Potential regression in CVE-2023-2088 in focal and above

Fixes for https://security.openstack.org/ossa/OSSA-2023-003.html were released in the past week to nova, cinder, python-os-brick, and python-glance-store. Since then there have been reports of volume detachments hanging.

We are looking into it. In the mean time, we suggest holding off on any upgrades to the package versions that include these fixes. Ubuntu package versions can be found at: https://ubuntu.com/security/CVE-2023-2088 . Note that cloud archives from victoria and above also include the fixes.

3 Likes

Users interested on this topic can track the state bug LP: #2020111 - CVE-2023-2088 regressions , the new packages have the CVE fixes reverted as temporary solution while the regressions we are seeing are addressed.