|
|
Log in / Subscribe / Register

Ubuntu alert USN-8111-1 (glance)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8111-1] OpenStack Glance vulnerability


Date:
              Thu, 19 Mar 2026 18:42:24 +0000


Message-ID:
              <E1w3IK8-0005Sf-LT@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-8111-1
March 19, 2026

glance vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

OpenStack Glance could be made to perform server-side request forgery

Software Description:
- glance: OpenStack Image Registry and Delivery Service

Details:

It was discovered that OpenStack Glance was incorrectly validating the IP
addresses and the redirect destination URL when downloading or importing
images from a remote source. An attacker could possibly use this issue to
perform server-side request forgery and obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  glance                          2:31.0.0-0ubuntu1.2
  glance-api                      2:31.0.0-0ubuntu1.2
  glance-common                   2:31.0.0-0ubuntu1.2
  python-glance-doc               2:31.0.0-0ubuntu1.2
  python3-glance                  2:31.0.0-0ubuntu1.2

Ubuntu 24.04 LTS
  glance                          2:28.1.0-0ubuntu1.2
  glance-api                      2:28.1.0-0ubuntu1.2
  glance-common                   2:28.1.0-0ubuntu1.2
  python-glance-doc               2:28.1.0-0ubuntu1.2
  python3-glance                  2:28.1.0-0ubuntu1.2

Ubuntu 22.04 LTS
  glance                          2:24.2.1-0ubuntu1.4
  glance-api                      2:24.2.1-0ubuntu1.4
  glance-common                   2:24.2.1-0ubuntu1.4
  python-glance-doc               2:24.2.1-0ubuntu1.4
  python3-glance                  2:24.2.1-0ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8111-1
  https://bugs.launchpad.net/glance/+bug/2138602

Package Information:
  https://launchpad.net/ubuntu/+source/glance/2:31.0.0-0ubu...
  https://launchpad.net/ubuntu/+source/glance/2:28.1.0-0ubu...
  https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubu...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmm8NG8ACgkQcpJm3tlz
hgHyaxAAhxU/NGK/wWZSabSHhAyAJkqQruwyJopQr/oG08nXgJLA9KDnj1oInmvq
vSZ0JHRSi19gs/0zO3p+KS5Utmp4RCcZ6dWfkXber8otQYCKfRG5G5SzSOzmvgYc
TCRdFXO+KGregXNkWBuV0trw83wTWrxCN7e8ga4U6cpJIVGOSxZQjFhUKr+XFuI/
ujwt0f2SyaKSU+lVqcgTkKK/VTnwMP8IBc63QyqK5lMywL8iXs58JrmsF18BnnR3
aL7lJjZ7TEyrWBNUweCXRYIFuAcIMglx3rtUtVOlJ1pckQW4vF1xDzWdrMrj0jiD
kX3cKFzU2+jeuxfuVoj8WSg/ZAPrx0NtNnX2DVMURwg/SxUTm4Hv0fCiTyb9JGx0
Mq1k1vvZzc/05t+N/ihTrdv9DWD6vdJU7TG1C6RtsBOxUhWbaMfTKvYjBL3JTO7E
6ula7o6azzqlaBGi2JpNzPQKVi8eBaiqHmguV6tsazFFumpKUtpbhRBLzULD+dYD
cte1o/U6LHRhwzjWr/bHAcN+iGUDSZYsyDMhJk0nPo/baCIGKmS2cv0eLug/JFmi
jKKoIqkUbQgqF5NGQgm2jDn5Br/l+HajMQ4/qPAF918AV6wAwvdC9ZC8ZMF7xFNl
ePA5IO62lUpCPBEbWeOQ4OcsPdZb9K7ZEjg8givTbqsdBPAVsCE=
=ex3C
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds