UbuntuUpdates.org

Package "glance"

Name: glance

Description:

OpenStack Image Registry and Delivery Service - Daemons
Latest version: 2:24.2.1-0ubuntu1.2
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: https://launchpad.net/glance

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "glance"

All arch deb package
APT INSTALL

Other versions of "glance" in Jammy

Repository Area Version
base main 2:24.0.0-0ubuntu1
security main 2:24.2.1-0ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:24.2.1-0ubuntu1.2 2024-07-08 16:07:13 UTC

  glance (2:24.2.1-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
    (LP: #2059809)
    - debian/patches/CVE-2024-32498-pre1.patch: limit CaptureRegion sizes
      in format_inspector for VMDK and VHDX.
    - debian/patches/CVE-2024-32498-pre2.patch: support Stream Optimized
      VMDKs.
    - debian/patches/CVE-2024-32498-1.patch: reject qcow files with
      data-file attributes.
    - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for
      QCOW safety.
    - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check.
    - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk
      files.
    - debian/patches/CVE-2024-32498-5.patch: add QED format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-6.patch: add file format detection to
      format_inspector.
    - debian/patches/CVE-2024-32498-7.patch: add safety check and detection
      support to FI tool.
    - CVE-2024-32498

 -- Marc Deslauriers <email address hidden> Fri, 28 Jun 2024 18:04:05 -0400
Source diff to previous version
CVE-2024-32498 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom

Version: 2:24.2.1-0ubuntu1 2023-11-22 06:09:07 UTC

  glance (2:24.2.1-0ubuntu1) jammy; urgency=medium

  * New stable point release for OpenStack Yoga (LP: #2037332).

 -- Corey Bryant <email address hidden> Mon, 25 Sep 2023 17:19:32 -0400
Source diff to previous version

Version: 2:24.2.0-0ubuntu1 2023-04-13 17:06:49 UTC

  glance (2:24.2.0-0ubuntu1) jammy; urgency=medium

  * New stable point release for OpenStack Yoga (LP: #2011713).
  * d/p/CVE-2022-47951.patch: Dropped. Fixed in stable point release.

 -- Corey Bryant <email address hidden> Wed, 15 Mar 2023 09:00:42 -0400
Source diff to previous version
2011713 [SRU] yoga stable releases
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:24.1.0-0ubuntu1.1 2023-01-31 16:07:18 UTC

  glance (2:24.1.0-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file access
    - debian/patches/CVE-2022-47951.patch: Enforce image safety
      during image_conversion.
    - CVE-2022-47951

 -- Corey Bryant <email address hidden> Sun, 29 Jan 2023 10:35:56 -0500
Source diff to previous version
CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and

Version: 2:24.1.0-0ubuntu1 2022-08-17 01:07:08 UTC

  glance (2:24.1.0-0ubuntu1) jammy; urgency=medium

  * d/gbp.conf: Create stable/yoga branch.
  * New stable point release for OpenStack Yoga (LP: #1980369).

 -- Corey Bryant <email address hidden> Tue, 05 Jul 2022 10:43:59 -0400
1980369 [SRU] Yoga stable releases


About   -   Send Feedback to @ubuntu_updates