1. Ubuntu Security Notices
  2. USN-8199-1

USN-8199-1: OpenStack Glance vulnerabilities

Publication date

22 April 2026

Overview

Several security issues were fixed in OpenStack Glance.

Releases

Packages

  • glance - OpenStack Image Registry and Delivery Service

Details

Martin Kaesberger discovered that OpenStack Glance's image processing could
return the contents of arbitrary files. An attacker could possibly use this
issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2024-32498)

Hyeongeun Ji and Abhishek Kekane discovered several server-side request
forgery vulnerabilities in OpenStack Glance's image import. An attacker
could possibly use this issue to bypass URL validation checks and redirect
to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2026-34881)

Martin Kaesberger discovered that OpenStack Glance's image processing could
return the contents of arbitrary files. An attacker could possibly use this
issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2024-32498)

Hyeongeun Ji and Abhishek Kekane discovered several server-side request
forgery vulnerabilities in OpenStack Glance's image import. An attacker
could possibly use this issue to bypass URL validation checks and redirect
to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2026-34881)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 LTS focal glance –  2:20.2.0-0ubuntu1.2+esm2  
glance-api –  2:20.2.0-0ubuntu1.2+esm2  
glance-common –  2:20.2.0-0ubuntu1.2+esm2  
python3-glance –  2:20.2.0-0ubuntu1.2+esm2  
18.04 LTS bionic glance –  2:16.0.1-0ubuntu1.1+esm2  
glance-api –  2:16.0.1-0ubuntu1.1+esm2  
glance-common –  2:16.0.1-0ubuntu1.1+esm2  
glance-registry –  2:16.0.1-0ubuntu1.1+esm2  
python-glance –  2:16.0.1-0ubuntu1.1+esm2  
16.04 LTS xenial glance –  2:12.0.0-0ubuntu2+esm1  
glance-api –  2:12.0.0-0ubuntu2+esm1  
glance-common –  2:12.0.0-0ubuntu2+esm1  
glance-glare –  2:12.0.0-0ubuntu2+esm1  
glance-registry –  2:12.0.0-0ubuntu2+esm1  
python-glance –  2:12.0.0-0ubuntu2+esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›