|
|
Log in / Subscribe / Register

Ubuntu alert USN-6883-1 (glance)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-6883-1] OpenStack Glance vulnerability


Date:
              Mon, 08 Jul 2024 10:06:24 -0400


Message-ID:
              <2f0c7aa0-a589-4ef8-9882-5b8526868fc2@canonical.com>


==========================================================================
Ubuntu Security Notice USN-6883-1
July 08, 2024

glance vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

OpenStack Glance would allow unintended access to files over the network.

Software Description:
- glance: OpenStack Image Registry and Delivery Service

Details:

Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   glance-common                   2:28.0.1-0ubuntu1.2

Ubuntu 23.10
   glance-common                   2:27.0.0-0ubuntu1.2

Ubuntu 22.04 LTS
   glance-common                   2:24.2.1-0ubuntu1.2

Ubuntu 20.04 LTS
   glance-common                   2:20.2.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6883-1
   CVE-2024-32498

Package Information:
   https://launchpad.net/ubuntu/+source/glance/2:28.0.1-0ubu...
   https://launchpad.net/ubuntu/+source/glance/2:27.0.0-0ubu...
   https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubu...
   https://launchpad.net/ubuntu/+source/glance/2:20.2.0-0ubu...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmaL8mAACgkQZWnYVadE
vpNJoA//bqgJV2ltEAIGd4Sw9Q39F+WltNuFnquBZzcpLgzT4cRJjDyA0lYzFbJ9
IHfKXGyUbt7AIoN8C43yjco6SWbJtQi7MkMHi5GloT4DkF6w3e47LYO53NJlvWB1
9pyM+c1uiKHH4ui1YXgK6EdrhUxZlFG7HoKM/00cGJnTidROj+anKTKy6SzwrFf4
6MrZht93TSUSjTAwuYl1+PduITr90ip6LFwuzWQIDikVu7+UYKNuj7rbUY5LAdg+
1DJVuw7NZ5sKCmEP2KcJfMN/gMQGm9jqHyUskahihAQkDRYI9FDSAbrn5vFMPVkF
N4cyi+Ab0HmEYYYrbx8hvqJEwiivnoh+/ksTcx1dMWLUMFN7oRWAtpqnDUFnmebA
cPyQ2vJilydn80Iv065b+CchAJ/gxO0Jpni0LZb9cD6AvZvzFcllLOut+dDfmf0M
onVtoUjpJzuyjx68icUjcdUEKrp4Z+JtNXxG3btgB67K/iYK1X+1+XhpPFOkUPDr
B/fzeYyHNLsgfHm+g2lf5ZyyCPwOqithkylnrs7V3Zp8UwZiE33/qRAKW6fBNkJC
on9sZOPVmc5wVfucgAE+4n5gnmjIuo3GSEzICexZCCjLWmvolauEaTXCdTbfO+9O
YoD86w1ixmDwOEH9w9E4tAdz75I4YMbe6IvegGwJ5qFdthwyA3g=
=Qdcs
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds