MEDIUM 5.5

PYSEC-2017-143

상세

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / glance

최초 영향 버전: 0

No fixed version published yet for glance (pip). Pin to a known-safe version or switch to an alternative.

참고

https://wiki.openstack.org/wiki/OSSN/OSSN-0061 [WEB]
https://bugs.launchpad.net/glance/+bug/1516031 [WEB]
http://seclists.org/oss-sec/2015/q4/303 [WEB]