Issued:: 2023-02-28
Updated:: 2023-02-28

RHSA-2023:1016 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 17.0 (openstack-cinder) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-cinder is now available for Red Hat OpenStack
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Cinder is the replacement of nova-volume in Folsom and beyond, used for
block storage.

Security Fix(es):

Arbitrary file access through custom VMDK flat descriptor

(CVE-2022-47951)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 17 x86_64
Cinderlib 17 x86_64

Fixes

BZ - 2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor

CVEs

CVE-2022-47951

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 17

SRPM
openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.src.rpm	SHA-256: 162009b907bc08a450d1d5ee362af1b2a5e1ee4ec926d80ef03150e30ac4cd0f
x86_64
openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm	SHA-256: 292018178c74b6e2575b70820378d0be3283bf8ad112a30263055b8225ca3b7c
python3-cinder-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm	SHA-256: b49c3167ae70f8960b2c14bf3c18550562be9b2736d89b31c58f82a06459b9e6
python3-cinder-common-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm	SHA-256: b7e20311e2eb1db47b4006ad52e8def8fe67c85f503b025529e20625a69906fc

Cinderlib 17

SRPM
openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.src.rpm	SHA-256: 162009b907bc08a450d1d5ee362af1b2a5e1ee4ec926d80ef03150e30ac4cd0f
x86_64
python3-cinder-common-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm	SHA-256: b7e20311e2eb1db47b4006ad52e8def8fe67c85f503b025529e20625a69906fc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation