Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5755-1

Debian Linux Security Advisory 5755-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Packet Storm
#vulnerability#linux#debian
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5755-1                   [email protected]://www.debian.org/security/                       Moritz MuehlenhoffAugust 21, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : glanceCVE ID         : CVE-2024-32498Martin Kaesberger discovered a vulnerability which affects multipleOpenStack components (Nova, Glance and Cinder): Malformed QCOW2 diskimages may result in the disclosure of arbitrary files.For the stable distribution (bookworm), this problem has been fixed inversion 2:25.1.0-2+deb12u1.We recommend that you upgrade your glance packages.For the detailed security status of glance please refer toits security tracker page at:https://security-tracker.debian.org/tracker/glanceFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFyK8ACgkQEMKTtsN8Tjbtpg/+KwvaFrxrDWSY/I7oLjnaTvwZogk4GSJHtmtsyG5e6vcWMYoj88gDZfv71uzhyl8kGqyDfraD3AlyfqPbERNz1JwnS3EEHJd613Zw+4cwPbottJtvYHGhaJNdpkv1YZ6M4iJKzD33x8vTWftLXKOqMApj8se7Ip6Gr0ElroN7PXQr2T5dqZMTV4K6IdgSCZ588CmmzGzANjMUbBtcQlqAuL2ZWhkDIUY5qapuyU2M/MrzoCYV9mAN4cme79bDhkrDC5/zRV+MjdrTwiuKhR96o5jjLbYQi3jlHWG1HmLdnu3M+dcqAPbQitlwXF2DMyBDqgk6B1h+w0oV2qDApCtGxG3Vjh4AvBTQXPLJOq6NSXccwKGIGntWnlZaUPu6zwAlsBjxectHvu4t9Zy21TcXjEA/FHNZaZpSzd7b7ORXcT5+E1h+qgbmKT2RsJTKwuqe0ag8FQGC1ZhEOoaczBCzMxjUoNympLmNc5pDOLA+Ih9ZUSB2k7I+S5aMQekyIZplbIYXERJWbbjcyFra62V5LZetEUN3D6DDiUfqR5JdpqysF2n0bp9qnKmYzU8KKgaTpCZS6B2vmuespx8a23YNKk2X/UQ6xkqB6BVKFMmn1RJYgQZHZbsg2JqAuhgMliFibXBtSKm7UQOvbZVKn4fAZZL72grJtUNYdhRjuASBy+M==26RN-----END PGP SIGNATURE-----

Related news

Ubuntu Security Notice USN-6882-2

Ubuntu Security Notice 6882-2 - USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Debian Security Advisory 5756-1

Debian Linux Security Advisory 5756-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Debian Security Advisory 5754-1

Debian Linux Security Advisory 5754-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Red Hat Security Advisory 2024-4425-03

Red Hat Security Advisory 2024-4425-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1.

Ubuntu Security Notice USN-6884-1

Ubuntu Security Notice 6884-1 - Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Ubuntu Security Notice USN-6883-1

Ubuntu Security Notice 6883-1 - Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Ubuntu Security Notice USN-6882-1

Ubuntu Security Notice 6882-1 - Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

GHSA-r4v4-w9pv-6fph: OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Red Hat Security Advisory 2024-4274-03

Red Hat Security Advisory 2024-4274-03 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1.

Red Hat Security Advisory 2024-4273-03

Red Hat Security Advisory 2024-4273-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.2.

Red Hat Security Advisory 2024-4272-03

Red Hat Security Advisory 2024-4272-03 - An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution