CVE-2015-5162 glance


2017-12-30 18:03
CVE-2015-5162 nova
CVE-2015-5162 cinder
2017-12-29 23:01
2017-12-29 21:04
2017-11-10 05:03
2017-08-20 17:03
2017-06-18 07:04
2017-06-16 19:15
2017-04-01 19:11
2017-01-05 20:16


The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster glance 2:12.0.0-1
jessie glance None
sid glance 2:12.0.0-1
stretch glance 2:12.0.0-1
wheezy glance None  EOL