UbuntuUpdates.org

Package "glance-common"

Name: glance-common

Description:

OpenStack Image Registry and Delivery Service - Common

Latest version: 2:28.0.1-0ubuntu1.2
Release: noble (24.04)
Level: updates
Repository: main
Head package: glance
Homepage: https://launchpad.net/glance

Links


Download "glance-common"


Other versions of "glance-common" in Noble

Repository Area Version
base main 2:28.0.1-0ubuntu1
security main 2:28.0.1-0ubuntu1.2

Changelog

Version: 2:28.0.1-0ubuntu1.2 2024-07-08 16:07:22 UTC

  glance (2:28.0.1-0ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - CVE-2024-32498

 -- Marc Deslauriers <email address hidden> Fri, 28 Jun 2024 16:43:09 -0400

CVE-2024-32498 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom



About   -   Send Feedback to @ubuntu_updates