Glance Exploit Fixed in Ubuntu 12.10 and Ubuntu 13.04

Users must update the system in order to fix this problem

By on October 24th, 2013 20:01 GMT

On October 23, in a security notice, Canonical published details about a Glance vulnerability in its Ubuntu 13.04 (Raring Ringtail) and Ubuntu 12.10 (Quantal Quetzal) operating systems.

According to the company, Glance could have been made to expose sensitive information over the network, under certain circumstances.

It has been discovered that Glance did not properly enforce the “download_image” policy for cached images. An authenticated user could have exploited this to obtain sensitive information in an image protected by this particular setting.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest python-glance package specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. Users don't need to restart the system in order to fix the problem.

Comments