USN-6073-4 fixed a vulnerability in os-brick. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective, please see the upstream advisory for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.0.8-0ubuntu1.2", "binary_name": "os-brick-common" }, { "binary_version": "3.0.8-0ubuntu1.2", "binary_name": "python-os-brick-doc" }, { "binary_version": "3.0.8-0ubuntu1.2", "binary_name": "python3-os-brick" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "5.2.2-0ubuntu1.1", "binary_name": "os-brick-common" }, { "binary_version": "5.2.2-0ubuntu1.1", "binary_name": "python-os-brick-doc" }, { "binary_version": "5.2.2-0ubuntu1.1", "binary_name": "python3-os-brick" } ] }