Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Red Hat OpenStack Platform 13.0: RHSA-2023:1278-01 Critical Security Update

red hat
Calendar Grey March 15, 2023
Dist Redhat Esm H88
Critical patch released for Red Hat OpenStack Platform concerning vulnerability in openstack-nova.
An update for openstack-nova is now available for Red Hat OpenStack Platform

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.
Security Fix(es):
* Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2022-47951 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat OpenStack Platform 13.0 - ELS:
Source: python-oslo-utils-3.35.1-5.el7ost.src.rpm
noarch: python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
Source: openstack-nova-17.0.13-40.el7ost.src.rpm python-oslo-utils-3.35.1-5.el7ost.src.rpm
noarch: openstack-nova-17.0.13-40.el7ost.noarch.rpm openstack-nova-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-cells-17.0.13-40.el7ost.noarch.rpm openstack-nova-common-17.0.13-40.el7ost.noarch.rpm openstack-nova-compute-17.0.13-40.el7ost.noarch.rpm openstack-nova-conductor-17.0.13-40.el7ost.noarch.rpm openstack-nova-console-17.0.13-40.el7ost.noarch.rpm openstack-nova-migration-17.0.13-40.el7ost.noarch.rpm openstack-nova-network-17.0.13-40.el7ost.noarch.rpm openstack-nova-novncproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-placement-api-17.0.13-40.el7ost.noarch.rpm openstack-nova-scheduler-17.0.13-40.el7ost.noarch.rpm openstack-nova-serialproxy-17.0.13-40.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-17.0.13-40.el7ost.noarch.rpm python-nova-17.0.13-40.el7ost.noarch.rpm python-nova-tests-17.0.13-40.el7ost.noarch.rpm python-oslo-utils-lang-3.35.1-5.el7ost.noarch.rpm python2-oslo-utils-3.35.1-5.el7ost.noarch.rpm


Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:1278-01
Product: Red Hat OpenStack Platform
Issue date: 2023-03-15

Topic

An update for openstack-nova is now available for Red Hat OpenStackPlatform.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat OpenStack Platform 13.0 - ELS - noarch

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch

Red Hat OpenStack Platform 16.1 - noarch

Red Hat OpenStack Platform 16.2 - noarch

Bugs Fixed

2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.