SUSE Security Update: Security update for openstack-glance
Announcement ID: SUSE-SU-2012:1455-1
SUSE Cloud 1.0
An update that fixes one vulnerability is now available.
OpenStack glance had a bug where image deletion was allowed
for all logged in users (CVE-2012-4573). This has been
Security Issue reference:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-openstack-glance-7033
To bring your system up-to-date, use "zypper patch".
- SUSE Cloud 1.0 (x86_64):
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
With the release of ruby on Monday 5th of November the SUSE sponsored
maintenance of openSUSE 11.4 has ended.
openSUSE 11.4 is now officially discontinued and out of support by SUSE.
openSUSE 11.4 was the first openSUSE distribution maintained using
OpenBuildService methods (known as "OBS Maintenance"), allowing full
community participation. We also migrated it from the old internal
SUSE method to the OBS method on the fly during the lifetime without any
openSUSE 11.4 will be continued to be maintained by the Evergreen
community team. Their wikipage is on http://en.opensuse.org/Evergreen ,
please check it out for more information.
Here are some statistics:
openSUSE 11.4 was released on March 4th 2011, making it 20 months
of security and bugfix support. (2 openSUSE releases + 2 months)
Some statistics on the released patches (compared to 11.3):
Total updates: 723 (+142)
Security: 416 (+58)
Recommended: 306 (+85)
Optional: 1 (-1)
Quite some increase on updates, both security and bugfix wise.
Some of this is due to the 2 months increased lifetime compared to
openSUSE 11.3, some of this is due to a more open community bugfix
CVE Entries: 1113 (-99)
Top issues (compared to 11.3 for issues down to 5)
10 seamonkey (-4)
10 MozillaFirefox (-2)
9 php5 (+4)
9 MozillaThunderbird (-2)
8 flash-player (-4)
6 wireshark (+1)
6 opera (-4)
6 java-1_6_0-openjdk (-1)
6 bind ( 0)
5 openssl (-2)
5 libpng14 (new)
5 icedtea-web (new)
And top issues sorted by CVE (Common Vulnerability Enumeration) count down to 10)
(comparison to 11.3 for some ... but due to the OBS maintenance migration some
CVEs are not easily accounted for)
139 MozillaThunderbird (+26)
139 MozillaFirefox (+28)
135 seamonkey (-3)
67 kernel (-61)
44 flash-player (+38)