Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorymoderate severityRed Hat OpenStackRed Hat OpenStack 12.0 RHSA-2018-0602-01 Moderate: Ceph Keyring Issue
An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-tripleo-common and openstack-tripleo-heat-templates update Advisory ID: RHSA-2018:0602-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:0602 Issue date: 2018-03-28 CVE Names: CVE-2017-12155 ==================================================================== 1. Summary: An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 12.0 - noarch 3. Description: openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo). openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools (codename heat), which can be used to help deploy OpenStack. Security Fix(es): * openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director (CVE-2017-12155) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Katuya Kawakami (NEC) for reportingthis issue. Bug Fix(es): * All Compute and Controller nodes have bridge-mappings configured and therefore are eligible to schedule routers. However, if you scheduled a router on a Compute node that doesn't have a connection to an external network, connectivity with the external network fails. This fix adds the ability to configure bridge-mappings in TripleO and in the director according to roles so that you can now exclude Compute nodes from router scheduling and maintain external network connectivity. (BZ#1510879) * Previously, the CephPools parameter value was incorrectly consumed as a string list instead of as a JSON object. This prevented creating additional Ceph pools during the overcloud deployment, because attempting to pass a JSON object failed. This fix updates the CephPools parameter so that it now accepts any JSON object that describes additional pools to create in the Ceph cluster. Note: The JSON object structure must conform to ceph-ansible conventions. (BZ#1516389) * There is currently a known issue with LDAP integration for Red Hat OpenStack Platform. The `keystone_domain_confg` tag is missing currently from `keystone.yaml`, preventing Puppet from properly applying the required configuration files. Consequently, LDAP integration with Red Hat OpenStack Platform will not be properly configured. As a workaround, you must manually edit `keystone.yaml` and add the missing tag. There are two ways to do this: 1. Edit the file directly: a. Log into the undercloud as the stack user. b. Open the keystone.yaml in the editor of your choice. For example: `sudo vi /usr/share/openstack-tripleo-heat-templates/docker/services/keystone.yaml` c. Append the missing puppet tag, `keystone_domain_confg`, to line 94. For example: `puppet_tags: keystone_config` Changes to: `puppet_tags: keystone_config,keystone_domain_confg` d. Save and close `keystone.yaml`. e. Verify you see the missing tag in the `keystone.yaml` file. The following command should return '1': `cat /usr/share/openstack-tripleo-heat-templates/docker/sercies/keystone.yaml | grep 'puppet_tags: keystone_config,keystone_domain_config' | wc -l` 2. Or, use sed to edit the file inline: a. Login to the undercloud as the stack user. b. Run the following command to add the missing puppet tag: `sed -i 's/puppet_tags: keystone_config/puppet_tags: keystone_config,keystone_domain_config/' /usr/share/openstack-tripleo-heat-templates/docker/services/keystone.yaml` c. Verify you see the missing tag in the keystone.yaml file The following command should return '1': `cat /usr/share/openstack-tripleo-heat-templates/docker/sercies/keystone.yaml | grep 'puppet_tags: keystone_config,keystone_domain_config' | wc -l` (BZ#1519057) * It is only possible to deploy Ceph storage servers if their disk devices are homogeneous. (BZ#1520004) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1301534 - The gateway_ip attribute for the isolated networks are not accurate 1433534 - [RFE] [OVN] HA support for OVN ovn-northd 1489360 - CVE-2017-12155 openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director 1507888 - Deployment with ceph and TLS everywhere fails with: "WorkflowTasks_Step2_Execution: ERROR "cannot stat '/var/run/ceph/ceph-mon.overcloud-controller-2.asok': No such file or directory"" 1508601 - Add NetIpMap to hieradata for *ExtraConfig overrides (Composable Networks) 1519765 - containerized HA rabbitmq stops on re-deploy if lsns fails 1523272 - OSP10-> 11-> 12 upgrade: major-upgrade-composable-steps-docker.yaml fails with Error: Evaluation Error: Error while evaluating a Function Call, Could not find class ::panko 1523707 - [UPDATES] PCS managed containers ain't restarted with latest images 1528755 - ConfigDebug setting does not work for docker init bundles 1533097 - CephPools parameter does not add CephXpermission for openstack user 1533468 - capabilities-map.yaml references wrong environment files for ceph services 1533875 - Using the Telmetry Role with Ceph/RBD as gnocchi backend Fails in step 4 of the Deployment 1537725 - Deployment templates for unsupported components causing some confusion 1538828 - standalone Telemetry.yaml role has wrong services and typo 1538875 - mysql_init_bundle container doesn't fail deployment if puppet fails 1539090 - Cinder backups fail when running in a container (non-HA) 1542537 - tox -epep8 fails with ERROR: Generated roles file not match 1543641 - Cinder HA and non-HA containers are not configured the same 1546234 - Rebase openstack-tripleo-heat-templates to 7.0.9 1546807 - [OSP12] After a minor update the swift_rsync container was in restarting state 1547955 - Undercloud / Overcloud Heat stack fails on: YAQL list index out of range (includes upgrades cases) 1551137 - Queue versioned_notifications.info not found 1551461 - [UPDATES] Failed to setup heat-output: refusing to convert between directory and link for /var/log/containers/swift 1552466 - docker_puppet_apply.sh has a fatal typo 1558639 - Collectd not re-using /var/run directory from overcloud node therefor ovs plugin fails to connect to db.sock of openswitch. 6. Package List: Red Hat OpenStack Platform 12.0: Source: openstack-tripleo-heat-templates-7.0.9-8.el7ost.src.rpm noarch: openstack-tripleo-heat-templates-7.0.9-8.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-12155 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFau84VXlSAg2UNWIIRAk5OAJ912PmETLFITLgnM/OniepSERyWvACfWCmj hsFDLkLErcQNYFMUT80VIqc=a7WB -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 28, 2018
Red Hat
98
security advisoryRed Hatkernel updateRed Hat 6.7 RHSA-2016:2076-01 Important: Kernel Keyring Issue
An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2016:2076-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2076.html Issue date: 2016-10-18 CVE Names: CVE-2016-4470 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) This issue was discovered by David Howells (Red Hat Inc.). 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.7): Source: kernel-2.6.32-573.35.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.1.el6.noarch.rpm kernel-doc-2.6.32-573.35.1.el6.noarch.rpm kernel-firmware-2.6.32-573.35.1.el6.noarch.rpm x86_64: kernel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm kernel-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-headers-2.6.32-573.35.1.el6.x86_64.rpm perf-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7): x86_64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.7): Source: kernel-2.6.32-573.35.1.el6.src.rpm i386: kernel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-devel-2.6.32-573.35.1.el6.i686.rpm kernel-headers-2.6.32-573.35.1.el6.i686.rpm perf-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.35.1.el6.noarch.rpm kernel-doc-2.6.32-573.35.1.el6.noarch.rpm kernel-firmware-2.6.32-573.35.1.el6.noarch.rpm ppc64: kernel-2.6.32-573.35.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.1.el6.ppc64.rpm kernel-devel-2.6.32-573.35.1.el6.ppc64.rpm kernel-headers-2.6.32-573.35.1.el6.ppc64.rpm perf-2.6.32-573.35.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm s390x: kernel-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debug-devel-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.1.el6.s390x.rpm kernel-devel-2.6.32-573.35.1.el6.s390x.rpm kernel-headers-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.35.1.el6.s390x.rpm perf-2.6.32-573.35.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm x86_64: kernel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.35.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm kernel-devel-2.6.32-573.35.1.el6.x86_64.rpm kernel-headers-2.6.32-573.35.1.el6.x86_64.rpm perf-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v.6.7): i386: kernel-debug-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-2.6.32-573.35.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.35.1.el6.i686.rpm perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm python-perf-2.6.32-573.35.1.el6.i686.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.35.1.el6.ppc64.rpm perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm python-perf-2.6.32-573.35.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-2.6.32-573.35.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.35.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.35.1.el6.s390x.rpm perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm python-perf-2.6.32-573.35.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.35.1.el6.x86_64.rpm perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm python-perf-2.6.32-573.35.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.35.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-4470 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYBmzyXlSAg2UNWIIRAmMAAJwJ9jVdz3i/NG5+eL+yTpGTopxIwgCeLTwc 8HqGcTiiy71cGkJ2URvuecU=iAGx -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 18, 2016
•Important
Red Hat
89
security advisorycriticalFedoraFedora 22: FEDORA-2015-5953 Critical: ceph-deploy Keyring Issue
Update to ceph-deploy 1.5.23. This fixes CVE-2015-3010 (keyring permissions are world readable in ~ceph). See [upstream changelog]() for detailed changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5953 2015-04-10 17:05:45 -------------------------------------------------------------------------------- Name : ceph-deploy Product : Fedora 22 Version : 1.5.23 Release : 1.fc22 URL : https://github.com/ceph/ceph-deploy Summary : Admin and deploy tool for Ceph Description : An easy to use admin tool for deploy ceph storage clusters. -------------------------------------------------------------------------------- Update Information: Update to ceph-deploy 1.5.23. This fixes CVE-2015-3010 (keyring permissions are world readable in ~ceph). See [upstream changelog]() for detailed changes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210705 - CVE-2015-3010 ceph-deploy: keyring permissions are world readable in ~ceph https://bugzilla.redhat.com/show_bug.cgi?id=1210705 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ceph-deploy' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 21, 2015
•Critical
Fedora
87
security advisorygnupgcriticalDebian: DSA-2601-1 Critical: GnuPG Input Sanitation Issue
KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2601-1
Jan 06, 2013
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!