USN-6883-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6883-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6883-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6883-1

Related

Published

2024-07-08T11:55:01.004781Z

Modified

2024-07-08T11:55:01.004781Z

Summary

glance vulnerability

Details

Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

References

Affected packages

Ubuntu:20.04:LTS / glance

Package

Name: glance
Purl: pkg:deb/ubuntu/glance?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:20.2.0-0ubuntu1.2

Affected versions

2:19.*

2:19.0.0-0ubuntu1

2:20.*

2:20.0.0~b1~git2019121610.0c6dd98d-0ubuntu1

2:20.0.0~b2~git2020020509.8649fdc2-0ubuntu1

2:20.0.0~b3~git2020032414.30ece7aa-0ubuntu2

2:20.0.0~b3~git2020041012.d5a0ce18-0ubuntu1

2:20.0.0-0ubuntu0.20.04.1

2:20.0.1-0ubuntu1

2:20.1.0-0ubuntu1

2:20.2.0-0ubuntu1

2:20.2.0-0ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2:20.2.0-0ubuntu1.2",
            "binary_name": "glance"
        },
        {
            "binary_version": "2:20.2.0-0ubuntu1.2",
            "binary_name": "glance-api"
        },
        {
            "binary_version": "2:20.2.0-0ubuntu1.2",
            "binary_name": "glance-common"
        },
        {
            "binary_version": "2:20.2.0-0ubuntu1.2",
            "binary_name": "python-glance-doc"
        },
        {
            "binary_version": "2:20.2.0-0ubuntu1.2",
            "binary_name": "python3-glance"
        }
    ]
}

Ubuntu:22.04:LTS / glance

Package

Name: glance
Purl: pkg:deb/ubuntu/glance?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:24.2.1-0ubuntu1.2

Affected versions

2:23.*

2:23.0.0-0ubuntu1

2:23.0.0+git2021120811.4ee7799aa-0ubuntu1

2:23.0.0+git2022011216.502fa0ffc-0ubuntu1

2:24.*

2:24.0.0~rc1+git2022030311.d4119be05-0ubuntu1

2:24.0.0-0ubuntu1

2:24.1.0-0ubuntu1

2:24.1.0-0ubuntu1.1

2:24.2.0-0ubuntu1

2:24.2.1-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2:24.2.1-0ubuntu1.2",
            "binary_name": "glance"
        },
        {
            "binary_version": "2:24.2.1-0ubuntu1.2",
            "binary_name": "glance-api"
        },
        {
            "binary_version": "2:24.2.1-0ubuntu1.2",
            "binary_name": "glance-common"
        },
        {
            "binary_version": "2:24.2.1-0ubuntu1.2",
            "binary_name": "python-glance-doc"
        },
        {
            "binary_version": "2:24.2.1-0ubuntu1.2",
            "binary_name": "python3-glance"
        }
    ]
}

Ubuntu:23.10 / glance

Package

Name: glance
Purl: pkg:deb/ubuntu/glance?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:27.0.0-0ubuntu1.2

Affected versions

2:26.*

2:26.0.0-0ubuntu1

2:27.*

2:27.0.0~b1+git2023061414.43b2116a-0ubuntu1

2:27.0.0~b1+git2023071214.b350184f-0ubuntu1

2:27.0.0~b2+git2023090714.b059c898-0ubuntu1

2:27.0.0-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2:27.0.0-0ubuntu1.2",
            "binary_name": "glance"
        },
        {
            "binary_version": "2:27.0.0-0ubuntu1.2",
            "binary_name": "glance-api"
        },
        {
            "binary_version": "2:27.0.0-0ubuntu1.2",
            "binary_name": "glance-common"
        },
        {
            "binary_version": "2:27.0.0-0ubuntu1.2",
            "binary_name": "python-glance-doc"
        },
        {
            "binary_version": "2:27.0.0-0ubuntu1.2",
            "binary_name": "python3-glance"
        }
    ]
}

Ubuntu:24.04:LTS / glance

Package

Name: glance
Purl: pkg:deb/ubuntu/glance?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:28.0.1-0ubuntu1.2

Affected versions

2:27.*

2:27.0.0-0ubuntu1

2:28.*

2:28.0.0~b2+git2024011916.f429b53e-0ubuntu1

2:28.0.0~rc1-0ubuntu1

2:28.0.1-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2:28.0.1-0ubuntu1.2",
            "binary_name": "glance"
        },
        {
            "binary_version": "2:28.0.1-0ubuntu1.2",
            "binary_name": "glance-api"
        },
        {
            "binary_version": "2:28.0.1-0ubuntu1.2",
            "binary_name": "glance-common"
        },
        {
            "binary_version": "2:28.0.1-0ubuntu1.2",
            "binary_name": "python-glance-doc"
        },
        {
            "binary_version": "2:28.0.1-0ubuntu1.2",
            "binary_name": "python3-glance"
        }
    ]
}