First published: Thu May 11 2023(Updated: )
Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information. This update may require configuration changes to be completely effective, please see the upstream advisory for more information: https://security.openstack.org/ossa/OSSA-2023-003.html
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-nova | <3:27.0.0-0ubuntu1.1 | 3:27.0.0-0ubuntu1.1 |
Ubuntu Ubuntu | =23.04 | |
All of | ||
ubuntu/python3-nova | <3:26.1.0-0ubuntu2.1 | 3:26.1.0-0ubuntu2.1 |
Ubuntu Ubuntu | =22.10 | |
All of | ||
ubuntu/python3-nova | <3:25.1.0-0ubuntu2.1 | 3:25.1.0-0ubuntu2.1 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python3-nova | <2:21.2.4-0ubuntu2.3 | 2:21.2.4-0ubuntu2.3 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6073-3 is high.
The Nova vulnerability could allow an authenticated user or attacker to gain access to sensitive information.
Versions 23.04, 22.10, 22.04, and 20.04 of Ubuntu are affected by USN-6073-3.
The remedy for USN-6073-3 is to upgrade python3-nova to version 3:27.0.0-0ubuntu1.1, 3:26.1.0-0ubuntu2.1, 3:25.1.0-0ubuntu2.1, or 2:21.2.4-0ubuntu2.3 depending on the Ubuntu version.
You can find more information about USN-6073-3 on the Ubuntu security website.