========================================================================== Ubuntu Security Notice USN-7465-1 April 28, 2025
mistral, python-mistral-lib vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Mistral. Software Description: - mistral: OpenStack Workflow service - API - python-mistral-lib: Mistral shared routines and utilities Details: It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16848) Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH private key filename commands. An attacker could possibly use this issue to expose sensitive information. (CVE-2018-16849) It was discovered that Mistral incorrectly handled the permissions of sensitive log files. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3866) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mistral-api 6.0.0-0ubuntu1.1+esm1 Available with Ubuntu Pro python-mistral 6.0.0-0ubuntu1.1+esm1 Available with Ubuntu Pro python-mistral-lib 0.4.0-0ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS mistral-api 2.0.0-1ubuntu2+esm1 Available with Ubuntu Pro python-mistral 2.0.0-1ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7465-1 CVE-2018-16848, CVE-2018-16849, CVE-2019-3866
OpenPGP_signature.asc
Description: OpenPGP digital signature
