Your message dated Sat, 04 Feb 2023 17:17:11 +0000
with message-id <e1poma3-006hyo...@fasolo.debian.org>
and subject line Bug#1029561: fixed in nova 2:22.0.1-2+deb11u1
has caused the Debian Bug report #1029561,
regarding CVE-2022-47951: vulnerability in VMDK image processing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1029561: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nova-compute
Version: 2:26.0.0-5
Severity: grave
Tags: patch
This is an advance warning of a vulnerability discovered in
OpenStack, to give you, as downstream stakeholders, a chance to
coordinate the release of fixes and reduce the vulnerability window.
Please treat the following information as confidential until the
proposed public disclosure date.
Title: Arbitrary file access through custom VMDK flat descriptor
Reporter: Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien
Rannou (OVH)
Products: Cinder, Glance, Nova
Affects: Cinder <19.1.2, >=20.0.0 <20.0.2, ==21.0.0;
Glance <23.0.1, >=24.0.0 <24.1.1, ==25.0.0;
Nova <24.1.2, >=25.0.0 <25.0.2, ==26.0.0
Description:
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
(OVH) reported a vulnerability in VMDK image processing for Cinder,
Glance and Nova. By supplying a specially created VMDK flat image
which references a specific backing file path, an authenticated user
may convince systems to return a copy of that file's contents from
the server resulting in unauthorized access to potentially sensitive
data. All Cinder deployments are affected; only Glance deployments
with image conversion enabled are affected; all Nova deployments are
affected.
Proposed patch:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to their corresponding branches on the public
disclosure date. Note that stable/wallaby and older branches are
under extended maintenance and will receive no new point releases,
but patches for some of them are provided as a courtesy.
CVE: CVE-2022-47951
Proposed public disclosure date/time:
2023-01-24, 1500UTC
Please do not make the issue public (or release public patches)
before this coordinated embargo date.
Original private report:
https://launchpad.net/bugs/1996188
For access to read and comment on this report, please reply to me
with your Launchpad username and I will subscribe you.
--
Jeremy Stanley
OpenStack Vulnerability Management Team
--- End Message ---
--- Begin Message ---
Source: nova
Source-Version: 2:22.0.1-2+deb11u1
Done: Thomas Goirand <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
nova, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1029...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <z...@debian.org> (supplier of updated nova package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 24 Jan 2023 11:31:25 +0100
Source: nova
Architecture: source
Version: 2:22.0.1-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <team+openst...@tracker.debian.org>
Changed-By: Thomas Goirand <z...@debian.org>
Closes: 1029561
Changes:
nova (2:22.0.1-2+deb11u1) bullseye-security; urgency=medium
.
* CVE-2022-47951: By supplying a specially created VMDK flat image which
references a specific backing file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting
in unauthorized access to potentially sensitive data. Add upstream patch
cve-2022-47951-glance-stable-victoria.patch (Closes: #1029561).
Checksums-Sha1:
5b34041838c39107c06f2c2811399bfe5561f5e2 5339 nova_22.0.1-2+deb11u1.dsc
00feb086c56c8df4d0d85c795e33878eea75766f 5900180 nova_22.0.1.orig.tar.xz
4ff38fb907f356732392adc21e8dbc18040535e2 62092
nova_22.0.1-2+deb11u1.debian.tar.xz
20f5ca56aefae0fd497b1e1c5f0417d5b6c23be9 23807
nova_22.0.1-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
7861752c0bcf3238e0751d838637098a4c3e75bf03687c6049e52de3cc42e9c1 5339
nova_22.0.1-2+deb11u1.dsc
8bfc2c8d721237ad67f2a15a2882f366f5423f30e2fda802b3234f4280c7a262 5900180
nova_22.0.1.orig.tar.xz
11f2390bfe1ba6bfa583ef95cee98f377848065104579adf849167d2204a1ea1 62092
nova_22.0.1-2+deb11u1.debian.tar.xz
daa7b094ee50822b95d2801f57895815fb26602c40277d38cc821a0677a9a909 23807
nova_22.0.1-2+deb11u1_amd64.buildinfo
Files:
dab63cd1547e4b92150e7904a1008d7f 5339 net optional nova_22.0.1-2+deb11u1.dsc
e797a3036ecf56bd964a3117004dfcb8 5900180 net optional nova_22.0.1.orig.tar.xz
9666f29b16bb260d4c7d0087773e68c3 62092 net optional
nova_22.0.1-2+deb11u1.debian.tar.xz
b80f62561804c16659e10efa4ddb9106 23807 net optional
nova_22.0.1-2+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmPXwJMACgkQ1BatFaxr
Q/5zgg/+PhvC0jk9mZdBuhQl1RtglBgALFD2NHbY36Z3kQgf3ZtZx/fZV2caH4F1
YBdroqbQjFelexW00MAGlUWQCJiby5cXz9lCFw5x8hyNVEvSlG4r5bG7YlHG0f2s
2IebsgS1PqD4pwGV1jd6h/zE1NZAQND9ElC/ZkcleDJHxZdZl60rLViO3dhn5Ljv
jKSew9r7ZA7L+nRn7+7rDsqi6ypoo7CMhNuUzfe0AU9YawvGCbVTFmcG6NnMDK09
j1ZyhIECO7GRbkQpqv7Lv/O4ZV8sH86UqV4Ifu+26Cu3HMXFg7mmRW2DQDZQd3wi
UIy3b6GRZ6itH4pEb0d2j7QxVUax2eFGE7+g3FShFz/EutxI5+DnHjE60SzUobZ9
xIygLeNBIQ9Zc9S3K/fs9aPeJNDF10rbrBag9aBMJwS9nwOJn9xgL4kVbEaxGvEF
2oIi5Hmco6SiNkrGH6Pvt1yHlltHVRcFCU2Cw8pmOFxsGR4XTXgnFQ6l7hVqhav4
CjendO9TYEGLomem1+WZsIrEBnHrKpriy4eQFQPr3rCXyWx0VEX8z8Lh41Y1miIw
sQV+nm0GcR6w9io66XTpUS4WKuWDG2Jsh2bmvU+mSXlzaKlQZ8PsBpMTq7+oqxK9
HUG4GsV5+cMRxhi+tOtQ7O5OLa4JdEmn3s7v0NbGebNSl+Bj6rk=
=H2jP
-----END PGP SIGNATURE-----
--- End Message ---
