USN-5835-1

Source

https://ubuntu.com/security/notices/USN-5835-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5835-1.json

Related

CVE-2022-47951

Published

2023-01-31T13:11:52.930071Z

Modified

2023-01-31T13:11:52.930071Z

Summary

cinder vulnerability

Details

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

References

Affected packages

Ubuntu:22.04:LTS / cinder

Package

Name: cinder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:20.1.0-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "python3-cinder": "2:20.1.0-0ubuntu1",
            "cinder-scheduler": "2:20.1.0-0ubuntu1",
            "cinder-backup": "2:20.1.0-0ubuntu1",
            "cinder-api": "2:20.1.0-0ubuntu1",
            "cinder-volume": "2:20.1.0-0ubuntu1",
            "cinder-common": "2:20.1.0-0ubuntu1"
        }
    ]
}

Ubuntu:20.04:LTS / cinder

Package

Name: cinder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:16.4.2-0ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "python3-cinder": "2:16.4.2-0ubuntu2.1",
            "cinder-scheduler": "2:16.4.2-0ubuntu2.1",
            "cinder-backup": "2:16.4.2-0ubuntu2.1",
            "cinder-api": "2:16.4.2-0ubuntu2.1",
            "cinder-volume": "2:16.4.2-0ubuntu2.1",
            "cinder-common": "2:16.4.2-0ubuntu2.1"
        }
    ]
}