CVE-2023-2088 regressions

Bug #2020111 reported by Corey Bryant
56
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
Status tracked in Bobcat
Antelope
Fix Released
Critical
Unassigned
Bobcat
Fix Released
Critical
Unassigned
Victoria
Fix Released
Critical
Unassigned
Wallaby
Fix Released
Critical
Unassigned
Xena
Fix Released
Critical
Unassigned
Yoga
Fix Released
Critical
Unassigned
Zed
Fix Released
Critical
Unassigned
cinder (Ubuntu)
Status tracked in Mantic
Focal
Fix Released
Critical
Unassigned
Jammy
Fix Released
Critical
Unassigned
Kinetic
Fix Released
Critical
Unassigned
Lunar
Fix Released
Critical
Unassigned
Mantic
Fix Released
Critical
Unassigned
nova (Ubuntu)
Status tracked in Mantic
Focal
Fix Released
Critical
Unassigned
Jammy
Fix Released
Critical
Unassigned
Kinetic
Fix Released
Critical
Unassigned
Lunar
Fix Released
Critical
Unassigned
Mantic
Fix Released
Critical
Unassigned
python-glance-store (Ubuntu)
Status tracked in Mantic
Focal
Fix Released
Critical
Unassigned
Jammy
Fix Released
Critical
Unassigned
Kinetic
Fix Released
Critical
Unassigned
Lunar
Fix Released
Critical
Unassigned
Mantic
Fix Released
Critical
Unassigned
python-os-brick (Ubuntu)
Status tracked in Mantic
Focal
Fix Released
Critical
Unassigned
Jammy
Fix Released
Critical
Unassigned
Kinetic
Fix Released
Critical
Unassigned
Lunar
Fix Released
Critical
Unassigned
Mantic
Fix Released
Critical
Unassigned

Bug Description

There has been a regression found in at least one project due to the fixes for CVE-2023-2088:
https://bugs.launchpad.net/ironic/+bug/2019892

This may also affect other projects that are yet to be known.

We will be reverting the CVE-2023-2088 patches that have been released to nova, cinder, python-os-brick, and python-glance-store until everything is settled upstream in order to prevent regressing our users.

CVE References

Changed in cinder (Ubuntu Focal):
importance: Undecided → Critical
status: New → Triaged
Changed in cinder (Ubuntu Jammy):
importance: Undecided → Critical
status: New → Triaged
Changed in cinder (Ubuntu Kinetic):
importance: Undecided → Critical
status: New → Triaged
Changed in cinder (Ubuntu Lunar):
importance: Undecided → Critical
status: New → Triaged
Changed in cinder (Ubuntu Mantic):
importance: Undecided → Critical
status: New → Triaged
Changed in nova (Ubuntu Focal):
importance: Undecided → Critical
status: New → Triaged
Changed in nova (Ubuntu Jammy):
importance: Undecided → Critical
status: New → Triaged
Changed in nova (Ubuntu Kinetic):
importance: Undecided → Critical
status: New → Triaged
Changed in nova (Ubuntu Lunar):
importance: Undecided → Critical
status: New → Triaged
Changed in nova (Ubuntu Mantic):
importance: Undecided → Critical
status: New → Triaged
Changed in python-glance-store (Ubuntu Focal):
importance: Undecided → Critical
status: New → Triaged
Changed in python-glance-store (Ubuntu Jammy):
importance: Undecided → Critical
status: New → Triaged
Changed in python-glance-store (Ubuntu Kinetic):
importance: Undecided → Critical
status: New → Triaged
Changed in python-glance-store (Ubuntu Lunar):
importance: Undecided → Critical
status: New → Triaged
Changed in python-glance-store (Ubuntu Mantic):
importance: Undecided → Critical
status: New → Triaged
Changed in python-os-brick (Ubuntu Mantic):
importance: Undecided → Critical
status: New → Triaged
Changed in python-os-brick (Ubuntu Lunar):
importance: Undecided → Critical
status: New → Triaged
Changed in python-os-brick (Ubuntu Kinetic):
importance: Undecided → Critical
status: New → Triaged
Changed in python-os-brick (Ubuntu Jammy):
importance: Undecided → Critical
status: New → Triaged
Changed in python-os-brick (Ubuntu Focal):
importance: Undecided → Critical
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2:22.0.0-0ubuntu3

---------------
cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 10:53:15 -0400

Changed in cinder (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 3:27.0.0-0ubuntu3

---------------
nova (3:27.0.0-0ubuntu3) mantic; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 10:50:36 -0400

Changed in nova (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-glance-store - 4.3.0-0ubuntu3

---------------
python-glance-store (4.3.0-0ubuntu3) mantic; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:09:59 -0400

Changed in python-glance-store (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Billy Olsen (billy-olsen) wrote :

There's some other regressions identified here as well - https://bugs.launchpad.net/charm-nova-compute/+bug/2019888 is one such example.

Revision history for this message
Corey Bryant (corey.bryant) wrote : Please test proposed package

Hello Corey, or anyone else affected,

Accepted cinder into xena-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:xena-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-xena-needed to verification-xena-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-xena-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-xena-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted cinder into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into xena-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:xena-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-xena-needed to verification-xena-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-xena-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted cinder into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-glance-store into xena-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:xena-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-xena-needed to verification-xena-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-xena-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-victoria-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-glance-store into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-wallaby-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-glance-store into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into xena-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:xena-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-xena-needed to verification-xena-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-xena-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 6.2.0-0ubuntu4

---------------
python-os-brick (6.2.0-0ubuntu4) mantic; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:06:13 -0400

Changed in python-os-brick (Ubuntu Mantic):
status: Triaged → Fix Released
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted cinder into zed-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-zed-needed to verification-zed-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-zed-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cloud-archive:
status: Triaged → Fix Committed
tags: added: verification-zed-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into zed-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-zed-needed to verification-zed-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-zed-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:19.3.0-0ubuntu1~cloud1
---------------

 cinder (2:19.3.0-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
 .
 cinder (2:19.3.0-0ubuntu1~cloud0) focal-xena; urgency=medium
 .
   * New stable point release for OpenStack Xena (LP: #2019762).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 3:24.2.1-0ubuntu1~cloud1
---------------

 nova (3:24.2.1-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
 .
 nova (3:24.2.1-0ubuntu1~cloud0) focal-xena; urgency=medium
 .
   * New stable point release for OpenStack Xena (LP: #2019762).

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-glance-store - 2.7.0-0ubuntu1~cloud2
---------------

 python-glance-store (2.7.0-0ubuntu1~cloud2) focal-xena; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-os-brick has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-os-brick - 5.0.3-0ubuntu1~cloud1
---------------

 python-os-brick (5.0.3-0ubuntu1~cloud1) focal-xena; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:18.2.1-0ubuntu1~cloud4
---------------

 cinder (2:18.2.1-0ubuntu1~cloud4) focal-wallaby; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 3:23.2.2-0ubuntu1~cloud4
---------------

 nova (3:23.2.2-0ubuntu1~cloud4) focal-wallaby; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-glance-store - 2.5.0-0ubuntu2~cloud2
---------------

 python-glance-store (2.5.0-0ubuntu2~cloud2) focal-wallaby; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-os-brick has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-os-brick - 4.3.3-0ubuntu1~cloud2
---------------

 python-os-brick (4.3.3-0ubuntu1~cloud2) focal-wallaby; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:17.4.0-0ubuntu1~cloud4
---------------

 cinder (2:17.4.0-0ubuntu1~cloud4) focal-victoria; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 2:22.4.0-0ubuntu1~cloud4
---------------

 nova (2:22.4.0-0ubuntu1~cloud4) focal-victoria; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in cloud-archive:
status: Fix Committed → Fix Released
tags: added: verification-yoga-needed
Changed in cinder (Ubuntu Lunar):
status: Triaged → Fix Released
Changed in cinder (Ubuntu Kinetic):
status: Triaged → Fix Released
Changed in cinder (Ubuntu Focal):
status: Triaged → Fix Released
Changed in cinder (Ubuntu Jammy):
status: Triaged → Fix Released
Changed in python-glance-store (Ubuntu Jammy):
status: Triaged → Fix Released
Changed in python-glance-store (Ubuntu Focal):
status: Triaged → Fix Released
Changed in python-glance-store (Ubuntu Lunar):
status: Triaged → Fix Released
Changed in python-glance-store (Ubuntu Kinetic):
status: Triaged → Fix Released
Changed in nova (Ubuntu Focal):
status: Triaged → Fix Released
Changed in nova (Ubuntu Lunar):
status: Triaged → Fix Released
Changed in nova (Ubuntu Kinetic):
status: Triaged → Fix Released
Changed in nova (Ubuntu Jammy):
status: Triaged → Fix Released
26 comments hidden view all 106 comments
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 3.0.8-0ubuntu1.2

---------------
python-os-brick (3.0.8-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:09:10 -0400

Changed in python-os-brick (Ubuntu Kinetic):
status: Triaged → Fix Released
Changed in python-os-brick (Ubuntu Focal):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 6.2.0-0ubuntu2.2

---------------
python-os-brick (6.2.0-0ubuntu2.2) lunar-security; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:06:54 -0400

Changed in python-os-brick (Ubuntu Lunar):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python-os-brick - 5.2.2-0ubuntu1.1

---------------
python-os-brick (5.2.2-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
    - debian/patches/series: Do not apply CVE-2023-2088.patch until
      patches are ready for all upstream OpenStack projects.
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Thu, 18 May 2023 11:08:32 -0400

Changed in python-os-brick (Ubuntu Jammy):
status: Triaged → Fix Released
Revision history for this message
Corey Bryant (corey.bryant) wrote : Please test proposed package

Hello Corey, or anyone else affected,

Accepted python-glance-store into zed-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-zed-needed to verification-zed-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-zed-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-glance-store into yoga-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:yoga-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-yoga-needed to verification-yoga-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-yoga-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into zed-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:zed-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-zed-needed to verification-zed-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-zed-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into yoga-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:yoga-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-yoga-needed to verification-yoga-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-yoga-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted cinder into antelope-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:antelope-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-antelope-needed to verification-antelope-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-antelope-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-antelope-needed
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted nova into antelope-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:antelope-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-antelope-needed to verification-antelope-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-antelope-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-glance-store into antelope-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:antelope-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-antelope-needed to verification-antelope-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-antelope-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Corey, or anyone else affected,

Accepted python-os-brick into antelope-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:antelope-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-antelope-needed to verification-antelope-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-antelope-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:21.2.0-0ubuntu1~cloud0
---------------

 cinder (2:21.2.0-0ubuntu1~cloud0) jammy-zed; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 cinder (2:21.2.0-0ubuntu1) kinetic; urgency=medium
 .
   * New stable point release for OpenStack Zed (LP: #2019755).
   * d/p/lp1945500.patch: Dropped. Fixed in stable point release.
 .
 cinder (2:21.1.0-0ubuntu2.2) kinetic-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 3:26.1.1-0ubuntu1~cloud0
---------------

 nova (3:26.1.1-0ubuntu1~cloud0) jammy-zed; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 nova (3:26.1.1-0ubuntu1) kinetic; urgency=medium
 .
   * New stable point release for OpenStack Zed (LP: #2019755).
 .
 nova (3:26.1.0-0ubuntu2.2) kinetic-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-glance-store - 4.1.0-0ubuntu1.2~cloud0
---------------

 python-glance-store (4.1.0-0ubuntu1.2~cloud0) jammy-zed; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-glance-store (4.1.0-0ubuntu1.2) kinetic-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-os-brick has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-os-brick - 6.1.0-0ubuntu1.2~cloud0
---------------

 python-os-brick (6.1.0-0ubuntu1.2~cloud0) jammy-zed; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-os-brick (6.1.0-0ubuntu1.2) kinetic-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:22.0.0-0ubuntu1.2~cloud0
---------------

 cinder (2:22.0.0-0ubuntu1.2~cloud0) jammy-antelope; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 cinder (2:22.0.0-0ubuntu1.2) lunar-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 3:27.0.0-0ubuntu1.2~cloud0
---------------

 nova (3:27.0.0-0ubuntu1.2~cloud0) jammy-antelope; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 nova (3:27.0.0-0ubuntu1.2) lunar-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-glance-store - 4.3.0-0ubuntu1.2~cloud0
---------------

 python-glance-store (4.3.0-0ubuntu1.2~cloud0) jammy-antelope; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-glance-store (4.3.0-0ubuntu1.2) lunar-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-os-brick has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-os-brick - 6.2.0-0ubuntu2.2~cloud0
---------------

 python-os-brick (6.2.0-0ubuntu2.2~cloud0) jammy-antelope; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-os-brick (6.2.0-0ubuntu2.2) lunar-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for cinder has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package cinder - 2:20.2.0-0ubuntu1~cloud0
---------------

 cinder (2:20.2.0-0ubuntu1~cloud0) focal-yoga; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 cinder (2:20.2.0-0ubuntu1) jammy; urgency=medium
 .
   * New stable point release for OpenStack Yoga (LP: #2019759).
   * d/p/lp1945500.patch: Dropped. Fixed in stable point release.
 .
 cinder (2:20.1.0-0ubuntu2.2) jammy-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for nova has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package nova - 3:25.1.1-0ubuntu1~cloud0
---------------

 nova (3:25.1.1-0ubuntu1~cloud0) focal-yoga; urgency=medium
 .
   * New upstream release for the Ubuntu Cloud Archive.
 .
 nova (3:25.1.1-0ubuntu1) jammy; urgency=medium
 .
   * New stable point release for OpenStack Yoga (LP: #2019759).
   * d/p/ignore-deleted-server-groups-in-validation.patch: Dropped. Fixed
     in stable point release.
 .
 nova (3:25.1.0-0ubuntu2.2) jammy-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-glance-store has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-glance-store - 3.0.0-0ubuntu1.2~cloud0
---------------

 python-glance-store (3.0.0-0ubuntu1.2~cloud0) focal-yoga; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-glance-store (3.0.0-0ubuntu1.2) jammy-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Corey Bryant (corey.bryant) wrote :

The verification of the Stable Release Update for python-os-brick has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package python-os-brick - 5.2.2-0ubuntu1.1~cloud0
---------------

 python-os-brick (5.2.2-0ubuntu1.1~cloud0) focal-yoga; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 python-os-brick (5.2.2-0ubuntu1.1) jammy-security; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088

Revision history for this message
Christian Rohmann (christian-rohmann) wrote (last edit ):

For Nova there is yet an other patch / point release missing to mitigate this these regression: https://review.opendev.org/c/openstack/nova/+/882864

So required for Nova are point releases >=25.2.0 (https://docs.openstack.org/releasenotes/nova/yoga.html#relnotes-25-2-0-stable-yoga).

Corey, could you kindly update the packages for Nova to 25.2.x then?

Revision history for this message
Vladimir Grujic (hyperbaba) wrote :

When those patches are going to land in the stable channels? I have deployed a charmed openstack yoga/stable platform which is still affected by those regressions.

Revision history for this message
Felipe Reyes (freyes) wrote :

The patch pointed out by Christian is already in the package available in jammy-updates and focal-yoga cloud archive.

$ git tag --contains 98c3e3707c08a07f7ca5996086b165512f604ad6
25.2.0
25.2.1
$ rmadison nova | grep jammy
 nova | 3:25.0.0-0ubuntu1 | jammy | source
 nova | 3:25.1.1-0ubuntu1.1 | jammy-security | source
 nova | 3:25.2.0-0ubuntu1 | jammy-updates | source # <- this package contains the fix
$ cmadison nova | grep yoga
 nova | 3:25.2.0-0ubuntu1~cloud0 | yoga | focal-updates | source # <- this package contains the fix
 nova | 3:25.2.0-0ubuntu1~cloud0 | yoga-proposed | focal-proposed | source

Revision history for this message
Vladimir Grujic (hyperbaba) wrote :

I've updated the packages to the required version manually (unattended-upgrades was stuck in configuration prompt and did not update the packages itself) and restarted the services. The problem still remains that when instance is deleted volume is not deleted and stuck in attached state. Error in nova-compute states:

ERROR nova.volume.cinder [req-73a404fd-92dd-4458-a951-b784fccb6515 c23a1dcf89be43aea4102a4a225ee45e b2f401016d434d3e82636ea595703be4 - 31b5b42eb1a6430da321f73f400f5b5b 31b5b42eb1a6430da321f73f400f5b5b] Delete attachment failed for attachment 2c680876-e37a-4249-966a-6039296e73d2. Error: ConflictNovaUsingAttachment: Detach volume from instance 2cef6a3d-61ea-4851-a1ff-b968171de874 using the Compute API (HTTP 409) (Request-ID: req-43d628f7-5ee1-43dc-9b1e-12004362df14) Code: 409: cinderclient.exceptions.ClientException: ConflictNovaUsingAttachment: Detach volume from instance 2cef6a3d-61ea-4851-a1ff-b968171de874 using the Compute API (HTTP 409) (Request-ID: req-43d628f7-5ee1-43dc-9b1e-12004362df14)

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

@hyperbaba, if you are still having issues, then we're going to need more information about your system please. Please could you have a read of:

https://docs.openstack.org/charm-guide/yoga/community/software-bug.html

Specifically, the juju status, juju bundle and (juju and service) logs from cinder and nova will be needed please.

Displaying first 40 and last 40 comments. View all 106 comments or add a comment.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.