Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6883-1

Ubuntu Security Notice 6883-1 - Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Packet Storm
#vulnerability#ubuntu#auth

==========================================================================
Ubuntu Security Notice USN-6883-1
July 08, 2024

glance vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

OpenStack Glance would allow unintended access to files over the network.

Software Description:

  • glance: OpenStack Image Registry and Delivery Service

Details:

Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
glance-common 2:28.0.1-0ubuntu1.2

Ubuntu 23.10
glance-common 2:27.0.0-0ubuntu1.2

Ubuntu 22.04 LTS
glance-common 2:24.2.1-0ubuntu1.2

Ubuntu 20.04 LTS
glance-common 2:20.2.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6883-1
CVE-2024-32498

Package Information:
https://launchpad.net/ubuntu/+source/glance/2:28.0.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:27.0.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:20.2.0-0ubuntu1.2

Related news

Debian Security Advisory 5756-1

Debian Linux Security Advisory 5756-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Debian Security Advisory 5755-1

Debian Linux Security Advisory 5755-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Debian Security Advisory 5754-1

Debian Linux Security Advisory 5754-1 - Martin Kaesberger discovered a vulnerability which affects multiple images may result in the disclosure of arbitrary files.

Red Hat Security Advisory 2024-4425-03

Red Hat Security Advisory 2024-4425-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1.

Ubuntu Security Notice USN-6884-1

Ubuntu Security Notice 6884-1 - Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Ubuntu Security Notice USN-6882-1

Ubuntu Security Notice 6882-1 - Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

GHSA-r4v4-w9pv-6fph: OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Red Hat Security Advisory 2024-4274-03

Red Hat Security Advisory 2024-4274-03 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1.

Red Hat Security Advisory 2024-4273-03

Red Hat Security Advisory 2024-4273-03 - An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.2.

Red Hat Security Advisory 2024-4272-03

Red Hat Security Advisory 2024-4272-03 - An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1.

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1