Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Red Hat OpenStack 16.2 RHSA-2022-0995-01 Moderate: Internal URL Data Leak

red hat
Calendar Grey March 23, 2022
Dist Redhat Esm H88
Red Hat's advisory warns of a moderate data leak vulnerability in OpenStack Platform 16.2, urging users to implement patch updates and tighten access controls.
An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.2 (Train)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Heat templates for TripleO
Security Fix(es):
* Data leak of internal URL through keystone_authtoken (CVE-2021-4180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate severity data leak advisory report Red Hat OpenStack heat templates internal URL

References

https://access.redhat.com/security/cve/CVE-2021-4180 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat OpenStack Platform 16.2:
Source: openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.src.rpm
noarch: openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2022:0995-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0995
Issue date: 2022-03-23

Topic

An update for openstack-tripleo-heat-templates is now available for Red HatOpenStack Platform 16.2 (Train).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate severity data leak advisory report Red Hat OpenStack heat templates internal URL

Relevant Releases Architectures

Red Hat OpenStack Platform 16.2 - noarch

Bugs Fixed

1855678 - Configure Ceph Messenger for encryption OTW

1869587 - Octavia and LB issues after OSP13z11 and OSP16.x upgrade

1886762 - [RFE] support NFS mount at the conversion directory

1921112 - [OSP13->OSP16.2] nova-consoleauth still present in cli after upgrade.

1949673 - [RHOSP16.2] [rsyslog] Miss configuration generated in 50_openstack_logs.conf

1949675 - [RHOSP16.2] [rsyslog] rsyslog containers does not forward logs to elasticsearch

1955562 - Backup and Restore: Backup openstack client integration - openstack backup using bad nfs server address is not erroring out

1962304 - cinder volume at DCN unable to read central cephx keyring

1965233 - [FFU 13 -> 16.x] xinetd is running after upgrade, blocking swift_rsync container

1969411 - [RFE]: allow for the deployment of RHCS dashboard on any composable network

1975271 - Minor update does not restart ha resource when it is in failed stated

1976055 - Configuration of Memcached TLS requires the user to duplicate configuration entries

1978228 - [OSP13->OSP16.2] Leapp upgrade failed with TLSEverywhere

1980542 - [16.2] LC_CTYPE: cannot change locale (C.UTF-8) during OC upgrade 13 to 16.2 seems to fail upgrade

1983748 - NeutronL3AgentAvailabilityZone does not set specified value for Availability zone of Neutron L3 agent

1984555 - [RHOSP16.2] Smart plugin doesn't work for CAP_SYS_RAWIO capability missing.

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here