Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisoryRed Hatbug fixRed Hat: RHSA-2015:0789-01 Important: OpenStack Packstack Default Password
Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: openstack-packstack and openstack-puppet-modules security and bug fix update Advisory ID: RHSA-2015:0789-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0789.html Issue date: 2015-04-07 CVE Names: CVE-2015-1842 ==================================================================== 1. Summary: Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for proof-of-concept installations. PackStack is suitable for deploying proof-of-concept installations. It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gainaccess to pcsd, they could potentially run shell commands as root. (CVE-2015-1842) This issue was discovered by Alessandro Vozza of Red Hat. This update also fixes the following bugs: * If OpenStack Networking is enabled, Packstack would display a warning if the Network Manager service is active on hosts. (BZ#1117277) * A quiet dependency on a newer version of selinux-policy causes openstack-selinux 0.6.23 to fail to install modules when paired with selinux-policy packages from Red Hat Enterprise Linux 7.0 or 7.0.z. This causes Identity and other OpenStack services to receive 'AVC' denials and malfunction under some circumstances. The following workarounds allow the OpenStack services to function correctly: 1) Leave openstack-selinux at 0.6.18-2.el7ost until you are ready to update to Red Hat Enterprise Linux 7.1. At that time, a 'yum update' will resolve the issue. 2) Install the updated selinux-policy and selinux-policy-targeted packages from Red Hat Enterprise Linux 7.1 (version selinux-policy-3.13.1-23.el7 or later), then update openstack-selinux to version 0.6.23-1.el7ost. (BZ#1195252) * A typo in the code caused a Sahara option that uses OpenStack Networking to be always false. Sahara now uses OpenStack Networking if the parameter 'CONFIG_NEUTRON_INSTALL is set to 'y'. (BZ#1199047) * Prior to this update, users had to install the OpenStack Unified Client separately after an installation of Packstack. Packstack now installs it by default. (BZ#1199114) * This enhancement updates Packstack to retain temporary directories when running an installation in debug mode. This assists with troubleshooting activities. As a result, temporary directories are not deleted when running Packstack with the --debug command line option. (BZ#1199565) * Prior to this update, some validators did not use 'validate_not_empty' to ensure that certain parameters contained values. As a result, a number of internal validations could not be properly handled, leading to the possibility of unexpected errors. This update fixesvalidators to use validate_not_empty when required, resulting in correct validation behavior from validators. (BZ#11995889) In addition to the above issues, this update also addresses bugs and enhancements which can be found in the Red Hat Enterprise Linux OpenStack Platform Technical Notes, linked to in the References section. All openstack-packstack and openstack-puppet-modules users are advised to upgrade to these updated packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1117277 - Test Packstack/RHEL OSP on RHEL 7 nodes where Network Manager is NOT disabled 1123117 - Deploy Keystone in Apache httpd 1171744 - Configure TCP keepalive setting via puppet-rabbitmq 1172305 - [RFE] Support Keystone read-only LDAP configuration with domain-specific identity backends 1173930 - Horizon help url in RHEL-OSP6 points to the RHEL-OSP5 documentation 1187343 - Packstack does not install Ironic with CONFIG_IRONIC_INSTALL flag set to "y" 1187706 - problems with puppet-keystone LDAP support 1193889 - puppet restart neutron server every 30 minutes on evironments deployed by staypuft 1195252 - [keystone] - selinux denial 1195258 - Packstack doesn't set firewall so vxlan traffic can be received in multinode setup 1199047 - The value of use_neutron is set to false (instead of true) when neutron is used. 1199072 - packstack does not set ironic password 1199076 - glance_image provider doesn't respect custom region name 1199085 - RHOS backport RDO fix for packstack error: Error: sysctl -p /etc/sysctl.conf returned 255 instead of one of 1199114 - add openstack unified client 1199423 - Use flake8 and hacking instead of pep8 for Python syntax checks 1199427 - Cherrypick documentation fixes from RDO 1199519 - Packstack install AMQP with SSL, fails to start rabbitmq service 1199547 -Install rhos-log-collector only on RHEL systems 1199549 - Backport packstack RDO fixes for rebased modules 1199562 - RFE: Allow command-line options with --gen-answer-file 1199565 - Do not delete temporary directories after a failed installation in debug mode 1199589 - Cherry pick internal Packstack enhancements from RDO 1199677 - Update OSP OPM to the latest RDO package 1201875 - CVE-2015-1842 openstack-puppet-modules: pacemaker configured with default password 1202107 - packstack --help throws a traceback at the end of the output 1204482 - nova-novncproxy fails with ValidationError: Origin header protocol does not match this host 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-packstack-2014.2-0.20.dev1467.g70c9655.el7ost.src.rpm openstack-puppet-modules-2014.2.13-2.el7ost.src.rpm noarch: openstack-packstack-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-packstack-doc-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-packstack-puppet-2014.2-0.20.dev1467.g70c9655.el7ost.noarch.rpm openstack-puppet-modules-2014.2.13-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVJIwIXlSAg2UNWIIRAsCcAJwJJgMiSeZR4LcGJojRRw3ZPGQGzACgngwB Pv0MBb8SUgDiiKc/3zJ1Uo4=bo/b -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 08, 2015
•Important
Red Hat
98
security advisorymoderatesecurity issueRed Hat OpenStack Folsom RHSA-2013:0671-01 Moderate PackStack Security Fix
An updated openstack-packstack package that fixes one security issue and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-packstack security and bug fix update Advisory ID: RHSA-2013:0671-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2013:0671.html Issue date: 2013-03-21 CVE Names: CVE-2013-1815 ==================================================================== 1. Summary: An updated openstack-packstack package that fixes one security issue and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. It was found that PackStack did not handle the answer file securely. In some environments, such as those using a non-default umask, a local attacker could possibly modify the answer file if PackStack was run in an attacker controlled directory, or attempted to create the answer file in "/tmp/", allowing the attacker to modify systems being deployed using OpenStack. Note: After applying this update, PackStack will create the answer file in the user's home directory by default. It will nolonger create it in the current working directory or the "/tmp/" directory by default. (CVE-2013-1815) The CVE-2013-1815 issue was discovered by Derek Higgins of the Red Hat OpenStack team. This update also fixes several bugs in the openstack-packstack package. All users of openstack-packstack are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 865347 - RFE: Hypervisor installer should change host's IO scheduler to deadline for improved performance 886603 - Openstack Installer: packstack should handle both IP addresses and hostnames for all parameters available in its answer file. 888725 - packstack puppet recipes should set authtoken parameters in *.conf not paste.ini 892247 - Provide --all-in-one parameter to Packstack 893107 - Openstack-packstack: The installation log file is available at - is empty, ( when not using '--debug=true') . 894733 - packstack: keystonerc_admin file generation: assumes '/root' exists, stores keystonerc_admin file with too much permissions 896618 - RFE: Use full/explanatory service names in user prompts. 903502 - packstack munges my RHN password 903545 - take /usr/share/*dist.conf into account when writing /etc/*conf 903813 - Configure Horizon to use HTTPS by default. 905081 - glance endpoint url contains version which brakes new-enough python-glanceclient 905368 - Support for RHN Hosted and Satellite 905842 - NTP configuration fails if ntpd service is running in the machine already 908695 - openstack-packstack: Installation failed on iptables Command Error 'Resource temporarily unavailable'. 908771 - Have consistent conventions for variables (passwords) 908837 - RHEL version not supported. RHEL > 6.4 required isnot true. True is RHEL > = 6.4 is required. 908838 - RHEL version not supported. RHEL > 6.4 required is not true. Reported when connection problem happened. 908846 - answer file options values doesn't allow white-spaces 908900 - CONFIG_SWIFT_STORAGE_HOSTS format handling is badly parsed 910089 - Packstack doesn't make sure the private interface is up 910210 - packstack needs to add option to subscribe to rh beta rpm's 911626 - double first typo in answfile 912006 - Openstack Installer: packstack error while trying to validate NTP server 912702 - Remove symlink to qemu-kvm from qemu-system-x86_64 created for VM on VM installs 912745 - INFO_KEYSTONERC hardcoded to /root/ location. 912768 - Packstack needs to add nagios to monitor hosts 915382 - Prompt for NTP should highlight way to provide list (comma separated) 917904 - CVE-2013-1815 OpenStack packstack: answerfile creation permissions issue 6. Package List: OpenStack Folsom: Source: noarch: openstack-packstack-2012.2.3-0.1.dev454.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-1815 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRS1JZXlSAg2UNWIIRAh0DAJ9IE0vX11+D1fF6TyuQxFC6pe2TkACggEGV YCXGwwcuE4rXH/4RWlnNBLE=rUZ2 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 21, 2013
Red Hat
98
security advisorydenial of servicered hatCanonical Ubuntu Cloud: USN-2013-0595-01 Moderate Nova Vulnerabilities
An updated openstack-packstack package that fixes two security issues and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-packstack security and bug fix update Advisory ID: RHSA-2013:0595-01 Product: Red Hat OpenStack Advisory URL: https://access.redhat.com/errata/RHSA-2013:0595.html Issue date: 2013-03-05 CVE Names: CVE-2013-0261 CVE-2013-0266 ==================================================================== 1. Summary: An updated openstack-packstack package that fixes two security issues and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: OpenStack Folsom - noarch 3. Description: PackStack is a command line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof of concept installations and more complex multi-node installations. A flaw was found in PackStack. During manifest creation, the manifest file was written to /tmp/ with a predictable file name. A local attacker could use this flaw to perform a symbolic link attack, overwriting an arbitrary file accessible to the user running PackStack with the contents of the manifest, which could lead to a denial of service. Additionally, the attacker could read and potentially modify the manifest being generated, allowing them tomodify systems being deployed using OpenStack. (CVE-2013-0261) It was discovered that the cinder.conf and all api-paste.ini configuration files were created with world-readable permissions. A local attacker could use this flaw to view administrative passwords, allowing them to control systems deployed and managed by OpenStack. (CVE-2013-0266) The CVE-2013-0261 issue was discovered by Kurt Seifried of the Red Hat Security Response Team, and CVE-2013-0266 was discovered by Derek Higgins of the Red Hat OpenStack team. This update also fixes several bugs in the openstack-packstack package. All users of openstack-packstack are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 886592 - Openstack Installer: packstack should return an informative error when remote nodes are not configured with openstack repository 890295 - Packstack should not fail installation of cinder-vol service if the VG doesn't exist (as cinder-vol may be using plugins) 892942 - openstack-packstack: When SELinux disabled on machine installation failed with Error during remote puppet apply of horizon.pp. 903187 - Better error handling for missing parameters in answer file 904669 - PackStack should create a simple cinder block storage device to use by default if none is present 905516 - openstack-packstack: Race condition caused /etc/sysconfig/modules/kvm.modules could not be found. 905737 - When using packstack where hostname is localhost.localdomain, mysql fails to install 906006 - The --gen-answer-file parameter does not understand the ~ shortcut for home. 906410 - Generate answer file when running on live mode 907624 - Misleading message when generating publickey. 907737 - Typo: Creating Galnce Manifest... 908101 - CVE-2013-0261 OpenStack packstack: insecure use of /tmp in manifest creation 908581 - CVE-2013-0266 OpenStack packstack: puppetlabs-cinder / manifests / base.pp weak file permissions 910211 - Epel version is hardcoded to epel-release-6-8 910818 - packstack should install openstack-selinux 911653 - KeyError in remove_remote_var_dirs 6. Package List: OpenStack Folsom: Source: noarch: openstack-packstack-2012.2.2-1.0.dev408.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2013-0261 https://access.redhat.com/security/cve/CVE-2013-0266 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRNl37XlSAg2UNWIIRAqaIAJoD3rVBXb5HMlkMZNWTXdFz11EGygCgkz3V rb6tf2+zMrAk/lGh09wlZHI=oOBi -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 05, 2013
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!