USN-5835-5

Source
https://ubuntu.com/security/notices/USN-5835-5
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5835-5.json
Related
Published
2023-02-09T14:44:47.156085Z
Modified
2023-02-09T14:44:47.156085Z
Summary
nova vulnerability
Details

USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS.

Original advisory details:

Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

References

Affected packages

Ubuntu:18.04:LTS / nova

Package

Name
nova

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2:17.0.13-0ubuntu5.2

Ecosystem specific 

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "nova-serialproxy": "2:17.0.13-0ubuntu5.2",
            "nova-volume": "2:17.0.13-0ubuntu5.2",
            "nova-doc": "2:17.0.13-0ubuntu5.2",
            "nova-compute-lxc": "2:17.0.13-0ubuntu5.2",
            "nova-novncproxy": "2:17.0.13-0ubuntu5.2",
            "nova-console": "2:17.0.13-0ubuntu5.2",
            "nova-compute-libvirt": "2:17.0.13-0ubuntu5.2",
            "nova-api": "2:17.0.13-0ubuntu5.2",
            "nova-xvpvncproxy": "2:17.0.13-0ubuntu5.2",
            "nova-api-os-compute": "2:17.0.13-0ubuntu5.2",
            "nova-compute-kvm": "2:17.0.13-0ubuntu5.2",
            "nova-ajax-console-proxy": "2:17.0.13-0ubuntu5.2",
            "nova-spiceproxy": "2:17.0.13-0ubuntu5.2",
            "nova-compute-vmware": "2:17.0.13-0ubuntu5.2",
            "nova-compute-xen": "2:17.0.13-0ubuntu5.2",
            "nova-network": "2:17.0.13-0ubuntu5.2",
            "nova-placement-api": "2:17.0.13-0ubuntu5.2",
            "python-nova": "2:17.0.13-0ubuntu5.2",
            "nova-compute": "2:17.0.13-0ubuntu5.2",
            "nova-conductor": "2:17.0.13-0ubuntu5.2",
            "nova-api-metadata": "2:17.0.13-0ubuntu5.2",
            "nova-common": "2:17.0.13-0ubuntu5.2",
            "nova-api-os-volume": "2:17.0.13-0ubuntu5.2",
            "nova-compute-qemu": "2:17.0.13-0ubuntu5.2",
            "nova-scheduler": "2:17.0.13-0ubuntu5.2",
            "nova-cells": "2:17.0.13-0ubuntu5.2",
            "nova-consoleauth": "2:17.0.13-0ubuntu5.2"
        }
    ]
}