Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Red Hat OpenStack 17.0: RHSA-2023-3157-01 Critical Security Update

red hat
Calendar Grey May 17, 2023
Dist Redhat Esm H88
Important security patch for Red Hat OpenStack Platform 17.0 tackling openstack-nova vulnerability. Implement this patch without delay.
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Security Fix(es):
* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's volumes (CVE-2023-2088)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory critical software update security fix openstack-nova Red Hat OpenStack Platform CVE-2023-2088

References

https://access.redhat.com/security/cve/CVE-2023-2088 https://access.redhat.com/security/updates/classification#critical

Package List

Red Hat OpenStack Platform 17.0:
Source: openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.src.rpm openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.src.rpm python-glance-store-2.5.1-0.20230509140449.5f1cee6.el9ost.src.rpm python-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.src.rpm tripleo-ansible-3.3.1-0.20221208161844.fa5422f.el9ost.src.rpm
noarch: openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-api-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-common-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-compute-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-conductor-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-migration-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-novncproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-scheduler-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-serialproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm openstack-nova-spicehtml5proxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm python3-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2023:3157-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3157
Issue date: 2023-05-17

Topic

An update for openstack-nova is now available for Red Hat OpenStackPlatform 17.0 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory critical software update security fix openstack-nova Red Hat OpenStack Platform CVE-2023-2088

Relevant Releases Architectures

Red Hat OpenStack Platform 17.0 - noarch

Bugs Fixed

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here