Explore top 10 tips to secure your open-source projects now. Read More
×
Cinder could be made to access unintended files over the network by an
authenticated user.
Software Description:
- cinder: OpenStack storage service
Details:
Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: python-cinder 1:2015.1.0-0ubuntu1.1 After a standard system update you need to restart cinder to make all the necessary changes.
https://ubuntu.com/security/notices/USN-2703-1
CVE-2015-1851
Get the latest Linux and open source security news straight to your inbox.