Your submission was sent successfully! Close

USN-2703-1: Cinder vulnerability

6 August 2015

Cinder could be made to access unintended files over the network by an authenticated user.



  • cinder - OpenStack storage service


Bastian Blank discovered that Cinder guessed image formats based on
untrusted data. An attacker could use this to read arbitrary files from
the Cinder host.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04

After a standard system update you need to restart cinder to make all the
necessary changes.