CVE-2023-2088 regressions
Bug #2020111 reported by
Corey Bryant
This bug affects 12 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Ubuntu Cloud Archive | Status tracked in Bobcat | |||||
Antelope |
Fix Released
|
Critical
|
Unassigned | |||
Bobcat |
Fix Released
|
Critical
|
Unassigned | |||
Victoria |
Fix Released
|
Critical
|
Unassigned | |||
Wallaby |
Fix Released
|
Critical
|
Unassigned | |||
Xena |
Fix Released
|
Critical
|
Unassigned | |||
Yoga |
Fix Released
|
Critical
|
Unassigned | |||
Zed |
Fix Released
|
Critical
|
Unassigned | |||
cinder (Ubuntu) | Status tracked in Mantic | |||||
Focal |
Fix Released
|
Critical
|
Unassigned | |||
Jammy |
Fix Released
|
Critical
|
Unassigned | |||
Kinetic |
Fix Released
|
Critical
|
Unassigned | |||
Lunar |
Fix Released
|
Critical
|
Unassigned | |||
Mantic |
Fix Released
|
Critical
|
Unassigned | |||
nova (Ubuntu) | Status tracked in Mantic | |||||
Focal |
Fix Released
|
Critical
|
Unassigned | |||
Jammy |
Fix Released
|
Critical
|
Unassigned | |||
Kinetic |
Fix Released
|
Critical
|
Unassigned | |||
Lunar |
Fix Released
|
Critical
|
Unassigned | |||
Mantic |
Fix Released
|
Critical
|
Unassigned | |||
python-glance-store (Ubuntu) | Status tracked in Mantic | |||||
Focal |
Fix Released
|
Critical
|
Unassigned | |||
Jammy |
Fix Released
|
Critical
|
Unassigned | |||
Kinetic |
Fix Released
|
Critical
|
Unassigned | |||
Lunar |
Fix Released
|
Critical
|
Unassigned | |||
Mantic |
Fix Released
|
Critical
|
Unassigned | |||
python-os-brick (Ubuntu) | Status tracked in Mantic | |||||
Focal |
Fix Released
|
Critical
|
Unassigned | |||
Jammy |
Fix Released
|
Critical
|
Unassigned | |||
Kinetic |
Fix Released
|
Critical
|
Unassigned | |||
Lunar |
Fix Released
|
Critical
|
Unassigned | |||
Mantic |
Fix Released
|
Critical
|
Unassigned |
Bug Description
There has been a regression found in at least one project due to the fixes for CVE-2023-2088:
https:/
This may also affect other projects that are yet to be known.
We will be reverting the CVE-2023-2088 patches that have been released to nova, cinder, python-os-brick, and python-glance-store until everything is settled upstream in order to prevent regressing our users.
CVE References
Changed in cinder (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in cinder (Ubuntu Jammy): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in cinder (Ubuntu Kinetic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in cinder (Ubuntu Lunar): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in cinder (Ubuntu Mantic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in nova (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in nova (Ubuntu Jammy): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in nova (Ubuntu Kinetic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in nova (Ubuntu Lunar): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in nova (Ubuntu Mantic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-glance-store (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-glance-store (Ubuntu Jammy): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-glance-store (Ubuntu Kinetic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-glance-store (Ubuntu Lunar): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-glance-store (Ubuntu Mantic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-os-brick (Ubuntu Mantic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-os-brick (Ubuntu Lunar): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-os-brick (Ubuntu Kinetic): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-os-brick (Ubuntu Jammy): | |
importance: | Undecided → Critical |
status: | New → Triaged |
Changed in python-os-brick (Ubuntu Focal): | |
importance: | Undecided → Critical |
status: | New → Triaged |
tags: | added: verification-yoga-needed |
Changed in cinder (Ubuntu Lunar): | |
status: | Triaged → Fix Released |
Changed in cinder (Ubuntu Kinetic): | |
status: | Triaged → Fix Released |
Changed in cinder (Ubuntu Focal): | |
status: | Triaged → Fix Released |
Changed in cinder (Ubuntu Jammy): | |
status: | Triaged → Fix Released |
Changed in python-glance-store (Ubuntu Jammy): | |
status: | Triaged → Fix Released |
Changed in python-glance-store (Ubuntu Focal): | |
status: | Triaged → Fix Released |
Changed in python-glance-store (Ubuntu Lunar): | |
status: | Triaged → Fix Released |
Changed in python-glance-store (Ubuntu Kinetic): | |
status: | Triaged → Fix Released |
Changed in nova (Ubuntu Focal): | |
status: | Triaged → Fix Released |
Changed in nova (Ubuntu Lunar): | |
status: | Triaged → Fix Released |
Changed in nova (Ubuntu Kinetic): | |
status: | Triaged → Fix Released |
Changed in nova (Ubuntu Jammy): | |
status: | Triaged → Fix Released |
This bug was fixed in the package cinder - 2:22.0.0-0ubuntu3
---------------
cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111) patches/ series: Do not apply CVE-2023-2088.patch until
- debian/
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
-- Corey Bryant <email address hidden> Thu, 18 May 2023 10:53:15 -0400