Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 LTS Advisory USN-6883-1: Glance File Access Risk

ubuntu
Calendar Grey July 8, 2024
Dist Ubuntu Esm H88
Addressing a vulnerability in OpenStack Glance, this advisory emphasizes the need for immediate updates to prevent unauthorized file exposure over the network
OpenStack Glance would allow unintended access to files over the network.

Summary

OpenStack Glance would allow unintended access to files over the network.

Software Description:

- glance: OpenStack Image Registry and Delivery Service

Details:

Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image

processing. An authenticated user could use this issue to access arbitrary

files on the server, possibly exposing sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   glance-common                   2:28.0.1-0ubuntu1.2

Ubuntu 23.10
   glance-common                   2:27.0.0-0ubuntu1.2

Ubuntu 22.04 LTS
   glance-common                   2:24.2.1-0ubuntu1.2

Ubuntu 20.04 LTS
   glance-common                   2:20.2.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6883-1

CVE-2024-32498

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6883-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here