glance 2:24.2.1-0ubuntu1.2 source package in Ubuntu
Changelog
glance (2:24.2.1-0ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/patches/CVE-2024-32498-pre1.patch: limit CaptureRegion sizes
in format_inspector for VMDK and VHDX.
- debian/patches/CVE-2024-32498-pre2.patch: support Stream Optimized
VMDKs.
- debian/patches/CVE-2024-32498-1.patch: reject qcow files with
data-file attributes.
- debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
QCOW safety.
- debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
- debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
files.
- debian/patches/CVE-2024-32498-5.patch: add QED format detection to
format_inspector.
- debian/patches/CVE-2024-32498-6.patch: add file format detection to
format_inspector.
- debian/patches/CVE-2024-32498-7.patch: add safety check and detection
support to FI tool.
- CVE-2024-32498
-- Marc Deslauriers <email address hidden> Fri, 28 Jun 2024 18:04:05 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Jammy
- Original maintainer:
- OpenStack Ubuntu packagers
- Architectures:
- all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | updates | main | net | |
| Jammy | security | main | net |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| glance_24.2.1.orig.tar.gz | 2.0 MiB | 81fdf4284e1bdd9f44ab2797d5d30c5423d07e7d9871eb97dd3825c10dba9ee4 |
| glance_24.2.1-0ubuntu1.2.debian.tar.xz | 32.7 KiB | 63bb90f56cd108ae7f1221627a8f1dbce78c5c80e9734d3d731c4bff054c1c7c |
| glance_24.2.1-0ubuntu1.2.dsc | 4.5 KiB | 88bddfbccea1e6880df76c4bbfdc5bf4a7f3b7dc9df23b8d7da6e43ed2523a44 |
Available diffs
Binary packages built by this source
- glance: OpenStack Image Registry and Delivery Service - Daemons
The Glance project provides an image registration and discovery service
and an image delivery service. These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package is a metapackage for all glance daemons.
- glance-api: OpenStack Image Registry and Delivery Service - API
The Glance project provides an image registration, discovery and
delivery service. These services may be used as stand-along services, and
they may also be used by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the glance API server.
- glance-common: OpenStack Image Registry and Delivery Service - Common
The Glance project provides an image registration, discovery and
delivery service. These services may be used as stand-along services, and
they may also be used by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the glance common.
- python-glance-doc: OpenStack Image Registry and Delivery Service - Documentation
The Glance project provides an image registration and discovery service
(Parallax) and an image delivery service (Teller). These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the documentation.
- python3-glance: OpenStack Image Registry and Delivery Service - Python 3 library
The Glance project provides an image registration and discovery service
and an image delivery service. These services are used
in conjunction by Nova to deliver images from object stores, such as
OpenStack's Swift service, to Nova's compute nodes.
.
This package contains the Python 3 libraries.
