glance 2:20.2.0-0ubuntu1.2 source package in Ubuntu

Changelog

glance (2:20.2.0-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-pre1.patch: stream-friendly disk format
      inspection module.
    - debian/patches/CVE-2024-32498-pre2.patch: fix unintentional exception
      inspecting VMDK.
    - debian/patches/CVE-2024-32498-pre3.patch: limit CaptureRegion sizes
      in format_inspector for VMDK and VHDX.
    - debian/patches/CVE-2024-32498-pre4.patch: support Stream Optimized
      VMDKs.
    - debian/patches/CVE-2024-32498-pre5.patch: add missing fail case tests
      for image_conversion.
    - debian/patches/CVE-2024-32498-pre6.patch: make action wrapper support
      arbitrary properties.
    - debian/patches/CVE-2024-32498-pre7.patch: make image_conversion use
      action wrapper.
    - debian/patches/CVE-2024-32498-pre8.patch: update image.size after
      conversion.
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - debian/control: added qemu-utils to Build-Depends so qemu-img is
      available for new tests.
    - CVE-2024-32498

 -- Marc Deslauriers <email address hidden>  Wed, 03 Jul 2024 14:14:53 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
OpenStack Ubuntu packagers
Architectures:
all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates main net
Focal security main net

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
glance_20.2.0.orig.tar.gz 1.9 MiB c35bc05efa1451d054612abfdd7dd937871741dd83a85d8e3a2302bfb494bdd3
glance_20.2.0-0ubuntu1.2.debian.tar.xz 45.3 KiB 8218d99334e84b30a927cb882592fd72c6599cc2ed3273d79a883933c530b647
glance_20.2.0-0ubuntu1.2.dsc 4.5 KiB 409ee510d6e99ba5f0e29aacd0a3e8d7ecb31cb15b5c24a2de77e7b81b8c2729

View changes file

Binary packages built by this source

glance: OpenStack Image Registry and Delivery Service - Daemons

 The Glance project provides an image registration and discovery service
 and an image delivery service. These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package is a metapackage for all glance daemons.

glance-api: OpenStack Image Registry and Delivery Service - API

 The Glance project provides an image registration, discovery and
 delivery service. These services may be used as stand-along services, and
 they may also be used by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the glance API server.

glance-common: OpenStack Image Registry and Delivery Service - Common

 The Glance project provides an image registration, discovery and
 delivery service. These services may be used as stand-along services, and
 they may also be used by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the glance common.

python-glance-doc: OpenStack Image Registry and Delivery Service - Documentation

 The Glance project provides an image registration and discovery service
 (Parallax) and an image delivery service (Teller). These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the documentation.

python3-glance: OpenStack Image Registry and Delivery Service - Python 3 library

 The Glance project provides an image registration and discovery service
 and an image delivery service. These services are used
 in conjunction by Nova to deliver images from object stores, such as
 OpenStack's Swift service, to Nova's compute nodes.
 .
 This package contains the Python 3 libraries.