Preisgabe von Informationen in Cinder
ID: | USN-4420-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 18.04 LTS, Ubuntu 20.04 LTS |
Datum: | Mi, 8. Juli 2020, 19:26 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755 |
Applikationen: | Cinder |
Originalnachricht |
|
--===============3185928443075288419== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4420-1 July 07, 2020 cinder, python-os-brick vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Cinder and os-brick could be made to expose sensitive information. Software Description: - cinder: OpenStack storage service - python-os-brick: Library for managing local volume attaches Details: David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3-cinder 2:16.1.0-0ubuntu1 python3-os-brick 3.0.1-0ubuntu1.2 Ubuntu 18.04 LTS: python-cinder 2:12.0.9-0ubuntu1.2 python-os-brick 2.3.0-0ubuntu1.2 python3-os-brick 2.3.0-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4420-1 CVE-2020-10755 Package Information: https://launchpad.net/ubuntu/+source/cinder/2:16.1.0-0ubuntu1 https://launchpad.net/ubuntu/+source/python-os-brick/3.0.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cinder/2:12.0.9-0ubuntu1.2 https://launchpad.net/ubuntu/+source/python-os-brick/2.3.0-0ubuntu1.2 --SUOF0GtieIMvvwua Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8El5cACgkQRbznW4QL H2nNSQ//SwHjWJhjjuGj6KG+zg0MoMIyzlVTV+8JcxYDkOYjUojtc1GKA1y0mUeH hDTWGy8xZ+D+b/IHL3x/FIuSFXLG/Xl4ZyYxc+yqP8Ojeq+EvO3jfRq6SxswNIBv heuCo4LXT1lkSMEW1o3cnxCwZ4k2Y615u3nn50RP1V9nJffZzAW93j1i3pq3PUXG 2chSSXWmDyObvunf99XUIEmxEU023YB8abtVWmCuZSw2xkT3y/ux1iiNzy+dyyqG 4qoJspaTyNdkyF8XYPHdTmdt3E7mvrI7OAvcfnygw5wUImHxKSN+kIQYT+Xgc/81 t+K18feLIy6b7sKzNiRDWBffRFzGcrTpr7XWj+3In/g7qWszCQe+FCbMrxk9kjyf F/fKc+w4+7IghDP4k9sd2Lp+OKuhXoWnT4ALEQeB/BpbAzYFVi2+FGaFJB4LLlxI piDOld/PmuG9R2D5NWW53ky+ZDiRxRFZ/j+hPU2Kirjy9AFjr5Qrja3GQXefDEYm 6ViVePCmdIjOVovUy+78GA10Vcbewe6kCSj0SQyRnIXn812SXVQ9kgcjvYxLd3dW CFgLkprU7s6hAIAlMsnXTKWbBVN/zsCAPSVLuTuXS+K3djJs/yZsXZl9OnD4Qllj y1akQR6fHiO0tw1OpjPcOj2wiePEB43n8NUBFYdNma+4jDtDPJo= =8RcL -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua-- --===============3185928443075288419== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |