UbuntuUpdates.org

Package "ironic-conductor"

Name: ironic-conductor

Description:

Openstack bare metal provisioning service - conductor

Latest version: 1:20.1.0-0ubuntu1.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: ironic

Links


Download "ironic-conductor"


Other versions of "ironic-conductor" in Jammy

Repository Area Version
base universe 1:20.1.0-0ubuntu1
security universe 1:20.1.0-0ubuntu1.2

Changelog

Version: 1:20.1.0-0ubuntu1.2 2024-09-04 19:07:02 UTC

  ironic (1:20.1.0-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: ensure underlying environment details not leaked when a
    maliciously crafted image is used (LP: #2071740).
    - d/p/CVE-2024-44082.patch: Harden all image handling and conversion code.
    - d/control: Add qemu-utils to Build-Depends to allow unit tests to run
      qemu-img.
    - CVE-2024-44082

 -- Felipe Reyes <email address hidden> Tue, 03 Sep 2024 16:09:13 +0100

Source diff to previous version
2071740 [OSSA-2024-003] Unvalidated image data passed to qemu-img (CVE-2024-44082)

Version: 1:20.1.0-0ubuntu1.1 2023-07-24 18:07:46 UTC

  ironic (1:20.1.0-0ubuntu1.1) jammy-security; urgency=medium

  * d/gbp.conf: Create stable/yoga branch.
  * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
    - debian/patches/CVE-2023-2088.patch: Fix Cinder Integration
      fallout from CVE-2023-2088
    - CVE-2023-2088

 -- Corey Bryant <email address hidden> Wed, 31 May 2023 16:16:26 -0400

CVE-2023-2088 OSSA-2023-003: Unauthorized volume access through deleted volume attachments



About   -   Send Feedback to @ubuntu_updates