USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS.
Original advisory details:
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
{ "availability": "No subscription needed", "binaries": [ { "cinder-backup": "2:12.0.10-0ubuntu2.2", "python-cinder": "2:12.0.10-0ubuntu2.2", "cinder-api": "2:12.0.10-0ubuntu2.2", "cinder-volume": "2:12.0.10-0ubuntu2.2", "cinder-common": "2:12.0.10-0ubuntu2.2", "cinder-scheduler": "2:12.0.10-0ubuntu2.2" } ] }
{ "availability": "No subscription needed", "binaries": [ { "python3-cinder": "2:16.4.2-0ubuntu2.2", "cinder-scheduler": "2:16.4.2-0ubuntu2.2", "cinder-backup": "2:16.4.2-0ubuntu2.2", "cinder-api": "2:16.4.2-0ubuntu2.2", "cinder-volume": "2:16.4.2-0ubuntu2.2", "cinder-common": "2:16.4.2-0ubuntu2.2" } ] }