Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 14.04 LTS USN-2248-1 Moderate: Cinder Privilege Escalation

Calendar Jun 18, 2014 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate privilege escalation Ubuntu administrative access cinder
OpenStack Cinder could be made to run programs as an administrator under certain conditions. 

=========================================================================Ubuntu Security Notice USN-2248-1
June 18, 2014

cinder vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 13.10

Summary:

OpenStack Cinder could be made to run programs as an administrator under
certain conditions.

Software Description:
- cinder: OpenStack storage service

Details:

Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Cinder, this vulnerability could be used to escalate
privileges. (CVE-2013-1068)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  python-cinder                   1:2014.1-0ubuntu1.1

Ubuntu 13.10:
  python-cinder                   1:2013.2.3-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2248-1
  CVE-2013-1068

Package Information:
  https://launchpad.net/ubuntu/+source/cinder/1:2014.1-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/cinder/1:2013.2.3-0ubuntu1.1

Ubuntu 14.04 LTS USN-2248-1 Moderate: Cinder Privilege Escalation

ubuntu
Calendar Grey June 18, 2014
Dist Ubuntu Esm H88
A patch has been released to fix a vulnerability in OpenStack Cinder that allowed unauthorized program execution as an admin on select Ubuntu versions, enhancing security.
OpenStack Cinder could be made to run programs as an administrator under certain conditions.

Summary

Topics%20covered

Topics Covered

security advisory moderate privilege escalation Ubuntu administrative access cinder

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: python-cinder 1:2014.1-0ubuntu1.1 Ubuntu 13.10: python-cinder 1:2013.2.3-0ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2248-1

CVE-2013-1068

Severity
important
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-2248-1

Topics%20covered

Topics Covered

security advisory moderate privilege escalation Ubuntu administrative access cinder

Package Information

https://launchpad.net/ubuntu/+source/cinder/1:2014.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/cinder/1:2013.2.3-0ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here