora 17
Version     : 2012.1.2
Release     : 2.fc17
URL         : http://glance.openstack.org
Summary     : OpenStack Image Service
Description :
OpenStack Image Service (code-named Glance) provides discovery,
registration,
and delivery services for virtual disk images. The Image Service API server
provides a standard REST interface for querying information about virtual
disk
images stored in a variety of back-end stores, including OpenStack Object
Storage. Clients can register new virtual disk images with the Image
Service,
query for information on publicly available disk images, and use the Image
Service's client library for streaming virtual disk images.

This package contains the API and registry servers.

--------------------------------------------------------------------------------
Update Information:

- Fix Glance Authentication bypass for image deletion
- Update to stable/essex 2012.1.2 including...
- Support zero-size image creation via the v1 API
- Allow admins to share images regardless of owner
- Log sensitive store info, rather than exposing over API
- Fix the qpid_heartbeat option to avoid connection timeouts
- Fix image.upload notification to not send stale metadata
- Include chunk_name in swift debug message
- Fix scrubber exception when microsecs in DB (PostgreSQL) dates

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 12 2012 Pádraig Brady  - 2012.1.2-2
- Fix Glance Authentication bypass for image deletion (CVE-2012-4573)
* Mon Nov 12 2012 Pádraig Brady  - 2012.1.2-1
- Update to stable/essex 2012.1.2 including...
- Support zero-size image creation via the v1 API
- Allow admins to share images regardless of owner
- Log sensitive store info, rather than exposing over API
- Fix the qpid_heartbeat option to avoid connection timeouts
- Fix image.upload notification to not send stale metadata
- Include chunk_name in swift debug message
- Fix scrubber exception when microsecs in DB (PostgreSQL) dates
* Mon Jul  9 2012 Pádraig Brady  - 2012.1.1-1
- Update to stable/essex 2012.1.1
- Remove world readable bit on sensitive config files
* Tue May 22 2012 Pádraig Brady  - 2012.1-8
- Fix an issue with glance-manage db_sync (#823702)
* Mon May 21 2012 Pádraig Brady  - 2012.1-6
- Sync with essex stable
- Don't auto create database on service start
- Remove openstack-glance-db-setup. use openstack-db instead
* Fri May 18 2012 Alan Pevec  - 2012.1-5
- Drop hard dep on python-kombu, notifications are configurable
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #874567 - CVE-2012-4573, CVE-2012-5482 OpenStack: Glance
Authentication bypass for image deletion [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=874567
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openstack-glance' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 2ms