Packages
- glance - OpenStack Image Registry and Delivery Service
Details
It was discovered that OpenStack Glance was incorrectly validating the IP
addresses and the redirect destination URL when downloading or importing
images from a remote source. An attacker could possibly use this issue to
perform server-side request forgery and obtain sensitive information.
It was discovered that OpenStack Glance was incorrectly validating the IP
addresses and the redirect destination URL when downloading or importing
images from a remote source. An attacker could possibly use this issue to
perform server-side request forgery and obtain sensitive information.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | glance – 2:31.0.0-0ubuntu1.2 | ||
| glance-api – 2:31.0.0-0ubuntu1.2 | |||
| glance-common – 2:31.0.0-0ubuntu1.2 | |||
| python-glance-doc – 2:31.0.0-0ubuntu1.2 | |||
| python3-glance – 2:31.0.0-0ubuntu1.2 | |||
| 24.04 LTS noble | glance – 2:28.1.0-0ubuntu1.2 | ||
| glance-api – 2:28.1.0-0ubuntu1.2 | |||
| glance-common – 2:28.1.0-0ubuntu1.2 | |||
| python-glance-doc – 2:28.1.0-0ubuntu1.2 | |||
| python3-glance – 2:28.1.0-0ubuntu1.2 | |||
| 22.04 LTS jammy | glance – 2:24.2.1-0ubuntu1.4 | ||
| glance-api – 2:24.2.1-0ubuntu1.4 | |||
| glance-common – 2:24.2.1-0ubuntu1.4 | |||
| python-glance-doc – 2:24.2.1-0ubuntu1.4 | |||
| python3-glance – 2:24.2.1-0ubuntu1.4 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.