Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 4420-1 Moderate: Cinder and Os-Brick Sensitive Data Exposure

ubuntu
Calendar Grey July 7, 2020
Dist Ubuntu Esm H88
Ensure your Ubuntu 20.04 and 18.04 LTS installations are updated promptly to mitigate vulnerabilities in cinder and os-brick, which could risk exposing confidential information.
Cinder and os-brick could be made to expose sensitive information.

Summary

Cinder and os-brick could be made to expose sensitive information.

Software Description:

- cinder: OpenStack storage service

- python-os-brick: Library for managing local volume attaches

Details:

David Hill and Eric Harney discovered that Cinder and os-brick incorrectly

handled ScaleIO backend credentials. An attacker could possibly use this issue to

expose sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  python3-cinder                  2:16.1.0-0ubuntu1
  python3-os-brick                3.0.1-0ubuntu1.2

Ubuntu 18.04 LTS:
  python-cinder                   2:12.0.9-0ubuntu1.2
  python-os-brick                 2.3.0-0ubuntu1.2
  python3-os-brick                2.3.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4420-1

CVE-2020-10755

Severity
important
Lowest
Low
Medium
High
Critical

July 07, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here