==========================================================================
Ubuntu Security Notice USN-2703-1
August 06, 2015
cinder vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
Summary:
Cinder could be made to access unintended files over the network by an
authenticated user.
Software Description:
– cinder: OpenStack storage service
Details:
Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
python-cinder 1:2015.1.0-0ubuntu1.1
After a standard system update you need to restart cinder to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-2703-1
CVE-2015-1851
Package Information:
https://launchpad.net/ubuntu/+source/cinder/1:2015.1.0-0ubuntu1.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQEcBAEBAgAGBQJVwsuCAAoJEPMhclmdjS6X3iwH/0hXbu8wmTjigRvKWSuDE3an
9/d18nTHE/p8MEyj9VJ4ySuaKC3ZSSG4cOjPgITdkGeIPD+Et2ga9ST7p0n/1pFj
i0AXmdn2ZVUO7eypHLYlNUMz9vliI3xMxdX9Z1F0TCd0vM/jwJmv7SssomM+9Apr
bbFUMlmc/GbP0NdVZcTyCBBL1SOJi8SnSs3l1KhWMcjRPq2utNgVHntuF7ETI03U
6dpo2ZDIwyM+DTsZfMiJJ5Bb9jNNAIqSf3Pvb23YDpn0D8lSNhDultOQGlqu3aHe
YrMBRW0/755iPltRFgU3+t06rDjnVOQNZMGg/pOmj25e0zpyBy8cNtIaiVH7+Ps=
=KIic
—–END PGP SIGNATURE—–
—