This bug was fixed in the package glance - 2:26.0.0-0ubuntu1.2~cloud0 ---------------
glance (2:26.0.0-0ubuntu1.2~cloud0) jammy; urgency=medium . [ James Page ] * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data (LP: #2059809) - debian/patches/CVE-2024-32498-pre1.patch: support Stream Optimized VMDKs in glance/common/format_inspector.py, glance/tests/unit/common/test_format_inspector.py. - debian/patches/CVE-2024-32498-1.patch: reject qcow files with data-file attributes. - debian/patches/CVE-2024-32498-2.patch: extend format_inspector for QCOW safety. - debian/patches/CVE-2024-32498-3.patch: add VMDK safety check. - debian/patches/CVE-2024-32498-4.patch: reject unsafe qcow and vmdk files. - debian/patches/CVE-2024-32498-5.patch: add QED format detection to format_inspector. - debian/patches/CVE-2024-32498-6.patch: add file format detection to format_inspector. - debian/patches/CVE-2024-32498-7.patch: add safety check and detection support to FI tool. - CVE-2024-32498 . [ Corey Bryant ] * d/gbp.conf: Create stable/2023.1 branch.
This bug was fixed in the package glance - 2:26.0. 0-0ubuntu1. 2~cloud0
---------------
glance (2:26.0. 0-0ubuntu1. 2~cloud0) jammy; urgency=medium patches/ CVE-2024- 32498-pre1. patch: support Stream Optimized common/ format_ inspector. py,
glance/ tests/unit/ common/ test_format_ inspector. py. patches/ CVE-2024- 32498-1. patch: reject qcow files with patches/ CVE-2024- 32498-2. patch: extend format_inspector for patches/ CVE-2024- 32498-3. patch: add VMDK safety check. patches/ CVE-2024- 32498-4. patch: reject unsafe qcow and vmdk patches/ CVE-2024- 32498-5. patch: add QED format detection to
format_ inspector. patches/ CVE-2024- 32498-6. patch: add file format detection to
format_ inspector. patches/ CVE-2024- 32498-7. patch: add safety check and detection
.
[ James Page ]
* SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
(LP: #2059809)
- debian/
VMDKs in glance/
- debian/
data-file attributes.
- debian/
QCOW safety.
- debian/
- debian/
files.
- debian/
- debian/
- debian/
support to FI tool.
- CVE-2024-32498
.
[ Corey Bryant ]
* d/gbp.conf: Create stable/2023.1 branch.