2015-12-31
ALT-BU-2015-2839-2
Branch sisyphus update bulletin.
Package kf5-kscreenlocker updated to version 5.5.2-alt2 for branch sisyphus in task 155529.
Closed bugs
Lock screen doesn't work
Package openstack-glance updated to version 11.0.1-alt1 for branch sisyphus in task 155531.
Closed vulnerabilities
Published: 2017-03-29
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-8234
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: MEDIUM (5.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2022-05-17
Modified: 2024-11-22
Modified: 2024-11-22
GHSA-wmhw-fvg9-87fc
OpenStack Glance Signature Verification Bypass
Severity: MEDIUM (5.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-8234
- https://bugs.launchpad.net/glance/+bug/1516031
- https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2017-143.yaml
- https://seclists.org/oss-sec/2015/q4/303
- https://wiki.openstack.org/wiki/OSSN/OSSN-0061
- http://seclists.org/oss-sec/2015/q4/303