Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 LTS: USN-6882-1 Critical: Cinder File Access Issue

ubuntu
Calendar Grey July 8, 2024
Dist Ubuntu Esm H88
A critical exposure in Cinder permits unauthorized file access via the network. Ensure your systems are updated to mitigate this issue.
Cinder would allow unintended access to files over the network.

Summary

Cinder would allow unintended access to files over the network.

Software Description:

- cinder: OpenStack storage service

Details:

Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image

processing. An authenticated user could use this issue to access arbitrary

files on the server, possibly exposing sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   python3-cinder                  2:24.0.0-0ubuntu1.2

Ubuntu 23.10
   python3-cinder                  2:23.0.0-0ubuntu1.4

Ubuntu 22.04 LTS
   python3-cinder                  2:20.3.1-0ubuntu1.4

Ubuntu 20.04 LTS
   python3-cinder                  2:16.4.2-0ubuntu2.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6882-1

CVE-2024-32498

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6882-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here