USN-5835-2

Source

https://ubuntu.com/security/notices/USN-5835-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5835-2.json

Related

CVE-2022-47951

Published

2023-01-31T13:07:57.273657Z

Modified

2023-01-31T13:07:57.273657Z

Summary

glance vulnerability

Details

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

References

Affected packages

Ubuntu:22.04:LTS / glance

Package

Name: glance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:24.1.0-0ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "glance": "2:24.1.0-0ubuntu1.1",
            "glance-api": "2:24.1.0-0ubuntu1.1",
            "python3-glance": "2:24.1.0-0ubuntu1.1",
            "glance-common": "2:24.1.0-0ubuntu1.1",
            "python-glance-doc": "2:24.1.0-0ubuntu1.1"
        }
    ]
}

Ubuntu:20.04:LTS / glance

Package

Name: glance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:20.2.0-0ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "glance": "2:20.2.0-0ubuntu1.1",
            "glance-api": "2:20.2.0-0ubuntu1.1",
            "python3-glance": "2:20.2.0-0ubuntu1.1",
            "glance-common": "2:20.2.0-0ubuntu1.1",
            "python-glance-doc": "2:20.2.0-0ubuntu1.1"
        }
    ]
}