Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Ubuntu 15.04 USN-2703-1 Critical: Cinder Network File Access

Calendar Aug 06, 2015 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory ubuntu network access file exposure cinder
Cinder could be made to access unintended files over the network by anauthenticated user. 
=========================================================================Ubuntu Security Notice USN-2703-1
August 06, 2015

cinder vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04

Summary:

Cinder could be made to access unintended files over the network by an
authenticated user.

Software Description:
- cinder: OpenStack storage service

Details:

Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python-cinder                   1:2015.1.0-0ubuntu1.1

After a standard system update you need to restart cinder to make all the
necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2703-1
  CVE-2015-1851

Package Information:
  https://launchpad.net/ubuntu/+source/cinder/1:2015.1.0-0ubuntu1.1

Ubuntu 15.04 USN-2703-1 Critical: Cinder Network File Access

ubuntu
Calendar Grey August 6, 2015
Dist Ubuntu Esm H88
The Cinder flaw grants logged-in users the capability to reach restricted files via the network in Ubuntu 15.04.
Cinder could be made to access unintended files over the network by anauthenticated user.

Summary

Topics%20covered

Topics Covered

security advisory ubuntu network access file exposure cinder

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: python-cinder 1:2015.1.0-0ubuntu1.1 After a standard system update you need to restart cinder to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2703-1

CVE-2015-1851

Severity
critical
Lowest
Low
Medium
High
Critical

August 06, 2015

Topics%20covered

Topics Covered

security advisory ubuntu network access file exposure cinder

Package Information

https://launchpad.net/ubuntu/+source/cinder/1:2015.1.0-0ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here