Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 12.10 USN-2208-1: Risks from Cinder Network Exposure Threats

Calendar May 06, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory Ubuntu network exposure OpenStack cinder
OpenStack Cinder could be made to expose sensitive information over the network. 

=========================================================================Ubuntu Security Notice USN-2208-1
May 06, 2014

cinder vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

OpenStack Cinder could be made to expose sensitive information over the
network.

Software Description:
- cinder: OpenStack storage service

Details:

JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce
SSL connections when Nova was configured to use QPid and qpid_protocol is
set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle
attack, this flaw could be exploited to view sensitive information. Ubuntu
does not use QPid with Nova by default.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  python-cinder                   2012.2.4-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2208-1
  CVE-2013-6491

Package Information:
  https://launchpad.net/ubuntu/+source/cinder/2012.2.4-0ubuntu1.1

Ubuntu 12.10 USN-2208-1: Risks from Cinder Network Exposure Threats

ubuntu
Calendar Grey May 6, 2014
Dist Ubuntu Esm H88
A security flaw in OpenStack Cinder reveals confidential information through network transmission. Apply the patch to address this vulnerability in Ubuntu 12.10.
OpenStack Cinder could be made to expose sensitive information over the network.

Summary

Topics%20covered

Topics Covered

security advisory Ubuntu network exposure OpenStack cinder

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: python-cinder 2012.2.4-0ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2208-1

CVE-2013-6491

Severity
important
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2208-1

Topics%20covered

Topics Covered

security advisory Ubuntu network exposure OpenStack cinder

Package Information

https://launchpad.net/ubuntu/+source/cinder/2012.2.4-0ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here