RedHat: RHSA-2019-1734:01 Important: openstack-ironic-inspector security

    Date10 Jul 2019
    CategoryRed Hat
    2269
    Posted ByLinuxSecurity Advisories
    Redhat Large
    An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: openstack-ironic-inspector security update
    Advisory ID:       RHSA-2019:1734-01
    Product:           Red Hat Enterprise Linux OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1734
    Issue date:        2019-07-10
    CVE Names:         CVE-2019-10141 
    =====================================================================
    
    1. Summary:
    
    An update for openstack-ironic-inspector is now available for Red Hat
    OpenStack Platform 13.0 (Queens).
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 13.0 - noarch
    
    3. Description:
    
    ironic-inspector is an auxiliary service for discovering hardware
    properties for a node managed by Ironic. Hardware introspection or hardware
    properties discovery is a process of getting hardware parameters required
    for scheduling from a bare metal node, given its power management
    credentials (e.g. IPMI address, user name and password).
    
    Security Fix:
    
    * openstack-ironic-inspector: SQL Injection vulnerability when receiving
    introspection data (CVE-2019-10141)
    
    For more details about the security issue, including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1711722 - CVE-2019-10141 openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
    1717086 - Rebase openstack-ironic-inspector to 7.2.4
    
    6. Package List:
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    openstack-ironic-inspector-7.2.3-3.el7ost.src.rpm
    
    noarch:
    openstack-ironic-inspector-7.2.3-3.el7ost.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-10141
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXSXikNzjgjWX9erEAQhuzQ/+JlRXpZWPUKdqTZtovs4BG9r14rS3O9a8
    pR/K/qiBDzKlz/qxO6HASWE3lwm8EbbXgsBjq/8+Qrc7iv9TMtMTgeCXa3iz8AJ6
    x8dG8Yqwl8BeZMIuafiVG4qkurkxbErXHl/Doin/Guq2hpHfxYNhi/yJwoRs6wJZ
    5uD///GyVmpug3vYtzaFfUzLZ+wJGVyMNoaKW4aaP9X6cDnlfpmV4rh/l1XXITDz
    QWtsBygcWf4X617Mmrlo4ug/KQwhruqEvqATpQMDjKWyFgheGtGV6CdaEeyq12q+
    zP4kL70Vjbv6XrLuGJ0HP1hN2tV6XHIL7T2OUpg1J4PhcT6MVHPzjOizu9cBVWh2
    IZpIMN9hKnBBQ+lgBpIcye1VKX+TcFpLVdM2cZVjEoOl9R/qtgUvR8pyMYccaC8E
    ElPX3/MHeJKiF0MzsvucGqmt1pzL+1z8Y2ebWFG1yFLXv9ba6Jl0d6UL/lH5elyg
    N7u/kNsP2FyVCtboF2IBEfG86k+9N4ktp0lOJ+qmoHA0e8HH5ZxcwpoEuJASu7Uj
    jif+woB2vyHveRlo28g3bqmm9Tj0rN++mXEBrcq42cDixuqJadKY9AiNd+Xjgxna
    m37WhItd78gzxKqBeVAeNnslFcxKtGvBkYs3tyTS45GR10vyx+g/+b9yr7Lgdti9
    Xx4TsPPfpBo=
    =jklW
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.