Comment 3 for bug 1516031
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Use of MD5 in OpenStack Glance image signature | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Assuming this feature is activated by default, here is the impact description draft:
Title: Use of MD5 in OpenStack Glance image signature
Reporter: Daniel P. Berrange (Red Hat)
Products: Glance
Affects: =11.0.0
Description:
Daniel P. Berrange from Red Hat reported a vulnerability in Glance image signature. Glance computes cryptographic signature using MD5 hash of the image. By crafting a malicious image that produces a MD5 collision, a Glance backend operator may subvert the signature verification process, resulting in corrupted image. All Glance setups are affected.