Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.10 USN-5835-2 Moderate OpenStack Glance Info Leak

ubuntu
Calendar Grey January 31, 2023
Dist Ubuntu Esm H88
OpenStack Glance security flaw permits leakage of confidential data; ensure you’re informed about the latest patches.
OpenStack Glance could be made to expose sensitive information.

Summary

OpenStack Glance could be made to expose sensitive information.

Software Description:

- glance: OpenStack Image Registry and Delivery Service

Details:

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou

discovered that OpenStack Glance incorrectly handled VMDK image processing.

An authenticated attacker could possibly supply a specially crafted VMDK

flat image and obtain arbitrary files from the server containing sensitive

information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   glance-common                   2:25.0.0-0ubuntu1.1

Ubuntu 22.04 LTS:
   glance-common                   2:24.1.0-0ubuntu1.1

Ubuntu 20.04 LTS:
   glance-common                   2:20.2.0-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5835-2

https://ubuntu.com/security/notices/USN-5835-1

CVE-2022-47951

January 31, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here