Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat OpenStack 13.0: RHSA-2019-0564-01 Low Severity Update

red hat
Calendar Grey March 14, 2019
Dist Redhat Esm H88
Canonical has released a minor security patch for Ubuntu Server 20.04. Information regarding vulnerabilities addressed and enhancements provided.
An update is now available for Red Hat OpenStack Platform 13.0 (Queens)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
The following packages have been upgraded to a later upstream version: ansible (2.6.11), openstack-ec2-api (6.0.1), openstack-manila (6.0.2), openstack-selinux (0.8.17), openstack-tempest (18.0.0), os-apply-config (8.3.1), python-barbicanclient (4.6.0), python-docker (2.4.2), python-heat-tests-tempest (0.1.1), python-novajoin (1.0.22), python-openstackclient (3.14.3), python-openstacksdk (0.11.3), python-vmware-nsxlib (12.0.4), rhosp-release (13.0.5). (BZ#1669146)
Security Fix(es):
* ansible: Information disclosure in vvv+ mode with no_log on (CVE-2018-16876)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2018-16876 https://access.redhat.com/security/updates/classification/#low

Package List

Red Hat OpenStack Platform 13.0:
Source: python-barbicanclient-4.6.0-2.el7ost.src.rpm python-openstackclient-3.14.3-2.el7ost.src.rpm python-openstacksdk-0.11.3-2.el7ost.src.rpm
noarch: python-openstackclient-lang-3.14.3-2.el7ost.noarch.rpm python2-barbicanclient-4.6.0-2.el7ost.noarch.rpm python2-openstackclient-3.14.3-2.el7ost.noarch.rpm python2-openstacksdk-0.11.3-2.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0:
Source: ansible-2.6.11-1.el7ae.src.rpm openstack-ec2-api-6.0.1-0.20181123223255.1e25260.el7ost.src.rpm openstack-manila-6.0.2-5.el7ost.src.rpm openstack-selinux-0.8.17-2.el7ost.src.rpm openstack-tempest-18.0.0-6.el7ost.src.rpm os-apply-config-8.3.1-0.20180831234255.be699ba.el7ost.src.rpm python-barbicanclient-4.6.0-2.el7ost.src.rpm python-docker-2.4.2-2.el7.src.rpm python-heat-tests-tempest-0.1.1-0.20180514163845.9d99219.el7ost.src.rpm python-novajoin-1.0.22-1.el7ost.src.rpm python-openstackclient-3.14.3-2.el7ost.src.rpm python-openstacksdk-0.11.3-2.el7ost.src.rpm python-vmware-nsxlib-12.0.4-3.el7ost.src.rpm rhosp-release-13.0.5-1.el7ost.src.rpm
noarch: ansible-2.6.11-1.el7ae.noarch.rpm openstack-ec2-api-6.0.1-0.20181123223255.1e25260.el7ost.noarch.rpm openstack-manila-6.0.2-5.el7ost.noarch.rpm openstack-manila-share-6.0.2-5.el7ost.noarch.rpm

Read the Full Advisory


Severity
low
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:0564-01
Product: Red Hat Enterprise Linux OpenStack Platform
Issue date: 2019-03-14

Topic

An update is now available for Red Hat OpenStack Platform 13.0 (Queens).Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat OpenStack Platform 13.0 - noarch

Bugs Fixed

1568341 - openstack client always shows ha and distributed flags as False for non-admin or ovn

1594026 - barbicanclient prints debug messages when running commands

1639989 - heat_tempest_plugin runs zaqar related tests to the environment which doesn't enable zaqar.

1642102 - Selinux is preventing OpenStack from launching multiqueue-enabled instances

1643167 - CephFS is creating exportable directories with 755 permission and causes containers not able to write on them using Manila

1652297 - SELinux denies container to container synchronization

1657330 - CVE-2018-16876 ansible: Information disclosure in vvv+ mode with no_log on

1659597 - [CI] TLS everywhere deployments fail with: Invalid input for field/attribute compact_services

1663498 - [OSP13] Upgrade Ansible to 2.6

1666927 - tempest plugin problem with baremetal_introspection

1667259 - Add maintenance release to /etc/rhosp-release

1668560 - heat_tempest_plugin.tests.scenario.test_aodh_alarm doesn't pass

1669146 - rsyslog on controller node can't write haproxy log to /var/log/containers/haproxy

1669309 - Rebase openstack-manila to 2049332

1669598 - Rebase openstack-ec2-api to 1e25260

1669624 - Rebase os-apply-config to be699ba

1669669 - Rebase python-vmware-nsxlib to 57a073d

1676317 - Rebase openstack-selinux to latest

1676446 - Since nis_enabled is not turned on by default, it breaks deployments with custom service ports

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here