Headline
RHSA-2023:3158: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-17
Updated:
2023-05-17
RHSA-2023:3158 - Security Advisory
- Overview
- Updated Packages
Synopsis
Critical: Red Hat OpenStack Platform 16.2 security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.2 (Train).
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Security Fix(es):
- EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user’s
volumes (CVE-2023-2088)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Affected Products
- Red Hat OpenStack for IBM Power 16.2 ppc64le
- Red Hat OpenStack 16.2 x86_64
- Cinderlib 16.2 x86_64
- Cinderlib for IBM Power LE 16.2 ppc64le
Fixes
- BZ - 2179587 - CVE-2023-2088 openstack-cinder: silently access other user’s volumes
Red Hat OpenStack for IBM Power 16.2
SRPM
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm
SHA-256: 33312dbcd008a0f4a77a2a035e2cbbaa8ff6457672525a3abbae5bee676324ae
openstack-nova-20.6.2-2.20230308185149.el8ost.src.rpm
SHA-256: a0d99fb24569bdcdf31126375c34c97c02b38971ec3ba7a397a6f26f520b7141
python-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.src.rpm
SHA-256: f620899d98e110d44608f9a64a3abc5c10df90fd2b8d492d8bcc1ad0c9e41f9e
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm
SHA-256: 1c92e4e0f8240743295c7793dc0d42012cc3bb52035ba83d4b1f4c748e998c93
tripleo-ansible-0.8.1-2.20230309004941.el8ost.src.rpm
SHA-256: 852f7dfc21be1d5b12ba1c72b119e96ebf71dc363b54b81c6be366fe07924d3d
ppc64le
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 25d13595b87da519da7b2e377cd14a6884096d27491ac9d6643ec694bdd82182
openstack-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: ce8f1cec1eefab0496cb6446cd5e7ae157c3bd0ffd9c9f05786f75733640712e
openstack-nova-api-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: aff3e807510d19139c568515e65547a7253df10a819ec1fc3f9858ee551e8d01
openstack-nova-common-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: c8a12f8c52bf264dd02ab15c1fc1865ec0db6cb8a22ba462d3806a9b1f781789
openstack-nova-compute-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: fa4431ab675a1a28cf90858d43546b4f2ea07805279228f59ec33ec1ab5d3f59
openstack-nova-conductor-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 2b581fdfff914e7a3e9fdbb959d624b0e684a75d0faad7b3efff3efb3eaf43e9
openstack-nova-console-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: ffe098622ba2fad02aa4e90ca13ee161448813c84c672605112b528155af7ff6
openstack-nova-migration-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 5d2f70166c037589519803bccbfb464c536b2c69b755595f89757bf37d749cb6
openstack-nova-novncproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 49c88f772d5622a4b7da7f95961ae4453f4849a0a1bf8038f592b55ec0e9882b
openstack-nova-scheduler-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: aa963a3355a2d455d2dc186789ecd3ccfe0ca3175c07153f725fa62584b19ff4
openstack-nova-serialproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 522e4598884c0dad31ba8643a558860b4e589431a4546a74fb17fa665d76b93d
openstack-nova-spicehtml5proxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: cb7ef528748687ef965e0a7427a2e0fdde394687fee8afc6c3bda40c222e2946
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 4c0fcbf3c7ed9dcefbbee0794cbe94094aac30a792c2f772c252d1e9b29d49eb
python3-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.noarch.rpm
SHA-256: ae40bee3d2ce0013967b360f43ff6cd74706e51c7878c4f54b5ea5bce4608441
python3-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 60c81f83e07ffa69f1777909568da09e01c24793be07d7bd361005197956df11
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm
SHA-256: e3a107824c7a98566ba7ca08540ebf16263808d42305b195669f3a44c22fdeab
tripleo-ansible-0.8.1-2.20230309004941.el8ost.noarch.rpm
SHA-256: 95276810d1c69d9694080dc3a86ed9b0910c91c81e9605dac6d4aecea122433f
Red Hat OpenStack 16.2
SRPM
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm
SHA-256: 33312dbcd008a0f4a77a2a035e2cbbaa8ff6457672525a3abbae5bee676324ae
openstack-nova-20.6.2-2.20230308185149.el8ost.src.rpm
SHA-256: a0d99fb24569bdcdf31126375c34c97c02b38971ec3ba7a397a6f26f520b7141
python-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.src.rpm
SHA-256: f620899d98e110d44608f9a64a3abc5c10df90fd2b8d492d8bcc1ad0c9e41f9e
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm
SHA-256: 1c92e4e0f8240743295c7793dc0d42012cc3bb52035ba83d4b1f4c748e998c93
tripleo-ansible-0.8.1-2.20230309004941.el8ost.src.rpm
SHA-256: 852f7dfc21be1d5b12ba1c72b119e96ebf71dc363b54b81c6be366fe07924d3d
x86_64
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 25d13595b87da519da7b2e377cd14a6884096d27491ac9d6643ec694bdd82182
openstack-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: ce8f1cec1eefab0496cb6446cd5e7ae157c3bd0ffd9c9f05786f75733640712e
openstack-nova-api-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: aff3e807510d19139c568515e65547a7253df10a819ec1fc3f9858ee551e8d01
openstack-nova-common-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: c8a12f8c52bf264dd02ab15c1fc1865ec0db6cb8a22ba462d3806a9b1f781789
openstack-nova-compute-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: fa4431ab675a1a28cf90858d43546b4f2ea07805279228f59ec33ec1ab5d3f59
openstack-nova-conductor-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 2b581fdfff914e7a3e9fdbb959d624b0e684a75d0faad7b3efff3efb3eaf43e9
openstack-nova-console-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: ffe098622ba2fad02aa4e90ca13ee161448813c84c672605112b528155af7ff6
openstack-nova-migration-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 5d2f70166c037589519803bccbfb464c536b2c69b755595f89757bf37d749cb6
openstack-nova-novncproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 49c88f772d5622a4b7da7f95961ae4453f4849a0a1bf8038f592b55ec0e9882b
openstack-nova-scheduler-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: aa963a3355a2d455d2dc186789ecd3ccfe0ca3175c07153f725fa62584b19ff4
openstack-nova-serialproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 522e4598884c0dad31ba8643a558860b4e589431a4546a74fb17fa665d76b93d
openstack-nova-spicehtml5proxy-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: cb7ef528748687ef965e0a7427a2e0fdde394687fee8afc6c3bda40c222e2946
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 4c0fcbf3c7ed9dcefbbee0794cbe94094aac30a792c2f772c252d1e9b29d49eb
python3-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.noarch.rpm
SHA-256: ae40bee3d2ce0013967b360f43ff6cd74706e51c7878c4f54b5ea5bce4608441
python3-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm
SHA-256: 60c81f83e07ffa69f1777909568da09e01c24793be07d7bd361005197956df11
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm
SHA-256: e3a107824c7a98566ba7ca08540ebf16263808d42305b195669f3a44c22fdeab
tripleo-ansible-0.8.1-2.20230309004941.el8ost.noarch.rpm
SHA-256: 95276810d1c69d9694080dc3a86ed9b0910c91c81e9605dac6d4aecea122433f
Cinderlib 16.2
SRPM
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm
SHA-256: 33312dbcd008a0f4a77a2a035e2cbbaa8ff6457672525a3abbae5bee676324ae
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm
SHA-256: 1c92e4e0f8240743295c7793dc0d42012cc3bb52035ba83d4b1f4c748e998c93
x86_64
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 25d13595b87da519da7b2e377cd14a6884096d27491ac9d6643ec694bdd82182
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 4c0fcbf3c7ed9dcefbbee0794cbe94094aac30a792c2f772c252d1e9b29d49eb
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm
SHA-256: e3a107824c7a98566ba7ca08540ebf16263808d42305b195669f3a44c22fdeab
Cinderlib for IBM Power LE 16.2
SRPM
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm
SHA-256: 33312dbcd008a0f4a77a2a035e2cbbaa8ff6457672525a3abbae5bee676324ae
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm
SHA-256: 1c92e4e0f8240743295c7793dc0d42012cc3bb52035ba83d4b1f4c748e998c93
ppc64le
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 25d13595b87da519da7b2e377cd14a6884096d27491ac9d6643ec694bdd82182
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm
SHA-256: 4c0fcbf3c7ed9dcefbbee0794cbe94094aac30a792c2f772c252d1e9b29d49eb
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm
SHA-256: e3a107824c7a98566ba7ca08540ebf16263808d42305b195669f3a44c22fdeab
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.