| 2015-05-12 06:37:02 |
Abhishek Kekane |
bug |
|
|
added bug |
| 2015-05-12 06:38:09 |
Abhishek Kekane |
bug |
|
|
added subscriber Tushar Patil |
| 2015-05-12 06:38:27 |
Abhishek Kekane |
bug |
|
|
added subscriber Kentaro Takeda |
| 2015-05-12 08:15:48 |
Kentaro Takeda |
bug |
|
|
added subscriber Takuya Tobinai |
| 2015-05-12 11:47:16 |
Jeremy Stanley |
bug task added |
|
ossa |
|
| 2015-05-12 11:47:31 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
| 2015-05-12 11:47:50 |
Jeremy Stanley |
bug |
|
|
added subscriber Glance Core security contacts |
| 2015-05-12 11:48:12 |
Jeremy Stanley |
description |
Image data stays in store if image is deleted after creating image using import task
Trying to delete image created using task api (import-from) image gets deleted from the database, but image data remains in the backend.
Steps to reproduce:
1. Create image using task api
$ curl -i -X POST -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/json' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'X-Auth-Token: 35a9e49237b74eddbe5057eb434b3f9e' -d '{"type": "import", "input": {"import_from": "http://releases.ubuntu.com/14.10/ubuntu-14.10-server-i386.iso", "import_from_format": "raw", "image_properties": {"disk_format": "raw", "container_format": "bare", "name": "task_image"}}}' http://10.69.4.176:9292/v2/tasks
2. wait until image becomes active.
3. Confirm image is in active state.
$ glance image-list
4. Delete the image
$ glance image-delete <image-id>
5. Verify image-list does not show deleted image
$ glance image-list
Image gets deleted from the database but image data presents in the backend.
Note:
This issue is fixed in master by this patch https://review.openstack.org/#/c/181345/4
This issue will be resolved by back-porting above patch to stable/kilo.
Affected branches: stable/kilo |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
Image data stays in store if image is deleted after creating image using import task
Trying to delete image created using task api (import-from) image gets deleted from the database, but image data remains in the backend.
Steps to reproduce:
1. Create image using task api
$ curl -i -X POST -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/json' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'X-Auth-Token: 35a9e49237b74eddbe5057eb434b3f9e' -d '{"type": "import", "input": {"import_from": "http://releases.ubuntu.com/14.10/ubuntu-14.10-server-i386.iso", "import_from_format": "raw", "image_properties": {"disk_format": "raw", "container_format": "bare", "name": "task_image"}}}' http://10.69.4.176:9292/v2/tasks
2. wait until image becomes active.
3. Confirm image is in active state.
$ glance image-list
4. Delete the image
$ glance image-delete <image-id>
5. Verify image-list does not show deleted image
$ glance image-list
Image gets deleted from the database but image data presents in the backend.
Note:
This issue is fixed in master by this patch https://review.openstack.org/#/c/181345/4
This issue will be resolved by back-porting above patch to stable/kilo.
Affected branches: stable/kilo |
|
| 2015-07-02 17:42:38 |
Tristan Cacqueray |
ossa: status |
Incomplete |
Triaged |
|
| 2015-07-02 17:42:40 |
Tristan Cacqueray |
ossa: assignee |
|
Tristan Cacqueray (tristan-cacqueray) |
|
| 2015-07-12 14:10:43 |
Tristan Cacqueray |
summary |
Image data stays in store if image is deleted after creating image using import task |
Image data stays in store if image is deleted after creating image using import task (CVE-2015-3289) |
|
| 2015-07-12 14:11:01 |
Tristan Cacqueray |
cve linked |
|
2015-3289 |
|
| 2015-07-15 22:50:47 |
Grant Murphy |
ossa: status |
Triaged |
Fix Committed |
|
| 2015-07-28 15:27:58 |
Grant Murphy |
ossa: status |
Fix Committed |
Fix Released |
|
| 2015-07-28 15:28:10 |
Grant Murphy |
information type |
Private Security |
Public |
|
| 2015-07-28 15:31:02 |
Grant Murphy |
description |
This issue is being treated as a potential security risk under embargo. Please do not make any public mention of embargoed (private) security vulnerabilities before their coordinated publication by the OpenStack Vulnerability Management Team in the form of an official OpenStack Security Advisory. This includes discussion of the bug or associated fixes in public forums such as mailing lists, code review systems and bug trackers. Please also avoid private disclosure to other individuals not already approved for access to this information, and provide this same reminder to those who are made aware of the issue prior to publication. All discussion should remain confined to this private bug report, and any proposed fixes should be added to the bug as attachments.
Image data stays in store if image is deleted after creating image using import task
Trying to delete image created using task api (import-from) image gets deleted from the database, but image data remains in the backend.
Steps to reproduce:
1. Create image using task api
$ curl -i -X POST -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/json' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'X-Auth-Token: 35a9e49237b74eddbe5057eb434b3f9e' -d '{"type": "import", "input": {"import_from": "http://releases.ubuntu.com/14.10/ubuntu-14.10-server-i386.iso", "import_from_format": "raw", "image_properties": {"disk_format": "raw", "container_format": "bare", "name": "task_image"}}}' http://10.69.4.176:9292/v2/tasks
2. wait until image becomes active.
3. Confirm image is in active state.
$ glance image-list
4. Delete the image
$ glance image-delete <image-id>
5. Verify image-list does not show deleted image
$ glance image-list
Image gets deleted from the database but image data presents in the backend.
Note:
This issue is fixed in master by this patch https://review.openstack.org/#/c/181345/4
This issue will be resolved by back-porting above patch to stable/kilo.
Affected branches: stable/kilo |
Image data stays in store if image is deleted after creating image using import task
Trying to delete image created using task api (import-from) image gets deleted from the database, but image data remains in the backend.
Steps to reproduce:
1. Create image using task api
$ curl -i -X POST -H 'User-Agent: python-glanceclient' -H 'Content-Type: application/json' -H 'Accept-Encoding: gzip, deflate, compress' -H 'Accept: */*' -H 'X-Auth-Token: 35a9e49237b74eddbe5057eb434b3f9e' -d '{"type": "import", "input": {"import_from": "http://releases.ubuntu.com/14.10/ubuntu-14.10-server-i386.iso", "import_from_format": "raw", "image_properties": {"disk_format": "raw", "container_format": "bare", "name": "task_image"}}}' http://10.69.4.176:9292/v2/tasks
2. wait until image becomes active.
3. Confirm image is in active state.
$ glance image-list
4. Delete the image
$ glance image-delete <image-id>
5. Verify image-list does not show deleted image
$ glance image-list
Image gets deleted from the database but image data presents in the backend.
Note:
This issue is fixed in master by this patch https://review.openstack.org/#/c/181345/4
This issue will be resolved by back-porting above patch to stable/kilo.
Affected branches: stable/kilo |
|
| 2021-02-02 16:23:54 |
Erno Kuvaja |
glance: status |
New |
Fix Released |
|
