Home Unlabelled USN-2703-1: Cinder vulnerability

USN-2703-1: Cinder vulnerability

By
Wednesday, August 05, 2015
Read
Add Comment

Ubuntu Security Notice USN-2703-1

5th August, 2015

cinder vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04

Summary

Cinder could be made to access unintended files over the network by an authenticated user.

Software description

  • cinder - OpenStack storage service

Details

Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.04:
python-cinder 1:2015.1.0-0ubuntu1.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart cinder to make all the
necessary changes.

References

CVE-2015-1851



from Ubuntu Security Notices http://ift.tt/1Hs361A
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us