-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5755-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 21, 2024                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glance
CVE ID         : CVE-2024-32498

Martin Kaesberger discovered a vulnerability which affects multiple
OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk
images may result in the disclosure of arbitrary files.

For the stable distribution (bookworm), this problem has been fixed in
version 2:25.1.0-2+deb12u1.

We recommend that you upgrade your glance packages.

For the detailed security status of glance please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glance

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbFyK8ACgkQEMKTtsN8
Tjbtpg/+KwvaFrxrDWSY/I7oLjnaTvwZogk4GSJHtmtsyG5e6vcWMYoj88gDZfv7
1uzhyl8kGqyDfraD3AlyfqPbERNz1JwnS3EEHJd613Zw+4cwPbottJtvYHGhaJNd
pkv1YZ6M4iJKzD33x8vTWftLXKOqMApj8se7Ip6Gr0ElroN7PXQr2T5dqZMTV4K6
IdgSCZ588CmmzGzANjMUbBtcQlqAuL2ZWhkDIUY5qapuyU2M/MrzoCYV9mAN4cme
79bDhkrDC5/zRV+MjdrTwiuKhR96o5jjLbYQi3jlHWG1HmLdnu3M+dcqAPbQitlw
XF2DMyBDqgk6B1h+w0oV2qDApCtGxG3Vjh4AvBTQXPLJOq6NSXccwKGIGntWnlZa
UPu6zwAlsBjxectHvu4t9Zy21TcXjEA/FHNZaZpSzd7b7ORXcT5+E1h+qgbmKT2R
sJTKwuqe0ag8FQGC1ZhEOoaczBCzMxjUoNympLmNc5pDOLA+Ih9ZUSB2k7I+S5aM
QekyIZplbIYXERJWbbjcyFra62V5LZetEUN3D6DDiUfqR5JdpqysF2n0bp9qnKmY
zU8KKgaTpCZS6B2vmuespx8a23YNKk2X/UQ6xkqB6BVKFMmn1RJYgQZHZbsg2JqA
uhgMliFibXBtSKm7UQOvbZVKn4fAZZL72grJtUNYdhRjuASBy+M=
=26RN
-----END PGP SIGNATURE-----