Debian Patches
Status for glance/2:25.1.0-2+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2024-32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch | Limit CaptureRegion sizes in format_inspector for VMDK and VHDX VMDK: When parsing a VMDK file to calculate its size, the format_inspector determines the location of the Descriptor section by reading two uint64 from the headers of the file and uses them to create the descriptor CaptureRegion. . It would be possible to craft a VMDK file that commands the format_inspector to create a very big CaptureRegion, thus exhausting resources on the glance-api process. . This patch binds the beginning of the descriptor to 0x200 and limits the size of the CaptureRegion to 1MB, similar to how the VMDK descriptor is parsed by qemu. . VHDX: It is a bit more involved, but similar: when looking for the VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an unbounded CaptureRegion. . In the same way as it seems to be done in Qemu, we now limit the upper bound of this CaptureRegion. diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index 351c300..550ccea 100755 |
Guillaume Espanel <guillaume.espanel.ext@ovhcloud.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/872990 | 2024-06-21 |
| CVE-2024-32498_2_Support_Stream_Optimized_VMDKs.patch | Support Stream Optimized VMDKs Stream optimized VMDKs are also monolithic disks images, and start with the same sparse extend header as normal monolithic sparse files, so we can parse the virtual disk size in the same manner. . See "VMware Virtual Disks Virtual Disk Format 1.1" p. 17. > Header and Footer > The header and the footer are both described by the same SparseExtentHeader > structure shown in Hosted Sparse Extent Header on page 8. diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index 550ccea..d9576f1 100755 |
Fabian Wiesel <fabian.wiesel@sap.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/921300 | 2024-06-21 |
| CVE-2024-32498_3_1_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 1/7] Reject qcow files with data-file attributes diff --git a/glance/async_/flows/base_import.py b/glance/async_/flows/base_import.py index e6bb526b4..c0e2b7283 100644 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923277 | 2024-06-30 |
| CVE-2024-32498_3_2_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 2/7] Extend format_inspector for QCOW safety This adds two properties to the QcowInspector that makes it able to indicate whether the file specifies a backing_file or data_file in the header. Both conditions are considered unsafe for our usage. To ease checking of this condition, a classmethod is added that takes a local filename and digests just enough of the file to assert that both conditions are false. diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index d9576f1f8..32f048c3f 100755 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923260 | 2024-06-30 |
| CVE-2024-32498_3_3_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 3/7] Add VMDK safety check This makes us check the extent filenames to make sure they don't have any banned characters in them (i.e. slashes). It also makes us reject VMDK files with a footer. Since we process these files as a stream, we can't honor a footer that directs us to find the descriptor block in a location we've already processed. Thus, if a file indicates it has a footer, consider it a policy exception and unsupported. diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index 32f048c3f..a11ff1a5e 100755 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923279 | 2024-06-30 |
| CVE-2024-32498_3_4_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 4/7] Reject unsafe qcow and vmdk files This causes us to use the format inspector to pre-examine qcow and vmdk files for safe configurations before even using qemu-img on them. diff --git a/glance/async_/flows/plugins/image_conversion.py b/glance/async_/flows/plugins/image_conversion.py index 4a9f754dc..6f5199c82 100644 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923280 | 2024-06-30 |
| CVE-2024-32498_3_5_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 5/7] Add QED format detection to format_inspector This merely recognizes this format and always marks it as unsafe because no service supports it. This prevents someone from uploading one that we will ask qemu-img to inspect. diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index a11ff1a5e..4d5e4fa45 100755 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923281 | 2024-06-30 |
| CVE-2024-32498_3_6_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 6/7] Add file format detection to format_inspector diff --git a/glance/common/format_inspector.py b/glance/common/format_inspector.py index 4d5e4fa45..65502d889 100755 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923282 | 2024-06-30 |
| CVE-2024-32498_3_7_glance-stable-2023.1.patch | CVE-2024-32498: [PATCH 7/7] Add safety check and detection support to FI tool This adds a safety check and detection mechanism to the tools/test_format_inspector.py utility for verifying those features outside of glance. diff --git a/tools/test_format_inspector.py b/tools/test_format_inspector.py index aa554386e..63e23210c 100755 |
Dan Smith <dansmith@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/glance/+/923283 | 2024-06-30 |
| missing-files.patch | package missing files | Thomas Goirand <zigo@debian.org> | not-needed | 2017-10-08 | ||
| sql_conn-registry.patch | Fixes default connection in glance-registry.conf & glance-api.conf =================================================================== |
Thomas Goirand <zigo@debian.org> | no | 2014-04-15 |
Showing 1 to 11 of 11 entries
All known versions for source package 'glance'
- 2:30.0.0-1 (sid, trixie)
- 2:25.1.0-2+deb12u1 (bookworm-security, bookworm)
- 2:21.1.0-1+deb11u2 (bullseye-security)
- 2:21.0.0-2+deb11u1 (bullseye)