========================================================================== Ubuntu Security Notice USN-6073-6 May 23, 2023 cinder regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: USN-6073-1 introduced a regression in Cinder. Software Description: - cinder: OpenStack storage service Details: USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see the upstream advisory for more information: https://security.openstack.org/ossa/OSSA-2023-003.html Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-cinder 2:22.0.0-0ubuntu1.2 Ubuntu 22.10: python3-cinder 2:21.1.0-0ubuntu2.2 Ubuntu 22.04 LTS: python3-cinder 2:20.1.0-0ubuntu2.2 Ubuntu 20.04 LTS: python3-cinder 2:16.4.2-0ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6073-6 https://ubuntu.com/security/notices/USN-6073-1 https://launchpad.net/bugs/2020111 Package Information: https://launchpad.net/ubuntu/+source/cinder/2:22.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cinder/2:21.1.0-0ubuntu2.2 https://launchpad.net/ubuntu/+source/cinder/2:20.1.0-0ubuntu2.2 https://launchpad.net/ubuntu/+source/cinder/2:16.4.2-0ubuntu2.4
Ubuntu 6073-6: Cinder regression
May 23, 2023
USN-6073-1 introduced a regression in Cinder.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: USN-6073-1 introduced a regression in Cinder. Software Description: - cinder: OpenStack storage service Details: USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see the upstream advisory for more information: https://security.openstack.org/ossa/OSSA-2023-003.html
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-cinder 2:22.0.0-0ubuntu1.2 Ubuntu 22.10: python3-cinder 2:21.1.0-0ubuntu2.2 Ubuntu 22.04 LTS: python3-cinder 2:20.1.0-0ubuntu2.2 Ubuntu 20.04 LTS: python3-cinder 2:16.4.2-0ubuntu2.4 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6073-6
https://ubuntu.com/security/notices/USN-6073-1
https://launchpad.net/bugs/2020111
Severity
Ubuntu Security Notice USN-6073-6
Package Information
https://launchpad.net/ubuntu/+source/cinder/2:22.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cinder/2:21.1.0-0ubuntu2.2 https://launchpad.net/ubuntu/+source/cinder/2:20.1.0-0ubuntu2.2 https://launchpad.net/ubuntu/+source/cinder/2:16.4.2-0ubuntu2.4
News
HOWTOs
About Us
Powered By
