Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 LTS USN-5835-4 Critical: Cinder Information Exposure

ubuntu
Calendar Grey February 9, 2023
Dist Ubuntu Esm H88
Serious Cinder flaw reveals confidential data. Patch your Ubuntu installations promptly to resolve concerns linked to USN-5835-4.
Cinder could be made to expose sensitive information.

Summary

Cinder could be made to expose sensitive information.

Software Description:

- cinder: OpenStack storage service

Details:

USN-5835-1 fixed vulnerabilities in Cinder. This update provides the

corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was

fixed for Ubuntu 20.04 LTS.

Original advisory details:

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou

discovered that Cinder incorrectly handled VMDK image processing. An

authenticated attacker could possibly supply a specially crafted VMDK flat

image and obtain arbitrary files from the server containing sensitive

information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   python3-cinder                  2:16.4.2-0ubuntu2.2

Ubuntu 18.04 LTS:
   python-cinder                   2:12.0.10-0ubuntu2.2

After a standard system update you need to restart Cinder to make all the

References

https://ubuntu.com/security/notices/USN-5835-4

https://ubuntu.com/security/notices/USN-5835-1

CVE-2022-47951

Severity
critical
Lowest
Low
Medium
High
Critical

February 09, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here