MEDIUM 5.5

PYSEC-2017-143

Details

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / glance

Introduced in: 0

No fixed version published yet for glance (pip). Pin to a known-safe version or switch to an alternative.

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0061 [WEB]
https://bugs.launchpad.net/glance/+bug/1516031 [WEB]
http://seclists.org/oss-sec/2015/q4/303 [WEB]