Ubuntu alert USN-8199-1 (glance)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8199-1] OpenStack Glance vulnerabilities | |
| Date: | Mon, 27 Apr 2026 17:34:15 +0000 | |
| Message-ID: | <E1wHPqZ-0005eO-Fz@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8199-1 April 22, 2026 glance vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenStack Glance. Software Description: - glance: OpenStack Image Registry and Delivery Service Details: Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498) Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS glance 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro glance-api 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro glance-common 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro python3-glance 2:20.2.0-0ubuntu1.2+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS glance 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-api 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-common 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro glance-registry 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro python-glance 2:16.0.1-0ubuntu1.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS glance 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-api 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-common 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-glare 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro glance-registry 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro python-glance 2:12.0.0-0ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8199-1 CVE-2024-32498, CVE-2026-34881
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnpHqAACgkQcpJm3tlz hgGFwA//VaYqEzvwcBr/snKiatow6odERaUQYe/e2TlRtnrZsUaatttnFy3MilYU zhoZhgw867KdrhSb7dVCuZ/YQKezUPFY7jRrKr80+VM/HMdDOhi0ChbwsxtNa8mp Uw8IQSWHef7kzOrYIBOLjvJcaVu/3YSa4dzX/BWg3bTz55mVfsTt8bNw7geujQYM CHrDkQReQAiz5evDAQJJEuKxGpqgTJsJTyxXqXwSSS4o1s75eWlBm/+iVCI1Qxy3 ODZK7kWA2r34ENrgUt+KOCK1J9QambQDOe/XxvE13sYRCDq0QQPMRLdH5vIMMmVX 03TynyXobk71DS14JJo+LAI7CbFSPQ52FBiKue2HuHcQwk+pTdoHaDLiofMaZ7zx k/F2e5lLWctcXL++7MJ9fMwUxVnmLbrAYXE5jdTjBqp6G95KB1Q5pF1TSGcacgbx MsDKYDh4dAutrk6f1ynwOYoj/7aLbryvQrdHHfm1W6322NyHIH2+6123ndhaIDOO 0jeqtZPPDi8w03MVkZSocRVsCdMLJq2V57e1pteXHtsYjrvOmE0CyCdAGjbueqvn C1KmF69bS19MYIKAABxdyqukhJM5FdTWZ+J2L7RGn303ewnK6txMQqGNusCflTAs ibXvvD7OkQt0U/DxiTdg9XpGETI4YaeZp4iUKlTE8Xn9LdmIZyc= =aNp9 -----END PGP SIGNATURE-----