Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mistral
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mistral
ID: USN-7465-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
Datum: Mo, 28. April 2025, 23:56
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16849
Applikationen: Mistral

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1904432887930958177==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------y67gHqnTLMimmW7YRrtYHrLv"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------y67gHqnTLMimmW7YRrtYHrLv
Content-Type: multipart/mixed;
 boundary="------------tNQq8IG05BCCrW1HBhu0YkSk";
 protected-headers="v1"
From: Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <e43d371d-251a-40c1-8382-90dd24b18497@canonical.com>
Subject: [USN-7465-1] Mistral vulnerabilities

--------------tNQq8IG05BCCrW1HBhu0YkSk
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7465-1
April 28, 2025

mistral, python-mistral-lib vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Mistral.

Software Description:
- mistral: OpenStack Workflow service - API
- python-mistral-lib: Mistral shared routines and utilities

Details:

It was discovered that Mistral incorrectly handled nested anchors in YAML
files. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16848)

Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH
private key filename commands. An attacker could possibly use this issue to
expose sensitive information. (CVE-2018-16849)

It was discovered that Mistral incorrectly handled the permissions of
sensitive log files. An attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-3866)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
   mistral-api                     6.0.0-0ubuntu1.1+esm1
                                   Available with Ubuntu Pro
   python-mistral                  6.0.0-0ubuntu1.1+esm1
                                   Available with Ubuntu Pro
   python-mistral-lib              0.4.0-0ubuntu1+esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   mistral-api                     2.0.0-1ubuntu2+esm1
                                   Available with Ubuntu Pro
   python-mistral                  2.0.0-1ubuntu2+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7465-1
   CVE-2018-16848, CVE-2018-16849, CVE-2019-3866

--------------tNQq8IG05BCCrW1HBhu0YkSk--

--------------y67gHqnTLMimmW7YRrtYHrLv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmgPvRUFAwAAAAAACgkQyfW2m9Ldu6vu
Cw/9F4bOOMXnJ6XGF1Xs+cNtQ+vZP+DqIZZHBQ0UOxtTBvGh8PfX8ILdpNXqpxCKFuyIg3WDSygY
TciRg3op/q5HaHA6uEabSjJ82zufx012gecw+Xsz/EqDZIraLxs5ee1EiKCtkAWhRZ9Z+nuTuyRN
krtthkhBDwpnhQJBScMCuCxUGdwFOqKCecoPdI8qiSQDtso70Iyr39AIVPMY5eI8kVovHmLQQyhU
7tfM72oKxV1B5OQZK9g57fPeHUGhe5jdIL3EDZZHsKGBdYYvwj6C9mwy/rzpYVLh4/rX1Ro3PfE7
pHdNV3+dTYjZOSEzYpxVwTZsiQErwMmusAXN7TzfPunNIkc8YmAQcZYWqX7zo32HTj9E37Vsm1Sn
73cSX/WSedOBQFkEl2W8nEyeiwbd6lKRG1bGzX2TIPzPQufqZav5zOpEVKN/U0IjNdJEEpb/C+cl
ZPOy3J07UtJD28HTXr+3BUMZSXqvUAW9Ho8FNKacnIj0e8N5fKKlyJzUuWFE9oCYc+p1VcbYHaP8
UJMyy1zwR1I6kD0k6/CP4pC/fJ3w/Lkrir7IEMHQf3mX0OirgAdtwfrvvzXVRT2/UluH1O+BUFTH
oJS+qCATDfgP+dBv3KUgd6JGb7ayhxbezMRUOMOHXcI2Ee7gchAxfu2UQuLlGI6EXt2QRcpXSeUK
fao=
=DcpX
-----END PGP SIGNATURE-----

--------------y67gHqnTLMimmW7YRrtYHrLv--


--===============1904432887930958177==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1904432887930958177==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung