USN-3666-1: Oslo middleware vulnerability

31 May 2018

python-oslo.middleware vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS

Summary

Applications using Oslo middleware could be made to expose sensitive information.

Software Description

  • python-oslo.middleware - WSGI middleware components for OpenStack

Details

Divya K Konoor discovered Oslo middleware was vulnerable to an information disclosure. A local attacker could exploit this flaw to obtain sensitive information from OpenStack component error logs.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
python-oslo.middleware - 3.8.0-2ubuntu1
python-oslo.middleware-doc - 3.8.0-2ubuntu1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart OpenStack services to make all the necessary changes.

References