RedHat: RHSA-2019-0567:01 Moderate: openstack-octavia security and bug fix

    Date14 Mar 2019
    CategoryRed Hat
    314
    Posted ByLinuxSecurity Advisories
    An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: openstack-octavia security and bug fix update
    Advisory ID:       RHSA-2019:0567-01
    Product:           Red Hat Enterprise Linux OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:0567
    Issue date:        2019-03-14
    CVE Names:         CVE-2018-16856 
    =====================================================================
    
    1. Summary:
    
    An update for openstack-octavia is now available for Red Hat OpenStack
    Platform 13.0 (Queens).
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 13.0 - noarch, ppc64le, x86_64
    
    3. Description:
    
    The OpenStack Load Balancing service (openstack-octavia) provides a Load
    Balancing-as-a-Service (LBaaS) version 2 implementation for Red Hat
    OpenStack platform director based installations.
    
    Security Fix(es):
    
    * openstack-octavia: Private keys written to world-readable log files
    (CVE-2018-16856)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    Bug Fix(es):
    
    * This feature is "community support" and not supported by Red Hat per
    RHOSP SLA. (BZ#1671022)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1547478 - Test Octavia with OVN
    1571636 - Backports of general improvements to Octavia
    1582145 - Listener's "operating status" is not transitioning to ONLINE even when pool and members are configured for it.
    1607276 - All existing amphora instances are deleting when RabbitMQ is down
    1649165 - CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files
    1669078 - Add support for configuring Octavia LB timeouts in OSP 13
    1670170 - Rebase openstack-octavia to 2.0.3
    1672370 - flake8 fail: code over-indentation
    
    6. Package List:
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    openstack-octavia-2.0.3-2.el7ost.src.rpm
    
    noarch:
    openstack-octavia-amphora-agent-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-api-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-common-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-diskimage-create-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-health-manager-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-housekeeping-2.0.3-2.el7ost.noarch.rpm
    openstack-octavia-worker-2.0.3-2.el7ost.noarch.rpm
    python-octavia-2.0.3-2.el7ost.noarch.rpm
    
    ppc64le:
    openstack-octavia-debuginfo-2.0.3-2.el7ost.ppc64le.rpm
    python-octavia-tests-golang-2.0.3-2.el7ost.ppc64le.rpm
    
    x86_64:
    openstack-octavia-debuginfo-2.0.3-2.el7ost.x86_64.rpm
    python-octavia-tests-golang-2.0.3-2.el7ost.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2018-16856
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXIpYTtzjgjWX9erEAQhc4w/9Erw6jFpW2LgY3PLmEyEbuZpENhjZDaGz
    by2y05d4678w0KzAVW3oEeW1+FchgNw364e316sfum1qUsmRBcdaZ1fpuVk49Hmr
    NVW2cxFVf0nJy8tdz8iUyv1pauBLwrn2wjIRN5kffK4/MLvlmr0EEnNJxlWv/0dy
    GeP3cE2i2+BqT+C/teIQ8QiU7ALflmRucI8wi+b+3fbImeQGgnsXvV21YUHxLSTf
    mELhyn72cAc5WvV450GN+5CHbcIouNgMaCPfPQklDM8MpTk6zTP9KZDmjAJRAePy
    v4Fm3TI1e3bLPQHWO4zMetOMUscU8p/HCyQXTmBfsdUoNnNdQpaDdDuldKjN9cA/
    TJt9XG4ftfuq0d3LijL/KFdtgu1i25CsFfeLXrYUawnsQF3PSqlGHJzldiPtjBry
    ifvxHX8JK9jLJgUt0st2d5Pl/C72NW1hx/LxZZSBjV/yoHdd03lUcQrHzw1EmLYF
    kCVhoiJLSwfDoa+zsUI8btegNgNsoG3DU8z+FM5u5YF6yQBFliiavqBNSosU7o3w
    Zxkt+oWYlKWSyBOD08WzWb+QVWPAipThPof8BNbssQtTuvRgBcJTXXRJwD5rihXw
    44UC0Jld15ia1Zju3KnwGG6EPtOXnR4tjXjQOg1zdv1T3jkQagT6Gr3qtuAvIkr8
    SYsITSH1o9k=
    =JjdT
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Which Linux distribution(s) do you use?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 5 answer(s).
    /component/communitypolls/?task=poll.vote
    7
    radio
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.