- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-4675-1
January 05, 2021
horizon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
OpenStack Horizon could be made to redirect to a malicious URL.
Software Description:
– horizon: Web interface for OpenStack cloud infrastructure
Details:
Pritam Singh discovered that OpenStack Horizon incorrectly validated
certain parameters. An attacker could possibly use this issue to cause
OpenStack Horizon to redirect to a malicious URL.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
openstack-dashboard 3:18.3.2-0ubuntu0.20.04.4
Ubuntu 18.04 LTS:
openstack-dashboard 3:13.0.3-0ubuntu2
Ubuntu 16.04 LTS:
openstack-dashboard 2:9.1.2-0ubuntu5.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4675-1
CVE-2020-29565
Package Information:
https://launchpad.net/ubuntu/+source/horizon/3:18.3.2-0ubuntu0.20.04.4
https://launchpad.net/ubuntu/+source/horizon/3:13.0.3-0ubuntu2
https://launchpad.net/ubuntu/+source/horizon/2:9.1.2-0ubuntu5.2
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/0dLoACgkQZWnYVadE
vpO29hAAsPCHwWyHnEqZ2wOhSOowlZhzXM8NzpX9ycb6e/OI7AVPV9U7A6fJwxM1
La7ofnlcCXyxP53ECVnRGITR54mOJiFHXJFkb9Eo0GbDs25krSVBG7dWHR3pjeUk
Yj+LPd86wiFN9rnI5cSJlZiGzEYRcC2rqLfZnb4VmutE++KNDN8TeF7Cka1SyJNe
yor4etbTrQA2+QH+IfhAogB9EC2sq4liYKlVjvWOHiuau3zvJ/6CxdXM7GVCO9h6
3hB5Z8psRFVkeQ5AhTn7VqB5Iv/xlZZeEbvUGw4NtdRv80PXost387fCMgXMgiO0
hRdRR2GSYCqeAKbVQQ+kxRtsEfa9vnruqtfR4vxN4rIaba0b6shUXLWE2oeeyQ8Z
1A0jXWxALF79ga1wvw2XJfwyR2JwBeK3QGpnU4Xfezhjd0lO99XCSyOAMg7LQOIm
uvOxCI55jWCy+BCKmkf2Iwd94ecrT5OOgw1z8NfGfqfbyw9TdkSUVoQjgYzOm9D/
KgF1N4Dwl7cfFBFnmYOhK6KI+sTg1VTTZUWXWMD+l4ToFDYdbVEk8Pis4CJvR3Bg
Eh1cxmoledmoHbTq4tpJtuAPqxR81Csam2AP2RwxbgKjQuuUi1o8JPWp/rTCjazZ
FvVcRhLmZWjOk8eFp5tElpeimZTJvsrZZKfLmQfhqp5qXbtVzAU=
=3syo
—–END PGP SIGNATURE—–
—
| Autor | Dona Šeruga |
| Cert id | NCERT-REF-2021-01-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
