{"id":"USN-6073-5","summary":"nova regression","details":"USN-6073-3 fixed a vulnerability in Nova. The update introduced a\nregression causing Nova to be unable to detach volumes from instances. This\nupdate fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly\n handled deleted volume attachments. An authenticated user or attacker could\n possibly use this issue to gain access to sensitive information.\n \n This update may require configuration changes to be completely effective,\n please see the upstream advisory for more information:\n \n https://security.openstack.org/ossa/OSSA-2023-003.html\n","modified":"2026-02-10T04:43:07Z","published":"2023-05-14T16:59:12Z","related":["UBUNTU-CVE-2023-2088"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6073-5"},{"type":"REPORT","url":"https://launchpad.net/bugs/2019460"}],"affected":[{"package":{"name":"nova","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/nova@2:21.2.4-0ubuntu2.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:21.2.4-0ubuntu2.4"}]}],"versions":["2:20.0.0-0ubuntu1","2:21.0.0~b1~git2019120415.45fb747c98-0ubuntu1","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu2","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu4","2:21.0.0~b2~git2020021008.1fcd74730d-0ubuntu5","2:21.0.0~b3~git2020041013.57ff308d6d-0ubuntu2","2:21.0.0-0ubuntu0.20.04.1","2:21.0.0-0ubuntu0.20.04.2","2:21.1.0-0ubuntu1","2:21.1.1-0ubuntu2","2:21.1.2-0ubuntu1","2:21.2.0-0ubuntu1","2:21.2.1-0ubuntu1","2:21.2.2-0ubuntu1","2:21.2.3-0ubuntu1","2:21.2.4-0ubuntu1","2:21.2.4-0ubuntu2","2:21.2.4-0ubuntu2.1","2:21.2.4-0ubuntu2.2","2:21.2.4-0ubuntu2.3"],"ecosystem_specific":{"binaries":[{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-ajax-console-proxy"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-api"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-api-metadata"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-api-os-compute"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-api-os-volume"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-cells"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-common"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-kvm"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-libvirt"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-lxc"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-qemu"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-vmware"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-compute-xen"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-conductor"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-novncproxy"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-scheduler"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-serialproxy"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-spiceproxy"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"nova-volume"},{"binary_version":"2:21.2.4-0ubuntu2.4","binary_name":"python3-nova"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6073-5.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.3"}