Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Red Hat: RHSA-2022-6969-01 Important: tripleo-ansible Permissions Issue

Calendar Oct 17, 2022 User Avatar LinuxSecurity Advisories
2 - 4 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue update important permissions Red Hat OpenStack tripleo-ansible
An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (tripleo-ansible) security update
Advisory ID:       RHSA-2022:6969-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6969
Issue date:        2022-10-17
CVE Names:         CVE-2022-3101 CVE-2022-3146 
====================================================================
1. Summary:

An update for tripleo-ansible is now available for Red Hat OpenStack
Platform.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

TripleO Ansible project repository. Contains playbooks for use with TripleO
OpenStack deployments. 

Security Fix(es):

* /var/lib/mistral/overcloud discoverable (CVE-2022-3101)

* /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]
2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]
2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable
2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable
2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]
2130109 - ceph inventory linking fails with permission issues
2130598 - ceph inventory linking fails with permission issues

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm
tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm

noarch:
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm
python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm
tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm
tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm

noarch:
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm
python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm
tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2022-3101
https://access.redhat.com/security/cve/CVE-2022-3146
https://access.redhat.com/security/updates/classification#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY01tTtzjgjWX9erEAQietQ/9F9yZlY9G04oLYTUz/82AcyNJdjKGEqgM
5APs6Pu1Dy65KoV77pBUIYgDfzqX61JLPf7w6A/RuShRTUr2GVoj9Mf7r7n+xBjH
FwrCWygRzNSh68ZAYouLtIQgRbm0uP097ySyQpe/TQY6X6tlH+fUVFiAy8UgvuoW
WZ1W9cVBsJVVP6gD145TMZtlkRC9xQ7vajVOJH3l9TrwLqw/CSrfJLCXqA5C9z7G
6AJ66TZGNEaMMQ/sWDBJja4y8jkIxbR2K75Cq36rsxifUWLSgZOEa90eejptxz5F
l13HKFThfwJmgZ+KwppFLvMhI4lrtAdwcgBOgK3iGJ25exFm4ZCXG7V8x8QbxeNn
KNa8Dz+MwdxzJkg946jIiLUqgNgKXn4rXXFfCFBYfks+jU8kKAcW8Jqld/Z7rcZ3
SIB5/sqKQnYjYpwf3Wm61Giy6l0jU/qqidIaVXf65klYZq8+HeA2wcFvGnDsMbWm
sd4GctIb0LEsDfVYp2OocIsbmywFqxEI5if/Zva02Rao/AZaB1KieviAlripNeeE
2S+P3E2NNFlbqJvMMhtkNomHZaGiGhz2UzdMHjEdeKR3U1L1EylQcyDqqMQHRF/F
DW51qj28YUn6WBJFG7YO/zdMvepS3HU8S/x/4x2j90ooh+2pFrFNJMABR9Tdz5Yb
YYZ6btlYW78=bZIq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat: RHSA-2022-6969-01 Important: tripleo-ansible Permissions Issue

red hat
Calendar Grey October 17, 2022
Dist Redhat Esm H88
Crucial safety patch for Red Hat OpenStack Framework addresses tripleo-ansible issues. Implement solutions immediately.
An update for tripleo-ansible is now available for Red Hat OpenStack Platform

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments.
Security Fix(es):
* /var/lib/mistral/overcloud discoverable (CVE-2022-3101)
* /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory security issue update important permissions Red Hat OpenStack tripleo-ansible

References

https://access.redhat.com/security/cve/CVE-2022-3101 https://access.redhat.com/security/cve/CVE-2022-3146 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat OpenStack Platform 16.1:
Source: openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm
noarch: openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm
Red Hat OpenStack Platform 16.2:
Source: openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm
noarch: openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:6969-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6969
Issue date: 2022-10-17

Topic

An update for tripleo-ansible is now available for Red Hat OpenStackPlatform.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security issue update important permissions Red Hat OpenStack tripleo-ansible

Relevant Releases Architectures

Red Hat OpenStack Platform 16.1 - noarch

Red Hat OpenStack Platform 16.2 - noarch

Bugs Fixed

2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]

2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]

2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable

2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable

2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]

2130109 - ceph inventory linking fails with permission issues

2130598 - ceph inventory linking fails with permission issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here