Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 15.04 USN-2703-1 Critical: Cinder Network File Access

ubuntu
Calendar Grey August 6, 2015
Scroller Ubuntu
The Cinder flaw grants logged-in users the capability to reach restricted files via the network in Ubuntu 15.04.
Cinder could be made to access unintended files over the network by anauthenticated user.

Summary

Cinder could be made to access unintended files over the network by an

authenticated user.

Software Description:

- cinder: OpenStack storage service

Details:

Bastian Blank discovered that Cinder guessed image formats based on

untrusted data. An attacker could use this to read arbitrary files from

the Cinder host.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  python-cinder                   1:2015.1.0-0ubuntu1.1

After a standard system update you need to restart cinder to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-2703-1

CVE-2015-1851

Severity
critical
Lowest
Low
Medium
High
Critical

August 06, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.