Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat OpenStack 17.1: RHSA-2023:4582-01 Moderate: Command Injection Issue

red hat
Calendar Grey August 16, 2023
Dist Redhat Esm H88
Cautionary Red Hat Security Notification regarding OpenStack Platform 17.1 director under vulnerability to command injection. Implement updates swiftly.
Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

Release of Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers provides these changes:
Security Fix(es):
* github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory software release command injection Red Hat OpenStack container security

References

https://access.redhat.com/security/cve/CVE-2022-21235 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/release_notes

Package List


Advisory ID: RHSA-2023:4582-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4582
Issue date: 2023-08-16

Topic

Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers arenow available.

Topics%20covered

Topics Covered

security advisory software release command injection Red Hat OpenStack container security

Relevant Releases Architectures

Bugs Fixed

2215019 - Update osp-director-operator references to GA locations

2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection

2218299 - git url logic does not handle non-default ports and users

2221326 - Playbooks list is ignored for FFU and minor update

5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects):

OSPK8-701 - nil ptr can hide actual error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here