Lucene search
UbuntuUSN-6073-6HistoryMay 23, 2023 - 12:00 a.m.
Cinder regression
2023-05-2300:00:00
ubuntu.com
23
7.3 High
AI Score
Confidence
Low
Releases
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- cinder - OpenStack storage service
Details
USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update
introduced a regression with detaching volumes. The security fix has been
removed pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.04 | noarch | python3-cinder | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.04 | noarch | cinder-api | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.04 | noarch | cinder-backup | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.04 | noarch | cinder-common | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.04 | noarch | cinder-scheduler | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.04 | noarch | cinder-volume | < 2:22.0.0-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | python3-cinder | < 2:21.1.0-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | cinder-api | < 2:21.1.0-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | cinder-backup | < 2:21.1.0-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 22.10 | noarch | cinder-common | < 2:21.1.0-0ubuntu2.2 | UNKNOWN |
References
7.3 High
AI Score
Confidence
Low