RedHat: RHSA-2022-6969:01 Important: Red Hat OpenStack Platform | L...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (tripleo-ansible) security update
Advisory ID:       RHSA-2022:6969-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6969
Issue date:        2022-10-17
CVE Names:         CVE-2022-3101 CVE-2022-3146 
=====================================================================

1. Summary:

An update for tripleo-ansible is now available for Red Hat OpenStack
Platform.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

TripleO Ansible project repository. Contains playbooks for use with TripleO
OpenStack deployments. https://opendev.org

Security Fix(es):

* /var/lib/mistral/overcloud discoverable (CVE-2022-3101)

* /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]
2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]
2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable
2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable
2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]
2130109 - ceph inventory linking fails with permission issues
2130598 - ceph inventory linking fails with permission issues

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm
tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm

noarch:
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm
python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm
tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm
tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm

noarch:
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm
python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm
tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3101
https://access.redhat.com/security/cve/CVE-2022-3146
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY01tTtzjgjWX9erEAQietQ/9F9yZlY9G04oLYTUz/82AcyNJdjKGEqgM
5APs6Pu1Dy65KoV77pBUIYgDfzqX61JLPf7w6A/RuShRTUr2GVoj9Mf7r7n+xBjH
FwrCWygRzNSh68ZAYouLtIQgRbm0uP097ySyQpe/TQY6X6tlH+fUVFiAy8UgvuoW
WZ1W9cVBsJVVP6gD145TMZtlkRC9xQ7vajVOJH3l9TrwLqw/CSrfJLCXqA5C9z7G
6AJ66TZGNEaMMQ/sWDBJja4y8jkIxbR2K75Cq36rsxifUWLSgZOEa90eejptxz5F
l13HKFThfwJmgZ+KwppFLvMhI4lrtAdwcgBOgK3iGJ25exFm4ZCXG7V8x8QbxeNn
KNa8Dz+MwdxzJkg946jIiLUqgNgKXn4rXXFfCFBYfks+jU8kKAcW8Jqld/Z7rcZ3
SIB5/sqKQnYjYpwf3Wm61Giy6l0jU/qqidIaVXf65klYZq8+HeA2wcFvGnDsMbWm
sd4GctIb0LEsDfVYp2OocIsbmywFqxEI5if/Zva02Rao/AZaB1KieviAlripNeeE
2S+P3E2NNFlbqJvMMhtkNomHZaGiGhz2UzdMHjEdeKR3U1L1EylQcyDqqMQHRF/F
DW51qj28YUn6WBJFG7YO/zdMvepS3HU8S/x/4x2j90ooh+2pFrFNJMABR9Tdz5Yb
YYZ6btlYW78=
=bZIq
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-6969:01 Important: Red Hat OpenStack Platform

An update for tripleo-ansible is now available for Red Hat OpenStack Platform

Summary

TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments. https://opendev.org
Security Fix(es):
* /var/lib/mistral/overcloud discoverable (CVE-2022-3101)
* /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2022-3101 https://access.redhat.com/security/cve/CVE-2022-3146 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat OpenStack Platform 16.1:
Source: openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm
noarch: openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm
Red Hat OpenStack Platform 16.2:
Source: openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm
noarch: openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:6969-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6969
Issued Date: : 2022-10-17
CVE Names: CVE-2022-3101 CVE-2022-3146

Topic

An update for tripleo-ansible is now available for Red Hat OpenStackPlatform.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat OpenStack Platform 16.1 - noarch

Red Hat OpenStack Platform 16.2 - noarch

Bugs Fixed

2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]

2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]

2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable

2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable

2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]

2130109 - ceph inventory linking fails with permission issues

2130598 - ceph inventory linking fails with permission issues

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.