- Vulnerability/
- USN-6073-2
USN-6073-2: Glance_store vulnerability
First published: Thu May 11 2023(Updated: )
Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see the upstream advisory for more information: https://security.openstack.org/ossa/OSSA-2023-003.html
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python3-glance-store | <4.3.0-0ubuntu1.1 | 4.3.0-0ubuntu1.1 |
| =23.04 | ||
| All of | ||
| ubuntu/python3-glance-store | <4.1.0-0ubuntu1.1 | 4.1.0-0ubuntu1.1 |
| =22.10 | ||
| All of | ||
| ubuntu/python3-glance-store | <3.0.0-0ubuntu1.1 | 3.0.0-0ubuntu1.1 |
| =22.04 | ||
| All of | ||
| ubuntu/python3-glance-store | <2.0.0-0ubuntu4.1 | 2.0.0-0ubuntu4.1 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-2088
- https://ubuntu.com/security/notices/USN-6073-1
- https://ubuntu.com/security/notices/USN-6073-3
- https://ubuntu.com/security/notices/USN-6073-4
- https://ubuntu.com/security/notices/USN-6241-1
- https://launchpad.net/ubuntu/+source/python-glance-store/4.3.0-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/python-glance-store/4.1.0-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/python-glance-store/3.0.0-0ubuntu1.1
- https://launchpad.net/ubuntu/+source/python-glance-store/2.0.0-0ubuntu4.1
- https://ubuntu.com/security/notices/USN-6073-2 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Glance_store vulnerability?
The vulnerability ID for this Glance_store vulnerability is USN-6073-2.
What is the impact of the Glance_store vulnerability?
An authenticated user or attacker could possibly use this vulnerability to gain access to sensitive information.
How can an authenticated user or attacker exploit this vulnerability?
An authenticated user or attacker can exploit this vulnerability by manipulating deleted volume attachments.
Which software versions are affected by this Glance_store vulnerability?
The Glance_store vulnerability affects the following software versions: Ubuntu 23.04, 22.10, 22.04, and 20.04.
How can I fix the Glance_store vulnerability?
To fix the Glance_store vulnerability, you need to update the python3-glance-store package to version 4.3.0-0ubuntu1.1 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6073-1
- anchor-related/USN-6073-3
- anchor-related/USN-6073-4
- anchor-related/USN-6241-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04
- version/ubuntu ubuntu/22.10
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04