Debian Bug report logs -
#1029561
CVE-2022-47951: vulnerability in VMDK image processing
Package:
nova-compute;
Maintainer for nova-compute is Debian OpenStack <team+openstack@trackerdebianorg>; Source for nova-compute is src:nova (PTS, buildd, popcon)
Reported by: Thomas Goirand <zigo@debianorg>
Date: Tue, 24 Jan ...
Synopsis
Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openstack-cinder is now available for Red Hat OpenStackPlatformRed ...
Synopsis
Important: Red Hat OpenStack Platform (openstack-nova) security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openstack-nova is now available for Red Hat OpenStackPlatformRed Hat Product S ...
Synopsis
Important: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for openstack-glance is now available for Red Hat OpenStackPlatformRed ...
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Glance, the OpenStack image registry and delivery service, may result
in information disclosure
For the stable distribution (bullseye), this problem has been fixed in
version 2:2100-2+deb11u1
We recommend t ...
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Cinder, the OpenStack block storage system, may result in information
disclosure
For the stable distribution (bullseye), this problem has been fixed in
version 2:1701-1+deb11u1
We recommend that you upgrade ...
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in OpenStack Compute (codenamed Nova) may result in information
disclosure
For the stable distribution (bullseye), this problem has been fixed in
version 2:2201-2+deb11u1
We recommend that you upgrade your nov ...
Description<!---->A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive da ...