Sigurnosni nedostatak programskog paketa OpenStack Horizon

==========================================================================
Ubuntu Security Notice USN-4675-1
January 05, 2021

horizon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

OpenStack Horizon could be made to redirect to a malicious URL.

Software Description:
– horizon: Web interface for OpenStack cloud infrastructure

Details:

Pritam Singh discovered that OpenStack Horizon incorrectly validated
certain parameters. An attacker could possibly use this issue to cause
OpenStack Horizon to redirect to a malicious URL.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
openstack-dashboard 3:18.3.2-0ubuntu0.20.04.4

Ubuntu 18.04 LTS:
openstack-dashboard 3:13.0.3-0ubuntu2

Ubuntu 16.04 LTS:
openstack-dashboard 2:9.1.2-0ubuntu5.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4675-1
CVE-2020-29565

Package Information:
https://launchpad.net/ubuntu/+source/horizon/3:18.3.2-0ubuntu0.20.04.4
https://launchpad.net/ubuntu/+source/horizon/3:13.0.3-0ubuntu2
https://launchpad.net/ubuntu/+source/horizon/2:9.1.2-0ubuntu5.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/0dLoACgkQZWnYVadE
vpO29hAAsPCHwWyHnEqZ2wOhSOowlZhzXM8NzpX9ycb6e/OI7AVPV9U7A6fJwxM1
La7ofnlcCXyxP53ECVnRGITR54mOJiFHXJFkb9Eo0GbDs25krSVBG7dWHR3pjeUk
Yj+LPd86wiFN9rnI5cSJlZiGzEYRcC2rqLfZnb4VmutE++KNDN8TeF7Cka1SyJNe
yor4etbTrQA2+QH+IfhAogB9EC2sq4liYKlVjvWOHiuau3zvJ/6CxdXM7GVCO9h6
3hB5Z8psRFVkeQ5AhTn7VqB5Iv/xlZZeEbvUGw4NtdRv80PXost387fCMgXMgiO0
hRdRR2GSYCqeAKbVQQ+kxRtsEfa9vnruqtfR4vxN4rIaba0b6shUXLWE2oeeyQ8Z
1A0jXWxALF79ga1wvw2XJfwyR2JwBeK3QGpnU4Xfezhjd0lO99XCSyOAMg7LQOIm
uvOxCI55jWCy+BCKmkf2Iwd94ecrT5OOgw1z8NfGfqfbyw9TdkSUVoQjgYzOm9D/
KgF1N4Dwl7cfFBFnmYOhK6KI+sTg1VTTZUWXWMD+l4ToFDYdbVEk8Pis4CJvR3Bg
Eh1cxmoledmoHbTq4tpJtuAPqxR81Csam2AP2RwxbgKjQuuUi1o8JPWp/rTCjazZ
FvVcRhLmZWjOk8eFp5tElpeimZTJvsrZZKfLmQfhqp5qXbtVzAU=
=3syo
—–END PGP SIGNATURE—–
—

Sigurnosni nedostatak programskog paketa OpenStack Horizon

Archives

More in Preporuke

Sigurnosni nedostaci jezgre operacijskog sustava