You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa cinder i programske biblioteke python-os-brick

Sigurnosni nedostatak programskog paketa cinder i programske biblioteke python-os-brick

==========================================================================
Ubuntu Security Notice USN-4420-1
July 07, 2020

cinder, python-os-brick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS

Summary:

Cinder and os-brick could be made to expose sensitive information.

Software Description:
– cinder: OpenStack storage service
– python-os-brick: Library for managing local volume attaches

Details:

David Hill and Eric Harney discovered that Cinder and os-brick incorrectly
handled ScaleIO backend credentials. An attacker could possibly use this issue to
expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
python3-cinder 2:16.1.0-0ubuntu1
python3-os-brick 3.0.1-0ubuntu1.2

Ubuntu 18.04 LTS:
python-cinder 2:12.0.9-0ubuntu1.2
python-os-brick 2.3.0-0ubuntu1.2
python3-os-brick 2.3.0-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4420-1
CVE-2020-10755

Package Information:
https://launchpad.net/ubuntu/+source/cinder/2:16.1.0-0ubuntu1
https://launchpad.net/ubuntu/+source/python-os-brick/3.0.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/cinder/2:12.0.9-0ubuntu1.2
https://launchpad.net/ubuntu/+source/python-os-brick/2.3.0-0ubuntu1.2
—–BEGIN PGP SIGNATURE—–

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8El5cACgkQRbznW4QL
H2nNSQ//SwHjWJhjjuGj6KG+zg0MoMIyzlVTV+8JcxYDkOYjUojtc1GKA1y0mUeH
hDTWGy8xZ+D+b/IHL3x/FIuSFXLG/Xl4ZyYxc+yqP8Ojeq+EvO3jfRq6SxswNIBv
heuCo4LXT1lkSMEW1o3cnxCwZ4k2Y615u3nn50RP1V9nJffZzAW93j1i3pq3PUXG
2chSSXWmDyObvunf99XUIEmxEU023YB8abtVWmCuZSw2xkT3y/ux1iiNzy+dyyqG
4qoJspaTyNdkyF8XYPHdTmdt3E7mvrI7OAvcfnygw5wUImHxKSN+kIQYT+Xgc/81
t+K18feLIy6b7sKzNiRDWBffRFzGcrTpr7XWj+3In/g7qWszCQe+FCbMrxk9kjyf
F/fKc+w4+7IghDP4k9sd2Lp+OKuhXoWnT4ALEQeB/BpbAzYFVi2+FGaFJB4LLlxI
piDOld/PmuG9R2D5NWW53ky+ZDiRxRFZ/j+hPU2Kirjy9AFjr5Qrja3GQXefDEYm
6ViVePCmdIjOVovUy+78GA10Vcbewe6kCSj0SQyRnIXn812SXVQ9kgcjvYxLd3dW
CFgLkprU7s6hAIAlMsnXTKWbBVN/zsCAPSVLuTuXS+K3djJs/yZsXZl9OnD4Qllj
y1akQR6fHiO0tw1OpjPcOj2wiePEB43n8NUBFYdNma+4jDtDPJo=
=8RcL
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa chromium

Otkriveni su sigurnosni nedostaci u programskom paketu chromium za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju pristup osjetljivim informacijama,...

Close