You might be running an older Havana, IIRC the bug lists Havana3 and Havana4 as vulnerable.
> On Jan 7, 2015, at 8:47 PM, George Shuklin <[email protected]> wrote: > > I spend few hours trying to backport to Havana, but than I found, that > Havana seems be immune to the bug. I'm not 100% sure, so someone else > advised to look too. > > The bug was that icehouse+ accepts all supported schemas. Fix excludes 'bad' > schemes. Although Havana have explicitly given list of accepted schemes for > location field, and 'bad' schemes are not in it. > > On Jan 6, 2015 8:34 PM, "Jesse Keating" <[email protected] > <mailto:[email protected]>> wrote: > Hopefully all of you have seen http://seclists.org/oss-sec/2015/q1/64 > <http://seclists.org/oss-sec/2015/q1/64> which is the glance v2 api directory > traversal bug. Upstream has fixed master (kilo) and juno, but havana has not > been fixed. > > We, unfortunately, have a few havana installs out there and we'd like to > patch this ahead of our planned upgrade to Juno. I'm curious if anybody else > out there is in the same situation and is working on backporting the glance > patch. If not, I'll share the patch when I'm done, but if so I'd love to > share in the work and help the effort. > > Cheers, and happy patching! > > -- > -jlk > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > <mailto:[email protected]> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators> > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
