[Bug 2020111] [NEW] CVE-2023-2088 regressions
Corey Bryant
2020111 at bugs.launchpad.net
Thu May 18 14:39:55 UTC 2023
Public bug reported:
There has been a regression found in at least one project due to the fixes for CVE-2023-2088:
https://bugs.launchpad.net/ironic/+bug/2019892
This may also affect other projects that are yet to be known.
We will be reverting the CVE-2023-2088 patches that have been released
to nova, cinder, python-os-brick, and python-glance-store until
everything is settled upstream in order to prevent regressing our users.
** Affects: cloud-archive
Importance: Critical
Status: Triaged
** Affects: cloud-archive/antelope
Importance: Critical
Status: Triaged
** Affects: cloud-archive/bobcat
Importance: Critical
Status: Triaged
** Affects: cloud-archive/victoria
Importance: Critical
Status: Triaged
** Affects: cloud-archive/wallaby
Importance: Critical
Status: Triaged
** Affects: cloud-archive/xena
Importance: Critical
Status: Triaged
** Affects: cloud-archive/yoga
Importance: Critical
Status: Triaged
** Affects: cloud-archive/zed
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu)
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu Focal)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Focal)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu Focal)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu Focal)
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu Jammy)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Jammy)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu Jammy)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu Jammy)
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu Kinetic)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Kinetic)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu Kinetic)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu Kinetic)
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu Lunar)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Lunar)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu Lunar)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu Lunar)
Importance: Critical
Status: Triaged
** Affects: cinder (Ubuntu Mantic)
Importance: Critical
Status: Triaged
** Affects: nova (Ubuntu Mantic)
Importance: Critical
Status: Triaged
** Affects: python-glance-store (Ubuntu Mantic)
Importance: Critical
Status: Triaged
** Affects: python-os-brick (Ubuntu Mantic)
Importance: Critical
Status: Triaged
** Also affects: nova (Ubuntu Kinetic)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu Mantic)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: nova (Ubuntu Lunar)
Importance: Undecided
Status: New
** Also affects: cinder (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python-glance-store (Ubuntu)
Importance: Undecided
Status: New
** Also affects: python-os-brick (Ubuntu)
Importance: Undecided
Status: New
** Also affects: cloud-archive
Importance: Undecided
Status: New
** Changed in: cinder (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: cinder (Ubuntu Focal)
Status: New => Triaged
** Changed in: cinder (Ubuntu Jammy)
Importance: Undecided => Critical
** Changed in: cinder (Ubuntu Jammy)
Status: New => Triaged
** Changed in: cinder (Ubuntu Kinetic)
Importance: Undecided => Critical
** Changed in: cinder (Ubuntu Kinetic)
Status: New => Triaged
** Changed in: cinder (Ubuntu Lunar)
Importance: Undecided => Critical
** Changed in: cinder (Ubuntu Lunar)
Status: New => Triaged
** Changed in: cinder (Ubuntu Mantic)
Importance: Undecided => Critical
** Changed in: cinder (Ubuntu Mantic)
Status: New => Triaged
** Changed in: nova (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Focal)
Status: New => Triaged
** Changed in: nova (Ubuntu Jammy)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Jammy)
Status: New => Triaged
** Changed in: nova (Ubuntu Kinetic)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Kinetic)
Status: New => Triaged
** Changed in: nova (Ubuntu Lunar)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Lunar)
Status: New => Triaged
** Changed in: nova (Ubuntu Mantic)
Importance: Undecided => Critical
** Changed in: nova (Ubuntu Mantic)
Status: New => Triaged
** Changed in: python-glance-store (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: python-glance-store (Ubuntu Focal)
Status: New => Triaged
** Changed in: python-glance-store (Ubuntu Jammy)
Importance: Undecided => Critical
** Changed in: python-glance-store (Ubuntu Jammy)
Status: New => Triaged
** Changed in: python-glance-store (Ubuntu Kinetic)
Importance: Undecided => Critical
** Changed in: python-glance-store (Ubuntu Kinetic)
Status: New => Triaged
** Changed in: python-glance-store (Ubuntu Lunar)
Importance: Undecided => Critical
** Changed in: python-glance-store (Ubuntu Lunar)
Status: New => Triaged
** Changed in: python-glance-store (Ubuntu Mantic)
Importance: Undecided => Critical
** Changed in: python-glance-store (Ubuntu Mantic)
Status: New => Triaged
** Changed in: python-os-brick (Ubuntu Mantic)
Importance: Undecided => Critical
** Changed in: python-os-brick (Ubuntu Mantic)
Status: New => Triaged
** Changed in: python-os-brick (Ubuntu Lunar)
Importance: Undecided => Critical
** Changed in: python-os-brick (Ubuntu Lunar)
Status: New => Triaged
** Changed in: python-os-brick (Ubuntu Kinetic)
Importance: Undecided => Critical
** Changed in: python-os-brick (Ubuntu Kinetic)
Status: New => Triaged
** Changed in: python-os-brick (Ubuntu Jammy)
Importance: Undecided => Critical
** Changed in: python-os-brick (Ubuntu Jammy)
Status: New => Triaged
** Changed in: python-os-brick (Ubuntu Focal)
Importance: Undecided => Critical
** Changed in: python-os-brick (Ubuntu Focal)
Status: New => Triaged
** Also affects: cloud-archive/xena
Importance: Undecided
Status: New
** Also affects: cloud-archive/yoga
Importance: Undecided
Status: New
** Also affects: cloud-archive/wallaby
Importance: Undecided
Status: New
** Also affects: cloud-archive/victoria
Importance: Undecided
Status: New
** Also affects: cloud-archive/zed
Importance: Undecided
Status: New
** Also affects: cloud-archive/bobcat
Importance: Undecided
Status: New
** Also affects: cloud-archive/antelope
Importance: Undecided
Status: New
** Changed in: cloud-archive/antelope
Importance: Undecided => Critical
** Changed in: cloud-archive/antelope
Status: New => Triaged
** Changed in: cloud-archive/bobcat
Importance: Undecided => Critical
** Changed in: cloud-archive/bobcat
Status: New => Triaged
** Changed in: cloud-archive/victoria
Importance: Undecided => Critical
** Changed in: cloud-archive/victoria
Status: New => Triaged
** Changed in: cloud-archive/wallaby
Importance: Undecided => Critical
** Changed in: cloud-archive/wallaby
Status: New => Triaged
** Changed in: cloud-archive/xena
Importance: Undecided => Critical
** Changed in: cloud-archive/xena
Status: New => Triaged
** Changed in: cloud-archive/yoga
Importance: Undecided => Critical
** Changed in: cloud-archive/yoga
Status: New => Triaged
** Changed in: cloud-archive/zed
Importance: Undecided => Critical
** Changed in: cloud-archive/zed
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/2020111
Title:
CVE-2023-2088 regressions
Status in Ubuntu Cloud Archive:
Triaged
Status in Ubuntu Cloud Archive antelope series:
Triaged
Status in Ubuntu Cloud Archive bobcat series:
Triaged
Status in Ubuntu Cloud Archive victoria series:
Triaged
Status in Ubuntu Cloud Archive wallaby series:
Triaged
Status in Ubuntu Cloud Archive xena series:
Triaged
Status in Ubuntu Cloud Archive yoga series:
Triaged
Status in Ubuntu Cloud Archive zed series:
Triaged
Status in cinder package in Ubuntu:
Triaged
Status in nova package in Ubuntu:
Triaged
Status in python-glance-store package in Ubuntu:
Triaged
Status in python-os-brick package in Ubuntu:
Triaged
Status in cinder source package in Focal:
Triaged
Status in nova source package in Focal:
Triaged
Status in python-glance-store source package in Focal:
Triaged
Status in python-os-brick source package in Focal:
Triaged
Status in cinder source package in Jammy:
Triaged
Status in nova source package in Jammy:
Triaged
Status in python-glance-store source package in Jammy:
Triaged
Status in python-os-brick source package in Jammy:
Triaged
Status in cinder source package in Kinetic:
Triaged
Status in nova source package in Kinetic:
Triaged
Status in python-glance-store source package in Kinetic:
Triaged
Status in python-os-brick source package in Kinetic:
Triaged
Status in cinder source package in Lunar:
Triaged
Status in nova source package in Lunar:
Triaged
Status in python-glance-store source package in Lunar:
Triaged
Status in python-os-brick source package in Lunar:
Triaged
Status in cinder source package in Mantic:
Triaged
Status in nova source package in Mantic:
Triaged
Status in python-glance-store source package in Mantic:
Triaged
Status in python-os-brick source package in Mantic:
Triaged
Bug description:
There has been a regression found in at least one project due to the fixes for CVE-2023-2088:
https://bugs.launchpad.net/ironic/+bug/2019892
This may also affect other projects that are yet to be known.
We will be reverting the CVE-2023-2088 patches that have been released
to nova, cinder, python-os-brick, and python-glance-store until
everything is settled upstream in order to prevent regressing our
users.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2020111/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list