Headline
RHSA-2023:3161: Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-17
Updated:
2023-05-17
RHSA-2023:3161 - Security Advisory
- Overview
- Updated Packages
Synopsis
Critical: Red Hat OpenStack Platform 13.0 security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openstack-nova is now available for Red Hat OpenStack
Platform 13 (Queens).
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Security Fix(es):
- EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user’s
volumes (CVE-2023-2088)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Affected Products
- Red Hat OpenStack 13 - Extended Life Cycle Support 13 x86_64
- Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13 ppc64le
Fixes
- BZ - 2179587 - CVE-2023-2088 openstack-cinder: silently access other user’s volumes
Red Hat OpenStack 13 - Extended Life Cycle Support 13
SRPM
openstack-nova-17.0.13-41.el7ost.src.rpm
SHA-256: 646b1f9b623acf2c5e5fbaf9ffe29b0c0a98af2e389efb4dbcdfbe34fdf96c12
python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm
SHA-256: 90bf31ceee7a759a6d7ce04d3968bb7146c253ac47b656f7875f788472a7bde1
python-os-brick-2.3.9-12.el7ost.src.rpm
SHA-256: 8184e5c2d7c279690e1b235e62c59526a4bf9bccbb3c90f6d3d719aaaa9840e5
x86_64
openstack-nova-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9b5a625544b3e13186b8149a470d8e5f5c399d2c8f21e4ab65fa553dd933786b
openstack-nova-api-17.0.13-41.el7ost.noarch.rpm
SHA-256: 61d218cd8081268388b66b48ef40576c6cf4e0869e06481990ac918f88411942
openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm
SHA-256: de7ed982abd8c1c9c857d0bb76b5b0fddec581471698287aa17e481e9f691ca1
openstack-nova-common-17.0.13-41.el7ost.noarch.rpm
SHA-256: bf591a1a6caec1a7d6124cab4ceb13823f43a7a0e7a14f3f78df195faa35d377
openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm
SHA-256: f3d140808a3fd16a188d556b024ceb775a9f89ffc9bf253174675192168941e4
openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm
SHA-256: ea788632d01200c068678fd40c64c6389c158f67a2265b90acc9a74ce7d9b2b5
openstack-nova-console-17.0.13-41.el7ost.noarch.rpm
SHA-256: c4088e25c21cea1c923fe022adca61f1f83786f9f1242981cbe6e4f75c3994c5
openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm
SHA-256: 39a8df8f48f9dc44b966791700b8a617c9fddbf605d693cd8b04b027fa4082f7
openstack-nova-network-17.0.13-41.el7ost.noarch.rpm
SHA-256: 2be03afcfdc037e08f52b9cbfa0bed7308bcadc2bc1c61eed410ae93aa7ead80
openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9a190df920a2fbc20afc2feb18ae82516e7c2bb515d7d95051e6d7061cf1d344
openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm
SHA-256: 62b98bae1fce2c055f6f99297d8b5f6b4a301c75478980120c1d34a2b11e3f5e
openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9cb6c1d57ac6be3579ee8a4483e27cee05ae4ad440b9c1db8a5e393f4e028991
openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: 54532974d8681c215e3e4e80b8485c267ec8b0a39352c0c73d8dcd96a3a675af
openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: d4fbbf7e7cccf93821748defbe62327c90e9e1175a19d3944974dd2a7847b2f0
python-nova-17.0.13-41.el7ost.noarch.rpm
SHA-256: bd84f35a0a7756eab4e19e5a1ac816927e23cfad641fc0c133aa9e190bbbbdbf
python-nova-tests-17.0.13-41.el7ost.noarch.rpm
SHA-256: 8212f7ba5cf3f09d76e57571ffc10b32332dde1c5a84c06ae90153b1156d41f0
python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm
SHA-256: ae23aa7b003e558d5bbef979ade3a5a0c3b0adf4b8845fb60d1faeec0961467e
python2-os-brick-2.3.9-12.el7ost.noarch.rpm
SHA-256: bf59c50afb8e183447343a781cfc7ca0f7070060784f961eb9b6d51e64d2b6d0
Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13
SRPM
openstack-nova-17.0.13-41.el7ost.src.rpm
SHA-256: 646b1f9b623acf2c5e5fbaf9ffe29b0c0a98af2e389efb4dbcdfbe34fdf96c12
python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm
SHA-256: 90bf31ceee7a759a6d7ce04d3968bb7146c253ac47b656f7875f788472a7bde1
python-os-brick-2.3.9-12.el7ost.src.rpm
SHA-256: 8184e5c2d7c279690e1b235e62c59526a4bf9bccbb3c90f6d3d719aaaa9840e5
ppc64le
openstack-nova-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9b5a625544b3e13186b8149a470d8e5f5c399d2c8f21e4ab65fa553dd933786b
openstack-nova-api-17.0.13-41.el7ost.noarch.rpm
SHA-256: 61d218cd8081268388b66b48ef40576c6cf4e0869e06481990ac918f88411942
openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm
SHA-256: de7ed982abd8c1c9c857d0bb76b5b0fddec581471698287aa17e481e9f691ca1
openstack-nova-common-17.0.13-41.el7ost.noarch.rpm
SHA-256: bf591a1a6caec1a7d6124cab4ceb13823f43a7a0e7a14f3f78df195faa35d377
openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm
SHA-256: f3d140808a3fd16a188d556b024ceb775a9f89ffc9bf253174675192168941e4
openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm
SHA-256: ea788632d01200c068678fd40c64c6389c158f67a2265b90acc9a74ce7d9b2b5
openstack-nova-console-17.0.13-41.el7ost.noarch.rpm
SHA-256: c4088e25c21cea1c923fe022adca61f1f83786f9f1242981cbe6e4f75c3994c5
openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm
SHA-256: 39a8df8f48f9dc44b966791700b8a617c9fddbf605d693cd8b04b027fa4082f7
openstack-nova-network-17.0.13-41.el7ost.noarch.rpm
SHA-256: 2be03afcfdc037e08f52b9cbfa0bed7308bcadc2bc1c61eed410ae93aa7ead80
openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9a190df920a2fbc20afc2feb18ae82516e7c2bb515d7d95051e6d7061cf1d344
openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm
SHA-256: 62b98bae1fce2c055f6f99297d8b5f6b4a301c75478980120c1d34a2b11e3f5e
openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm
SHA-256: 9cb6c1d57ac6be3579ee8a4483e27cee05ae4ad440b9c1db8a5e393f4e028991
openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: 54532974d8681c215e3e4e80b8485c267ec8b0a39352c0c73d8dcd96a3a675af
openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm
SHA-256: d4fbbf7e7cccf93821748defbe62327c90e9e1175a19d3944974dd2a7847b2f0
python-nova-17.0.13-41.el7ost.noarch.rpm
SHA-256: bd84f35a0a7756eab4e19e5a1ac816927e23cfad641fc0c133aa9e190bbbbdbf
python-nova-tests-17.0.13-41.el7ost.noarch.rpm
SHA-256: 8212f7ba5cf3f09d76e57571ffc10b32332dde1c5a84c06ae90153b1156d41f0
python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm
SHA-256: ae23aa7b003e558d5bbef979ade3a5a0c3b0adf4b8845fb60d1faeec0961467e
python2-os-brick-2.3.9-12.el7ost.noarch.rpm
SHA-256: bf59c50afb8e183447343a781cfc7ca0f7070060784f961eb9b6d51e64d2b6d0
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.