[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3300-1] glance security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3300-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 31, 2023                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : glance
Version        : 2:17.0.0-5+deb10u1
CVE ID         : CVE-2022-47951
Debian Bug     : 1029563

An issue was discovered in Glance, OpenStack Image Registry and Delivery
Service - Daemons. By supplying a specially created VMDK flat image that
references a specific backing file path, an authenticated user may
convince systems to return a copy of that file's contents from the
server, resulting in unauthorized access to potentially sensitive data.

For Debian 10 buster, this problem has been fixed in version
2:17.0.0-5+deb10u1.

We recommend that you upgrade your glance packages.

For the detailed security status of glance please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glance

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmPYPtQACgkQgj6WdgbD
S5Z4Mg//Z3XagcvJT7/JjuEiJWhLx2BItQi0j9lWGM1fvr4AHTDqeLBxJxo2Y3k/
TqTH3l7nTFf4Y48A2IdOKRhLZiOZss+udSdUrebwXOjaOlCT9eBLvjPCJIXc+i6q
ynfWvfNgUI16Y12BMtkCMeGP46+gCWNoyHdwdbwZfgWrLpC22PoMcirVVJIrjoqJ
t3nXSmKZ5H6yAbcPDn+fpFUSQ57hPHBAl64lD66pyMDN3+deO9UvYYXwSmDICz+U
Nql163K9dvx6cNsyhUq+NuCBA9QKPPV9YPdtu272AC7nFActGv7JS39L5hv98OLj
l/ACE9LR/+t4VL5PjWrSsbf37O+sDS2ICpmlaZNxtZ3q8/5DIWwyh5+xZ8r4SiN6
RZTt849vfXE8YYgbShJe7n5a78FBuDsXSbf6cf87Zs499k+jkPbDviLIe/QNS/eq
wFKdliZFoL+wGOq+NeT4EKRo9qXuzNRF+JD953NPwgvaDlLqHtP86s0TtaBhnymt
LM7PSwDwxRDpeTXaEmGWjzPs4itGKOEZSa0OTqeGHKuuwR0tC9tSQTS9jX4ablTn
dLuoi+r+TBlp/Q1Cf2mTJwmm4Fv5jmdi0RrYo/9X8SvNHf1WDSA0rnBsp1qTX6At
SNZmdn5GL7/Zhfcuq+Zby+TXIqyb4S8k3RTcRsi/Lx2ZEXXunvg=
=eNE1
-----END PGP SIGNATURE-----


Reply to: