========================================================================== Ubuntu Security Notice USN-5835-4 February 09, 2023
cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Cinder could be made to expose sensitive information. Software Description: - cinder: OpenStack storage service Details: USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3-cinder 2:16.4.2-0ubuntu2.2 Ubuntu 18.04 LTS: python-cinder 2:12.0.10-0ubuntu2.2 After a standard system update you need to restart Cinder to make all the References: https://ubuntu.com/security/notices/USN-5835-4 https://ubuntu.com/security/notices/USN-5835-1 CVE-2022-47951 Package Information: https://launchpad.net/ubuntu/+source/cinder/2:16.4.2-0ubuntu2.2 https://launchpad.net/ubuntu/+source/cinder/2:12.0.10-0ubuntu2.2
OpenPGP_signature
Description: OpenPGP digital signature
