(RHSA-2015:1206) Important: openstack-cinder security and bug fix update

ID RHSA-2015:1206
Type redhat
Reporter RedHat
Modified 2018-06-07T02:48:00


OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API.

A flaw was found in the cinder upload-to-image functionality. When processing a malicious qcow2 header cinder could be tricked into reading an arbitrary file from the cinder host. (CVE-2015-1851)

All users of openstack-cinder are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the cinder running services will be restarted automatically.