Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in Cinder
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in Cinder
ID: USN-4420-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Datum: Mi, 8. Juli 2020, 19:26
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755
Applikationen: Cinder

Originalnachricht


--===============3185928443075288419==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4420-1
July 07, 2020

cinder, python-os-brick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Cinder and os-brick could be made to expose sensitive information.

Software Description:
- cinder: OpenStack storage service
- python-os-brick: Library for managing local volume attaches

Details:

David Hill and Eric Harney discovered that Cinder and os-brick incorrectly
handled ScaleIO backend credentials. An attacker could possibly use this issue
to
expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
python3-cinder 2:16.1.0-0ubuntu1
python3-os-brick 3.0.1-0ubuntu1.2

Ubuntu 18.04 LTS:
python-cinder 2:12.0.9-0ubuntu1.2
python-os-brick 2.3.0-0ubuntu1.2
python3-os-brick 2.3.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4420-1
CVE-2020-10755

Package Information:
https://launchpad.net/ubuntu/+source/cinder/2:16.1.0-0ubuntu1
https://launchpad.net/ubuntu/+source/python-os-brick/3.0.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/cinder/2:12.0.9-0ubuntu1.2
https://launchpad.net/ubuntu/+source/python-os-brick/2.3.0-0ubuntu1.2

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8El5cACgkQRbznW4QL
H2nNSQ//SwHjWJhjjuGj6KG+zg0MoMIyzlVTV+8JcxYDkOYjUojtc1GKA1y0mUeH
hDTWGy8xZ+D+b/IHL3x/FIuSFXLG/Xl4ZyYxc+yqP8Ojeq+EvO3jfRq6SxswNIBv
heuCo4LXT1lkSMEW1o3cnxCwZ4k2Y615u3nn50RP1V9nJffZzAW93j1i3pq3PUXG
2chSSXWmDyObvunf99XUIEmxEU023YB8abtVWmCuZSw2xkT3y/ux1iiNzy+dyyqG
4qoJspaTyNdkyF8XYPHdTmdt3E7mvrI7OAvcfnygw5wUImHxKSN+kIQYT+Xgc/81
t+K18feLIy6b7sKzNiRDWBffRFzGcrTpr7XWj+3In/g7qWszCQe+FCbMrxk9kjyf
F/fKc+w4+7IghDP4k9sd2Lp+OKuhXoWnT4ALEQeB/BpbAzYFVi2+FGaFJB4LLlxI
piDOld/PmuG9R2D5NWW53ky+ZDiRxRFZ/j+hPU2Kirjy9AFjr5Qrja3GQXefDEYm
6ViVePCmdIjOVovUy+78GA10Vcbewe6kCSj0SQyRnIXn812SXVQ9kgcjvYxLd3dW
CFgLkprU7s6hAIAlMsnXTKWbBVN/zsCAPSVLuTuXS+K3djJs/yZsXZl9OnD4Qllj
y1akQR6fHiO0tw1OpjPcOj2wiePEB43n8NUBFYdNma+4jDtDPJo=
=8RcL
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--


--===============3185928443075288419==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung