Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the imagesizecap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "glance", "binary_version": "1:2014.1.2-0ubuntu1.1" }, { "binary_name": "glance-api", "binary_version": "1:2014.1.2-0ubuntu1.1" }, { "binary_name": "glance-common", "binary_version": "1:2014.1.2-0ubuntu1.1" }, { "binary_name": "glance-registry", "binary_version": "1:2014.1.2-0ubuntu1.1" }, { "binary_name": "python-glance", "binary_version": "1:2014.1.2-0ubuntu1.1" }, { "binary_name": "python-glance-doc", "binary_version": "1:2014.1.2-0ubuntu1.1" } ] }