SUSE OpenStack: 2018:2762-1 Moderate: Crowbar Fix Information Leak
suse
September 20, 2018
An update that solves two vulnerabilities and has 9 fixes is now available
Summary
This update for crowbar, crowbar-ha, crowbar-init, crowbar-openstack, crowbar-ui fixes the following issues: This security issues was fixed: - CVE-2018-3760: Upgrade rubygem-sprockets to prevent an information leak. Specially crafted requests could have been be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production (bsc#1098369). - CVE-2016-861: Add rate limiting for glance api (bsc#1005886) These non-security issues were fixed for crowbar: - upgrade: Lock crowbar-ui before admin upgrade - upgrade: Make sure schemas are properly migrated after the upgrade - upgrade: No need for database dump before the upgrade - upgrade: No need to use crowbar-init during the upgrade
Topics Covered
References
#1005886 #1073703 #1081518 #1083093 #1090336
#1093898 #1095420 #1096043 #1096759 #1098369
#1099392
Cross- CVE-2016-8611 CVE-2018-3760
Affected Products:
SUSE OpenStack Cloud Crowbar 8
https://www.suse.com/security/cve/CVE-2016-8611.html
https://www.suse.com/security/cve/CVE-2018-3760.html
https://bugzilla.suse.com/1005886
https://bugzilla.suse.com/1073703
https://bugzilla.suse.com/1081518
https://bugzilla.suse.com/1083093
https://bugzilla.suse.com/1090336
https://bugzilla.suse.com/1093898
https://bugzilla.suse.com/1095420
https://bugzilla.suse.com/1096043
https://bugzilla.suse.com/1096759
https://bugzilla.suse.com/1098369
https://bugzilla.suse.com/1099392
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2762-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!