USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update
introduced a regression with detaching volumes. The security fix has been
removed pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html
More Stories
stb-0-0.50.20241002git31707d1.el8
FEDORA-EPEL-2025-f5725d94b3 Packages in this update: stb-0-0.50.20241002git31707d1.el8 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
USN-7169-5: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
stb-0^20241002git31707d1-4.el9
FEDORA-EPEL-2025-75d8605b8c Packages in this update: stb-0^20241002git31707d1-4.el9 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
stb-0^20241002git31707d1-5.el10_0
FEDORA-EPEL-2025-93a1152ae1 Packages in this update: stb-0^20241002git31707d1-5.el10_0 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
stb-0^20241002git31707d1-4.fc40
FEDORA-2025-49e8952aab Packages in this update: stb-0^20241002git31707d1-4.fc40 Update description: Add another patch for the root cause of CVE-2021-45340. We already have...
ZDI-25-026: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit...