Assuming this feature is activated by default, here is the impact description draft:
Title: Use of MD5 in OpenStack Glance image signature
Reporter: Daniel P. Berrange (Red Hat)
Products: Glance
Affects: =11.0.0
Description:
Daniel P. Berrange from Red Hat reported a vulnerability in Glance image signature. Glance computes cryptographic signature using MD5 hash of the image. By crafting a malicious image that produces a MD5 collision, a Glance backend operator may subvert the signature verification process, resulting in corrupted image. All Glance setups are affected.
Assuming this feature is activated by default, here is the impact description draft:
Title: Use of MD5 in OpenStack Glance image signature
Reporter: Daniel P. Berrange (Red Hat)
Products: Glance
Affects: =11.0.0
Description:
Daniel P. Berrange from Red Hat reported a vulnerability in Glance image signature. Glance computes cryptographic signature using MD5 hash of the image. By crafting a malicious image that produces a MD5 collision, a Glance backend operator may subvert the signature verification process, resulting in corrupted image. All Glance setups are affected.