- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4420-1
July 07, 2020
cinder, python-os-brick vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
Summary:
Cinder and os-brick could be made to expose sensitive information.
Software Description:
– cinder: OpenStack storage service
– python-os-brick: Library for managing local volume attaches
Details:
David Hill and Eric Harney discovered that Cinder and os-brick incorrectly
handled ScaleIO backend credentials. An attacker could possibly use this issue to
expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
python3-cinder 2:16.1.0-0ubuntu1
python3-os-brick 3.0.1-0ubuntu1.2
Ubuntu 18.04 LTS:
python-cinder 2:12.0.9-0ubuntu1.2
python-os-brick 2.3.0-0ubuntu1.2
python3-os-brick 2.3.0-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4420-1
CVE-2020-10755
Package Information:
https://launchpad.net/ubuntu/+source/cinder/2:16.1.0-0ubuntu1
https://launchpad.net/ubuntu/+source/python-os-brick/3.0.1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/cinder/2:12.0.9-0ubuntu1.2
https://launchpad.net/ubuntu/+source/python-os-brick/2.3.0-0ubuntu1.2
—–BEGIN PGP SIGNATURE—–
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAl8El5cACgkQRbznW4QL
H2nNSQ//SwHjWJhjjuGj6KG+zg0MoMIyzlVTV+8JcxYDkOYjUojtc1GKA1y0mUeH
hDTWGy8xZ+D+b/IHL3x/FIuSFXLG/Xl4ZyYxc+yqP8Ojeq+EvO3jfRq6SxswNIBv
heuCo4LXT1lkSMEW1o3cnxCwZ4k2Y615u3nn50RP1V9nJffZzAW93j1i3pq3PUXG
2chSSXWmDyObvunf99XUIEmxEU023YB8abtVWmCuZSw2xkT3y/ux1iiNzy+dyyqG
4qoJspaTyNdkyF8XYPHdTmdt3E7mvrI7OAvcfnygw5wUImHxKSN+kIQYT+Xgc/81
t+K18feLIy6b7sKzNiRDWBffRFzGcrTpr7XWj+3In/g7qWszCQe+FCbMrxk9kjyf
F/fKc+w4+7IghDP4k9sd2Lp+OKuhXoWnT4ALEQeB/BpbAzYFVi2+FGaFJB4LLlxI
piDOld/PmuG9R2D5NWW53ky+ZDiRxRFZ/j+hPU2Kirjy9AFjr5Qrja3GQXefDEYm
6ViVePCmdIjOVovUy+78GA10Vcbewe6kCSj0SQyRnIXn812SXVQ9kgcjvYxLd3dW
CFgLkprU7s6hAIAlMsnXTKWbBVN/zsCAPSVLuTuXS+K3djJs/yZsXZl9OnD4Qllj
y1akQR6fHiO0tw1OpjPcOj2wiePEB43n8NUBFYdNma+4jDtDPJo=
=8RcL
—–END PGP SIGNATURE—–
—
| Autor | Filip Omazic |
| Cert id | NCERT-REF-2020-07-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
