Candidate: CVE-2015-8234
PublicDate: 2017-03-29 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8234
 https://wiki.openstack.org/wiki/OSSN/OSSN-0061
 https://review.openstack.org/#/c/252462/
Description:
 The image signature algorithm in OpenStack Glance 11.0.0 allows remote
 attackers to bypass the signature verification process via a crafted image,
 which triggers an MD5 collision.
Ubuntu-Description:
Notes:
 mdeslaur> signatures introduced in 11.x
Bugs:
 https://bugs.launchpad.net/glance/+bug/1516031
Priority: low
Discovered-by: Daniel P. Berrange
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N [5.5 MEDIUM]

Patches_glance:
 upstream: https://review.openstack.org/gitweb?p=openstack/glance.git;a=commitdiff;h=09a0acefc7d27b85e7145611a3852bcf0765f769
upstream_glance: needs-triage
precise_glance: not-affected (code not present)
trusty_glance: not-affected (code not present)
trusty/esm_glance: DNE (trusty was not-affected [code not present])
vivid_glance: not-affected (code not present)
vivid/stable-phone-overlay_glance: DNE
vivid/ubuntu-core_glance: DNE
wily_glance: ignored (reached end-of-life)
xenial_glance: not-affected (2:12.0.0-0ubuntu2)
esm-infra/xenial_glance: not-affected (2:12.0.0-0ubuntu2)
devel_glance: not-affected (2:12.0.0-0ubuntu2)