Alerts This Week
Warning Icon 1 1,355
Alerts This Week
Warning Icon 1 1,355

Ubuntu 25.10 OpenStack Glance Noteworthy SSRF Vulnerability USN-8111-2

ubuntu
Calendar Grey March 19, 2026
Dist Ubuntu Esm H88
Update your Ubuntu systems to fix important OpenStack Glance server-side request forgery vulnerability issues effectively.
OpenStack Glance could be made to perform server-side request forgery

Summary

OpenStack Glance could be made to perform server-side request forgery

Software Description:

- glance: OpenStack Image Registry and Delivery Service

Details:

It was discovered that OpenStack Glance was incorrectly validating the IP

addresses and the redirect destination URL when downloading or importing

images from a remote source. An attacker could possibly use this issue to

perform server-side request forgery and obtain sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  glance                          2:31.0.0-0ubuntu1.2
  glance-api                      2:31.0.0-0ubuntu1.2
  glance-common                   2:31.0.0-0ubuntu1.2
  python-glance-doc               2:31.0.0-0ubuntu1.2
  python3-glance                  2:31.0.0-0ubuntu1.2

Ubuntu 24.04 LTS
  glance                          2:28.1.0-0ubuntu1.2
  glance-api                      2:28.1.0-0ubuntu1.2
  glance-common                   2:28.1.0-0ubuntu1.2
  python-glance-doc               2:28.1.0-0ubuntu1.2
  python3-glance                  2:28.1.0-0ubuntu1.2

Ubuntu 22.04 LTS
  glance                          2:24.2.1-0ubuntu1.4
  glance-api                      2:24.2.1-0ubuntu1.4
  glance-common                   2:24.2.1-0ubuntu1.4
  python-glance-doc               2:24.2.1-0ubuntu1.4
  python3-glance                  2:24.2.1-0ubuntu1.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8111-1

https://bugs.launchpad.net/glance/+bug/2138602

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8111-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here