Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat OpenStack 16.2: RHSA-2022-2183-01 Moderate Release Advisory

red hat
Calendar Grey May 11, 2022
Dist Redhat Esm H88
Red Hat has launched OpenStack Platform 16.2.z, enhancing security measures to address vulnerabilities and strengthen cloud infrastructures, urging updates for improved security.
Red Hat OpenStack Platform 16.2 (Train) director Operator containers are available for technology preview

Solution

OSP 16.2 Release - OSP Director Operator Containers tech preview

Summary

Release osp-director-operator images
Security Fix(es):
* golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote (CVE-2019-11253) * golang: golang-github-miekg-dns: predictable TXID can lead to response forgeries (CVE-2019-19794) * golang: containerd: unrestricted access to abstract Unix domain socket can lead to privileges (CVE-2020-15257) * golang: ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * golang: containerd: pulling and extracting crafted container image may result in Unix file permission changes (CVE-2021-32760)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory medium severity Red Hat OpenStack container security tech preview

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-11253 https://access.redhat.com/security/cve/CVE-2019-19794 https://access.redhat.com/security/cve/CVE-2020-15257 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-32760 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#moderate

Package List


Advisory ID: RHSA-2022:2183-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2183
Issue date: 2022-05-11

Topic

Red Hat OpenStack Platform 16.2 (Train) director Operator containers areavailable for technology preview.

Topics%20covered

Topics Covered

security advisory medium severity Red Hat OpenStack container security tech preview

Relevant Releases Architectures

Bugs Fixed

1757701 - CVE-2019-11253 kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote denial of service

1786761 - CVE-2019-19794 golang-github-miekg-dns: predictable TXID can lead to response forgeries

1899487 - CVE-2020-15257 containerd: unrestricted access to abstract Unix domain socket can lead to privileges escalation

1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service

1982681 - CVE-2021-32760 containerd: pulling and extracting crafted container image may result in Unix file permission changes

2079447 - Rebase tech preview on latest upstream v1.2.x branch

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here