Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Cinder
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Cinder
ID: USN-2005-1
Distribution: Ubuntu
Plattformen: Ubuntu 13.04
Datum: Do, 24. Oktober 2013, 06:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4202
Applikationen: Cinder

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7864883491264246798==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="hASUGxnAdVgwiN5jHP5njCrEum5wpFqTI"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--hASUGxnAdVgwiN5jHP5njCrEum5wpFqTI
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable


==========================================================================
Ubuntu Security Notice USN-2005-1
October 23, 2013

cinder vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04

Summary:

Cinder could be made to crash or expose sensitive information.

Software Description:
- cinder: OpenStack storage service

Details:

Rongze Zhu discovered that the Cinder LVM driver did not zero out data
when deleting snapshots. This could expose sensitive information to
authenticated users when subsequent servers use the volume. (CVE-2013-4183)

Grant Murphy discovered that Cinder would allow XML entity processing. A
remote unauthenticated attacker could exploit this using the Cinder API to
cause a denial of service via resource exhaustion. (CVE-2013-4179,
CVE-2013-4202)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
python-cinder 1:2013.1.3-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2005-1
CVE-2013-4179, CVE-2013-4183, CVE-2013-4202

Package Information:
https://launchpad.net/ubuntu/+source/cinder/1:2013.1.3-0ubuntu2.1





--hASUGxnAdVgwiN5jHP5njCrEum5wpFqTI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSaDWdAAoJEFHb3FjMVZVzsBoQAIkhh7kVtdynWseLbdQsp8SK
rqzma/a2iJRxe/hIX2UnbGzenf4iUEHzhuKHR3EOnR3nTc1ta3DfMcTTad9jS2GR
zDrenXc4ab/gibwUCcCcU6sMX40oQMFtQYV9JDOfieQevSmYEDgUopOUnqNu0CnQ
+GFXk+FIwffn0EneImkh2mlxJu5qDSMJAeR9GPhOy3J2ZCIzsbApxDt3uz+nW4ip
+x/5FgumMho1O+u2CSNX7RNEOKJ7zJhLmjll1sSd+yWX2uWVxzkgVxJNuiHHiUMc
8tlsemWy9sLIW6xPGEoXXy7DLPF7EbF2s8S/TQx0ia78K9EStPj1sYcu741xDBSn
U6YrA0CYpzVd5P09Z5IJys2/OoiPawu8E6ad0cLzVBdnMS1W6xgAR3xyq6BEmvtp
V3Wa3VYiE3gXwyl+uPAcS2tlTl553EJ1DzoLX8Wyzt6jrQ0CTH9fgH+kHik+tBaM
XUmfmeLIkkf0xhgRlDQU0s08feRLpzWduWc8WjmA2rVkRpLEED949iuGp+D/ZIub
7hkUuS8T2Yz3THR383hJ0pYG9fFaS6IH5tz3auBwfsjtkcCUiuJjcbXIIo6vC72G
VA70YrPWJhYZoWt9ndLIIBEsOGOUQVGKdNYOIpkpqodRL/IjoyrA87pbSQz2zqqP
Kz2OyT4RQfPNt+MvDU3H
=gxjI
-----END PGP SIGNATURE-----

--hASUGxnAdVgwiN5jHP5njCrEum5wpFqTI--


--===============7864883491264246798==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7864883491264246798==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung