Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Red Hat Enterprise Linux 7: RHSA-2015:1862-01 Moderate: OpenStack Threat

red hat
Calendar Grey October 8, 2015
Scroller Redhat
Red Hat's advisory highlights key security enhancements for OpenStack Platform 7.0 director, detailing several moderate fixes and new packages for improved system security
Updated packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat ...

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat Enterprise Linux OpenStack Platform.
A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. (CVE-2015-5271)
This issue was discovered by Christian Schwede and Emilien Macchi of Red Hat.
This update also fixes numerous bugs and adds various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux OpenStack Platform 7 Release Notes, linked to in the References section, for information on the most significant of these changes.
All Red Hat Enterprise Linux OpenStack Platform 7.0 director users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

References

https://access.redhat.com/security/cve/CVE-2015-5271 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/release-notes

Package List

Openstack 7.0 director for RHEL 7:
Source: ahc-tools-0.1.1-6.el7ost.src.rpm instack-undercloud-2.1.2-29.el7ost.src.rpm openstack-ironic-discoverd-1.1.0-6.el7ost.src.rpm openstack-tripleo-common-0.0.1.dev6-3.git49b57eb.el7ost.src.rpm openstack-tripleo-heat-templates-0.8.6-71.el7ost.src.rpm openstack-tripleo-image-elements-0.9.6-10.el7ost.src.rpm openstack-tripleo-puppet-elements-0.0.1-5.el7ost.src.rpm openstack-tuskar-0.4.18-4.el7ost.src.rpm openstack-tuskar-ui-0.4.0-3.el7ost.src.rpm os-cloud-config-0.2.8-7.el7ost.src.rpm os-net-config-0.1.4-4.el7ost.src.rpm python-hardware-0.14-7.el7ost.src.rpm python-proliantutils-2.1.0-4.el7ost.src.rpm python-rdomanager-oscplugin-0.0.10-8.el7ost.src.rpm
noarch: ahc-tools-0.1.1-6.el7ost.noarch.rpm instack-undercloud-2.1.2-29.el7ost.noarch.rpm openstack-ironic-discoverd-1.1.0-6.el7ost.noarch.rpm openstack-ironic-discoverd-ramdisk-1.1.0-6.el7ost.noarch.rpm openstack-tripleo-common-0.0.1.dev6-3.git49b57eb.el7ost.noarch.rpm openstack-tripleo-heat-templates-0.8.6-71.el7ost.noarch.rpm openstack-tripleo-image-elements-0.9.6-10.el7ost.noarch.rpm openstack-tripleo-puppet-elements-0.0.1-5.el7ost.noarch.rpm openstack-tuskar-0.4.18-4.el7ost.noarch.rpm openstack-tuskar-ui-0.4.0-3.el7ost.noarch.rpm os-cloud-config-0.2.8-7.el7ost.noarch.rpm

Read the Full Advisory


Advisory ID: RHSA-2015:1862-01
Product: Red Hat Enterprise Linux OpenStack Platform
Issue date: 2015-10-08

Topic

Updated packages that fix one security issue, several bugs, and add variousenhancements are now available for Red Hat Enterprise Linux OpenStackPlatform 7.0 director for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.

Relevant Releases Architectures

Openstack 7.0 director for RHEL 7 - noarch

Bugs Fixed

1223022 - Ceilometer API port not allowed in firewall rules on undercloud

1226376 - Neutron API port not allowed in firewall rules on undercloud

1228862 - Can `openstack undercloud install` have a --force-clean option so an error doesn't require restarting?

1231777 - Its possible to scale up beyond the number of free nodes

1233949 - overcloud horizon apache config doesn't appear to use a network vip

1235320 - Unhelpful failure when incorrect parameters are given

1235325 - "openstack baremetal configure boot" should skip nodes that have maintenance=true

1236136 - All overcloud keystone endpoints get configured with the public IP when using network isolation

1236663 - No output for upload images command

1236707 - undercloud.conf.sample incorrectly states that heat db encryption key can be 8,16, or 32 chars1237020 - undercloud GUI- Image field is mandatory when setting VM for deploy overcloud

1240260 - introspection timed out for 2 VM nodes

1241199 - openstack baremetal configure boot is not safe to run a second time

1241668 - 'openstack help overcloud deploy' : doesn't cover comments/explanation for all deployment --arguments

1243015 - Overcloud stack name hard-coded

1243032 - Hard-coded reference to instackenv.json

1243062 - On deployment failure, no reason is returned

1243121 - Neutron port quota fails larger overcloud deployments

1243472 - don't save UpdateIdentifier in tuskar when running package update

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.