Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.10 USN-5835-1 Moderate: Cinder Information Exposure

ubuntu
Calendar Grey January 31, 2023
Dist Ubuntu Esm H88
A flaw in Cinder on Ubuntu may allow unauthorized access to confidential data. Ensure you update immediately to protect your system.
Cinder could be made to expose sensitive information.

Summary

Cinder could be made to expose sensitive information.

Software Description:

- cinder: OpenStack storage service

Details:

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou

discovered that Cinder incorrectly handled VMDK image processing. An

authenticated attacker could possibly supply a specially crafted VMDK flat

image and obtain arbitrary files from the server containing sensitive

information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   python3-cinder                  2:21.1.0-0ubuntu1

Ubuntu 22.04 LTS:
   python3-cinder                  2:20.1.0-0ubuntu1

Ubuntu 20.04 LTS:
   python3-cinder                  2:16.4.2-0ubuntu2.1

After a standard system update you need to restart Cinder to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-5835-1

CVE-2022-47951

January 31, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here