SUSE OpenStack Cloud 9 Moderate: ardana-ansible Security Fixes
suse
September 22, 2022
An update that fixes 6 vulnerabilities, contains two features is now available
Summary
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues: Security fixes included in this update: ardana-ansible: - CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139). grafana: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454). rabbitmq-server: - CVE-2019-11287: Fixed DoS via "X-Reason" HTTP Header in malicious Erlang format string (bsc#1157665). rubygem-puma: - CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818). python-Django1:
Topics Covered
References
#1157665 #1164139 #1191454 #1197818 #1198398
#1201186 SOC-11662 SOC-8764
Cross- CVE-2019-11287 CVE-2020-1734 CVE-2021-39226
CVE-2022-24790 CVE-2022-28346 CVE-2022-34265
CVSS scores:
CVE-2019-11287 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-11287 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-1734 (NVD) : 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2020-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-24790 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2022:3339-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!