Headline
RHSA-2023:3156: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-17
Updated:
2023-05-17
RHSA-2023:3156 - Security Advisory
- Overview
- Updated Packages
Synopsis
Critical: Red Hat OpenStack Platform 16.1 security update
Type/Severity
Security Advisory: Critical
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.1 (Train).
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Security Fix(es):
- EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user’s
volumes (CVE-2023-2088)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Affected Products
- Red Hat OpenStack for IBM Power 16.1 ppc64le
- Red Hat OpenStack 16.1 x86_64
- Cinderlib 16.1 x86_64
- Cinderlib for IBM Power LE 16.1 ppc64le
Fixes
- BZ - 2179587 - CVE-2023-2088 openstack-cinder: silently access other user’s volumes
Red Hat OpenStack for IBM Power 16.1
SRPM
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm
SHA-256: 1d2d10ec3a011a76859854ec7183960554a92f912963039309660221208413b8
openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm
SHA-256: 35779039be1d0b5ee71122f52c9264711be8ae1ebc4513c7111d2f51acd1175e
python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm
SHA-256: 1a2834e850e1bb28b8ec30340862ee3927ac87fba216a99ef3c5b0b96ceee21c
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm
SHA-256: 2b393040316fd75b368ec9d480c8daafdd8436b898d24ecb81f93f119ef53c35
ppc64le
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 95907223e4258299883c8e90cb8b1423d3b7ce1241bbc61cb3079cb4a0aa4b02
openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 42060b9ee962406e8cbc3d92f78c4b3ac741881e0c1cacec30472f9371fc0543
openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 243c7af0b01df0fc079aa92ae3c143a5eec25c2c3e41ecbf60715bf2081a96b1
openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 9a95f18537da9ce36a4ce3d0ebcc59369e1530877b26d23f3d8ebf82116e4a4b
openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 68fbf518c4f02665c20d40a12489d3be7e96340465f84707266a78daaf496c89
openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 806121e75b532b002199510b10f837840232609805797ffacb55484b133903e9
openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: d0af59b1d3f00e3ef465efca16eafcb0584196a64ca3aa28994d9ae8bd7e604e
openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 1b973435396c15e1f6f8e97d8c1b1b870cd94e1789f3bd891b47bbd0c776c2c3
openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: ca19c82751853be0ec50f099704830efe05d789d09535a3f466a8c724312fe68
openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 95c25566ba0734375ac1f97339535a874768448522a5ecd0c151e280f30fc50c
openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: be273e49e4a321b4def647834aa1884cd86f0cf5f21b993510c53195e11e5312
openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: b39adfa40e099a553bd4896bf951c58e4dc1fdf80c6888040b00d8f72acf6e29
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 087db34d844e0422eff18e36ab4a2a722173d3ee18fba45155139287aac09d99
python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm
SHA-256: 3a7fb613148c02e49b61936c3dcd5ad256e7837fd8fa9424ed087475dc5dafad
python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 2b00e21d7cea32018217ef5f99b151ed69967cbdac5e277e8e7e20dd728a7124
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm
SHA-256: 2d6ff35cc23956aeb04063671b93cd24bdebfe65294fe6b8dc896b89a42e90d2
Red Hat OpenStack 16.1
SRPM
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm
SHA-256: 1d2d10ec3a011a76859854ec7183960554a92f912963039309660221208413b8
openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm
SHA-256: 35779039be1d0b5ee71122f52c9264711be8ae1ebc4513c7111d2f51acd1175e
python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm
SHA-256: 1a2834e850e1bb28b8ec30340862ee3927ac87fba216a99ef3c5b0b96ceee21c
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm
SHA-256: 2b393040316fd75b368ec9d480c8daafdd8436b898d24ecb81f93f119ef53c35
x86_64
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 95907223e4258299883c8e90cb8b1423d3b7ce1241bbc61cb3079cb4a0aa4b02
openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 42060b9ee962406e8cbc3d92f78c4b3ac741881e0c1cacec30472f9371fc0543
openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 243c7af0b01df0fc079aa92ae3c143a5eec25c2c3e41ecbf60715bf2081a96b1
openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 9a95f18537da9ce36a4ce3d0ebcc59369e1530877b26d23f3d8ebf82116e4a4b
openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 68fbf518c4f02665c20d40a12489d3be7e96340465f84707266a78daaf496c89
openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 806121e75b532b002199510b10f837840232609805797ffacb55484b133903e9
openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: d0af59b1d3f00e3ef465efca16eafcb0584196a64ca3aa28994d9ae8bd7e604e
openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 1b973435396c15e1f6f8e97d8c1b1b870cd94e1789f3bd891b47bbd0c776c2c3
openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: ca19c82751853be0ec50f099704830efe05d789d09535a3f466a8c724312fe68
openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 95c25566ba0734375ac1f97339535a874768448522a5ecd0c151e280f30fc50c
openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: be273e49e4a321b4def647834aa1884cd86f0cf5f21b993510c53195e11e5312
openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: b39adfa40e099a553bd4896bf951c58e4dc1fdf80c6888040b00d8f72acf6e29
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 087db34d844e0422eff18e36ab4a2a722173d3ee18fba45155139287aac09d99
python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm
SHA-256: 3a7fb613148c02e49b61936c3dcd5ad256e7837fd8fa9424ed087475dc5dafad
python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm
SHA-256: 2b00e21d7cea32018217ef5f99b151ed69967cbdac5e277e8e7e20dd728a7124
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm
SHA-256: 2d6ff35cc23956aeb04063671b93cd24bdebfe65294fe6b8dc896b89a42e90d2
Cinderlib 16.1
SRPM
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm
SHA-256: 1d2d10ec3a011a76859854ec7183960554a92f912963039309660221208413b8
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm
SHA-256: 2b393040316fd75b368ec9d480c8daafdd8436b898d24ecb81f93f119ef53c35
x86_64
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 95907223e4258299883c8e90cb8b1423d3b7ce1241bbc61cb3079cb4a0aa4b02
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 087db34d844e0422eff18e36ab4a2a722173d3ee18fba45155139287aac09d99
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm
SHA-256: 2d6ff35cc23956aeb04063671b93cd24bdebfe65294fe6b8dc896b89a42e90d2
Cinderlib for IBM Power LE 16.1
SRPM
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm
SHA-256: 1d2d10ec3a011a76859854ec7183960554a92f912963039309660221208413b8
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm
SHA-256: 2b393040316fd75b368ec9d480c8daafdd8436b898d24ecb81f93f119ef53c35
ppc64le
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 95907223e4258299883c8e90cb8b1423d3b7ce1241bbc61cb3079cb4a0aa4b02
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm
SHA-256: 087db34d844e0422eff18e36ab4a2a722173d3ee18fba45155139287aac09d99
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm
SHA-256: 2d6ff35cc23956aeb04063671b93cd24bdebfe65294fe6b8dc896b89a42e90d2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.
Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.
Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.