Ubuntu Security Update USN-8199-1: OpenStack Glance vulnerabilities

[LinuxBot]

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498) Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881)

Continue reading...