Package: glance | Debian Sources

Package: glance / 2:21.0.0-2+deb11u1

Metadata

Package	Version	Patches format
glance	2:21.0.0-2+deb11u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
sql_conn registry.patch \| (download)	etc/glance-api.conf \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fixes default connection in glance-registry.conf & glance-api.conf
missing files.patch \| (download)	MANIFEST.in \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	package missing files
cve 2022 47951 glance stable victoria.patch \| (download)	glance/async_/flows/plugins/image_conversion.py \| 23 23 + 0 - 0 ! glance/common/config.py \| 12 12 + 0 - 0 ! glance/tests/unit/async_/flows/plugins/test_image_conversion.py \| 62 62 + 0 - 0 ! 3 files changed, 97 insertions(+)	cve-2022-47951: enforce image safety during image_conversion This does two things: . 1. It makes us check that the QCOW backing_file is unset on those types of images. Nova and Cinder do this already to prevent an arbitrary (and trivial to accomplish) host file exposure exploit. 2. It makes us restrict VMDK files to only allowed subtypes. These files can name arbitrary files on disk as extents, providing the same sort of attack. Default that list to just the types we believe are actually useful for openstack, and which are monolithic. . The configuration option to specify allowed subtypes is added in glance's config and not in the import options so that we can extend this check later to image ingest. The format_inspector can tell us what the type and subtype is, and we could reject those images early and even in the case where image_conversion is not enabled.

Patch

File delta

Description

sql_conn registry.patch | (download)

etc/glance-api.conf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fixes default connection in glance-registry.conf & glance-api.conf

missing files.patch | (download)

MANIFEST.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 package missing files

cve 2022 47951 glance stable victoria.patch | (download)

glance/async_/flows/plugins/image_conversion.py | 23 23 + 0 - 0 !
glance/common/config.py | 12 12 + 0 - 0 !
glance/tests/unit/async_/flows/plugins/test_image_conversion.py | 62 62 + 0 - 0 !
3 files changed, 97 insertions(+)

 cve-2022-47951: enforce image safety during image_conversion
 This does two things:
 .
 1. It makes us check that the QCOW backing_file is unset on those
 types of images. Nova and Cinder do this already to prevent an
 arbitrary (and trivial to accomplish) host file exposure exploit.
 2. It makes us restrict VMDK files to only allowed subtypes. These
 files can name arbitrary files on disk as extents, providing the
 same sort of attack. Default that list to just the types we believe
 are actually useful for openstack, and which are monolithic.
 .
 The configuration option to specify allowed subtypes is added in
 glance's config and not in the import options so that we can extend
 this check later to image ingest. The format_inspector can tell us
 what the type and subtype is, and we could reject those images early
 and even in the case where image_conversion is not enabled.