USN-5835-3

Source

https://ubuntu.com/security/notices/USN-5835-3

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5835-3.json

Related

CVE-2022-47951

Published

2023-01-31T13:15:50.256293Z

Modified

2023-01-31T13:15:50.256293Z

Summary

nova vulnerability

Details

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

References

Affected packages

Ubuntu:22.04:LTS / nova

Package

Name: nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3:25.1.0-0ubuntu1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "nova-compute-lxc": "3:25.1.0-0ubuntu1",
            "nova-volume": "3:25.1.0-0ubuntu1",
            "nova-doc": "3:25.1.0-0ubuntu1",
            "nova-novncproxy": "3:25.1.0-0ubuntu1",
            "nova-api-os-compute": "3:25.1.0-0ubuntu1",
            "nova-compute-kvm": "3:25.1.0-0ubuntu1",
            "nova-ajax-console-proxy": "3:25.1.0-0ubuntu1",
            "nova-compute-ironic": "3:25.1.0-0ubuntu1",
            "nova-spiceproxy": "3:25.1.0-0ubuntu1",
            "nova-compute-vmware": "3:25.1.0-0ubuntu1",
            "nova-compute-xen": "3:25.1.0-0ubuntu1",
            "nova-serialproxy": "3:25.1.0-0ubuntu1",
            "nova-conductor": "3:25.1.0-0ubuntu1",
            "nova-compute": "3:25.1.0-0ubuntu1",
            "python3-nova": "3:25.1.0-0ubuntu1",
            "nova-scheduler": "3:25.1.0-0ubuntu1",
            "nova-api-metadata": "3:25.1.0-0ubuntu1",
            "nova-common": "3:25.1.0-0ubuntu1",
            "nova-api": "3:25.1.0-0ubuntu1",
            "nova-api-os-volume": "3:25.1.0-0ubuntu1",
            "nova-compute-qemu": "3:25.1.0-0ubuntu1",
            "nova-compute-libvirt": "3:25.1.0-0ubuntu1",
            "nova-cells": "3:25.1.0-0ubuntu1"
        }
    ]
}

Ubuntu:20.04:LTS / nova

Package

Name: nova

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

2:21.2.4-0ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "nova-compute-lxc": "2:21.2.4-0ubuntu2.1",
            "nova-volume": "2:21.2.4-0ubuntu2.1",
            "nova-doc": "2:21.2.4-0ubuntu2.1",
            "nova-novncproxy": "2:21.2.4-0ubuntu2.1",
            "nova-api-os-compute": "2:21.2.4-0ubuntu2.1",
            "nova-compute-kvm": "2:21.2.4-0ubuntu2.1",
            "nova-ajax-console-proxy": "2:21.2.4-0ubuntu2.1",
            "nova-spiceproxy": "2:21.2.4-0ubuntu2.1",
            "nova-compute-vmware": "2:21.2.4-0ubuntu2.1",
            "nova-compute-xen": "2:21.2.4-0ubuntu2.1",
            "nova-serialproxy": "2:21.2.4-0ubuntu2.1",
            "nova-conductor": "2:21.2.4-0ubuntu2.1",
            "nova-compute": "2:21.2.4-0ubuntu2.1",
            "python3-nova": "2:21.2.4-0ubuntu2.1",
            "nova-scheduler": "2:21.2.4-0ubuntu2.1",
            "nova-api-metadata": "2:21.2.4-0ubuntu2.1",
            "nova-common": "2:21.2.4-0ubuntu2.1",
            "nova-api": "2:21.2.4-0ubuntu2.1",
            "nova-api-os-volume": "2:21.2.4-0ubuntu2.1",
            "nova-compute-qemu": "2:21.2.4-0ubuntu2.1",
            "nova-compute-libvirt": "2:21.2.4-0ubuntu2.1",
            "nova-cells": "2:21.2.4-0ubuntu2.1"
        }
    ]
}