Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Red Hat OpenStack 13.0: RHSA-2019:1742 Moderate: Fixes for CVE-2019-3895

red hat
Calendar Grey July 10, 2019
Dist Redhat Esm H88
Patch released for openstack-tripleo-common designated as medium; addresses vulnerabilities related to CVE-2019-3895 within Red Hat OpenStack Environment 13.
An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 13.0 (Queens)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo).
Security Fix(es):
* openstack-tripleo-common: Allows running new amphorae based on arbitrary images (CVE-2019-3895)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Introspection of baremetal nodes fail with 'No hypervisor matching' problem when node name used instead of uuid (BZ#1677016)
* config-download backports from RHOSP 14 to RHOSP 13 (openstack-tripleo-common) (BZ#1688461)
* RHOSP-13 Connection reset by peer: libvirtError: operation failed: Failed to connect to remote libvirt URI # Live Migration failure: operation failed: Failed to connect to remote libvirt URI (BZ#1712410)
* There are two new CLI arguments you can use with `config-download`: - Monitor the deployment in a separate CLI session or with the API with `openstack overcloud status`. - Log and save Ansible errors for future analysis with `openstack overcloud failures`. (BZ#1688461)

Topics%20covered

Topics Covered

security advisory bug fix security fix moderate severity Red Hat OpenStack openstack-tripleo-common CVE-2019-3895

References

https://access.redhat.com/security/cve/CVE-2019-3895 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat OpenStack Platform 13.0:
Source: openstack-tripleo-common-8.6.8-11.el7ost.src.rpm
noarch: openstack-tripleo-common-8.6.8-11.el7ost.noarch.rpm openstack-tripleo-common-container-base-8.6.8-11.el7ost.noarch.rpm openstack-tripleo-common-containers-8.6.8-11.el7ost.noarch.rpm openstack-tripleo-common-devtools-8.6.8-11.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2019:1742-01
Product: Red Hat Enterprise Linux OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2019:1742
Issue date: 2019-07-10

Topic

An update for openstack-tripleo-common is now available for Red HatOpenStack Platform 13.0 (Queens).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory bug fix security fix moderate severity Red Hat OpenStack openstack-tripleo-common CVE-2019-3895

Relevant Releases Architectures

Red Hat OpenStack Platform 13.0 - noarch

Bugs Fixed

1677016 - Introspection of baremetal nodes fail with 'No hypervisor matching' problem when node name used instead of uuid

1688461 - config-download backports from RHOSP 14 to RHOSP 13 (openstack-tripleo-common)

1694608 - CVE-2019-3895 openstack-tripleo-common: Allows running new amphorae based on arbitrary images

1717060 - Rebase openstack-tripleo-common to c42c360

1722738 - OSP12 to 13 upgrade - fail to upgrade controllers.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here