USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS.
Original advisory details:
Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
{ "availability": "No subscription needed", "binaries": [ { "nova-serialproxy": "2:17.0.13-0ubuntu5.2", "nova-volume": "2:17.0.13-0ubuntu5.2", "nova-doc": "2:17.0.13-0ubuntu5.2", "nova-compute-lxc": "2:17.0.13-0ubuntu5.2", "nova-novncproxy": "2:17.0.13-0ubuntu5.2", "nova-console": "2:17.0.13-0ubuntu5.2", "nova-compute-libvirt": "2:17.0.13-0ubuntu5.2", "nova-api": "2:17.0.13-0ubuntu5.2", "nova-xvpvncproxy": "2:17.0.13-0ubuntu5.2", "nova-api-os-compute": "2:17.0.13-0ubuntu5.2", "nova-compute-kvm": "2:17.0.13-0ubuntu5.2", "nova-ajax-console-proxy": "2:17.0.13-0ubuntu5.2", "nova-spiceproxy": "2:17.0.13-0ubuntu5.2", "nova-compute-vmware": "2:17.0.13-0ubuntu5.2", "nova-compute-xen": "2:17.0.13-0ubuntu5.2", "nova-network": "2:17.0.13-0ubuntu5.2", "nova-placement-api": "2:17.0.13-0ubuntu5.2", "python-nova": "2:17.0.13-0ubuntu5.2", "nova-compute": "2:17.0.13-0ubuntu5.2", "nova-conductor": "2:17.0.13-0ubuntu5.2", "nova-api-metadata": "2:17.0.13-0ubuntu5.2", "nova-common": "2:17.0.13-0ubuntu5.2", "nova-api-os-volume": "2:17.0.13-0ubuntu5.2", "nova-compute-qemu": "2:17.0.13-0ubuntu5.2", "nova-scheduler": "2:17.0.13-0ubuntu5.2", "nova-cells": "2:17.0.13-0ubuntu5.2", "nova-consoleauth": "2:17.0.13-0ubuntu5.2" } ] }