USN-2703-1: Cinder vulnerability
6 August 2015
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
Cinder could be made to access unintended files over the network by an authenticated user.
- cinder - OpenStack storage service
Bastian Blank discovered that Cinder guessed image formats based on untrusted data. An attacker could use this to read arbitrary files from the Cinder host.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart cinder to make all the necessary changes.