Launchpad CVE tracker

CVE 2015-5163

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Related bugs and status

CVE-2015-5163 (Candidate) is related to these bugs:

Bug #1471912: [OSSA 2015-014] Format-guessing and file disclosure via image conversion (CVE-2015-5163)

		In	Importance	Status
1471912	[OSSA 2015-014] Format-guessing and file disclosure via image conversion (CVE-2015-5163)	Glance	Critical	Fix Released
1471912	[OSSA 2015-014] Format-guessing and file disclosure via image conversion (CVE-2015-5163)	OpenStack Security Advisory	Critical	Fix Released
1471912	[OSSA 2015-014] Format-guessing and file disclosure via image conversion (CVE-2015-5163)	Glance kilo	Undecided	Fix Released

Bug #1484766: Incorporate glance CVE-2015-5163 fix

		In	Importance	Status
1484766	Incorporate glance CVE-2015-5163 fix	OpenStack-Ansible	High	Fix Released
1484766	Incorporate glance CVE-2015-5163 fix	OpenStack-Ansible kilo	High	Fix Released
1484766	Incorporate glance CVE-2015-5163 fix	OpenStack-Ansible trunk	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-5163

References