USN-6241-1
- Source
- https://ubuntu.com/security/notices/USN-6241-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6241-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6241-1
- Related
- Published
- 2023-07-24T14:12:32.397208Z
- Modified
- 2023-07-24T14:12:32.397208Z
- Summary
- cinder, ironic, nova, python-glance-store, python-os-brick vulnerability
- Details
-
Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
This update may require configuration changes, please see the upstream advisory and the other links below for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html https://discourse.ubuntu.com/t/cve-2023-2088-for-charmed-openstack/37051 https://lists.openstack.org/pipermail/openstack-discuss/2023-July/034439.html
- References
Affected packages
Ubuntu:22.04:LTS / cinder
Package
- Name
- cinder
- Purl
- pkg:deb/ubuntu/cinder?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:20.2.0-0ubuntu1.1
Affected versions
2:19.*
2:19.0.0-0ubuntu2
2:19.0.0+git2022030310.b49fb59a6-0ubuntu1
2:19.0.0+git2022030310.b49fb59a6-0ubuntu2
2:20.*
2:20.0.0-0ubuntu1
2:20.0.1-0ubuntu1
2:20.1.0-0ubuntu1
2:20.1.0-0ubuntu2.1
2:20.1.0-0ubuntu2.2
2:20.2.0-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "cinder-api"
},
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "cinder-backup"
},
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "cinder-common"
},
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "cinder-scheduler"
},
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "cinder-volume"
},
{
"binary_version": "2:20.2.0-0ubuntu1.1",
"binary_name": "python3-cinder"
}
]
}
Ubuntu:22.04:LTS / ironic
Package
- Name
- ironic
- Purl
- pkg:deb/ubuntu/ironic?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:20.1.0-0ubuntu1.1
Affected versions
1:18.*
1:18.2.0-0ubuntu1
1:18.2.0+git2021120910.cdc3b9538-0ubuntu1
1:19.*
1:19.0.0+git2022011216.7beadee46-0ubuntu1
1:20.*
1:20.0.0+git2022030313.4e6a3d52e-0ubuntu1
1:20.1.0-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:20.1.0-0ubuntu1.1",
"binary_name": "ironic-api"
},
{
"binary_version": "1:20.1.0-0ubuntu1.1",
"binary_name": "ironic-common"
},
{
"binary_version": "1:20.1.0-0ubuntu1.1",
"binary_name": "ironic-conductor"
},
{
"binary_version": "1:20.1.0-0ubuntu1.1",
"binary_name": "python3-ironic"
}
]
}
Ubuntu:22.04:LTS / nova
Package
- Name
- nova
- Purl
- pkg:deb/ubuntu/nova?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:25.1.1-0ubuntu1.1
Affected versions
3:24.*
3:24.0.0-0ubuntu1
3:24.0.0+git2022030310.3f274c65cc-0ubuntu2
3:25.*
3:25.0.0-0ubuntu1
3:25.0.0-0ubuntu1.1
3:25.0.1-0ubuntu1
3:25.1.0-0ubuntu1
3:25.1.0-0ubuntu2
3:25.1.0-0ubuntu2.1
3:25.1.0-0ubuntu2.2
3:25.1.1-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-ajax-console-proxy"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-api"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-api-metadata"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-api-os-compute"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-api-os-volume"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-cells"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-common"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-ironic"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-kvm"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-libvirt"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-lxc"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-qemu"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-vmware"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-compute-xen"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-conductor"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-doc"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-novncproxy"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-scheduler"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-serialproxy"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-spiceproxy"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "nova-volume"
},
{
"binary_version": "3:25.1.1-0ubuntu1.1",
"binary_name": "python3-nova"
}
]
}
Ubuntu:22.04:LTS / python-glance-store
Package
- Name
- python-glance-store
- Purl
- pkg:deb/ubuntu/python-glance-store?arch=src?distro=jammy
Ubuntu:22.04:LTS / python-os-brick
Package
- Name
- python-os-brick
- Purl
- pkg:deb/ubuntu/python-os-brick?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.2-0ubuntu1.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "5.2.2-0ubuntu1.2",
"binary_name": "os-brick-common"
},
{
"binary_version": "5.2.2-0ubuntu1.2",
"binary_name": "python-os-brick-doc"
},
{
"binary_version": "5.2.2-0ubuntu1.2",
"binary_name": "python3-os-brick"
}
]
}