Ubuntu Security Notice USN-2703-1
5th August, 2015
cinder vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
Summary
Cinder could be made to access unintended files over the network by an
authenticated user.
Software description
- cinder
– OpenStack storage service
Details
Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
python-cinder
1:2015.1.0-0ubuntu1.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart cinder to make all the
necessary changes.