Ubuntu alert USN-6245-1 (openstack-trove)

From:
               Marc Deslauriers <marc.deslauriers@canonical.com>
To:
               "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:
               [USN-6245-1] Trove vulnerabilities
Date:
               Tue, 25 Jul 2023 12:50:24 -0400
Message-ID:
               <eac72a20-ea9c-a2ef-6a8a-bf259d9f7e3a@canonical.com>
==========================================================================
Ubuntu Security Notice USN-6245-1
July 25, 2023

openstack-trove vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Trove could be made to run programs if it received specially crafted
backup commands.

Software Description:
- openstack-trove: Database as a Service for OpenStack

Details:

Adam Bell discovered that Trove incorrectly handled arguments to the backup
command. A remote attacker could possibly use this issue to execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   python3-trove                   2:17.0.0-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6245-1
   https://launchpad.net/bugs/2028680

Package Information:
   https://launchpad.net/ubuntu/+source/openstack-trove/2:17...

From:		Marc Deslauriers <marc.deslauriers@canonical.com>
To:		"ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:		[USN-6245-1] Trove vulnerabilities
Date:		Tue, 25 Jul 2023 12:50:24 -0400
Message-ID:		<eac72a20-ea9c-a2ef-6a8a-bf259d9f7e3a@canonical.com>