Explore top 10 tips to secure your open-source projects now. Read More
×
An update for openstack-cinder is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 17.0 (openstack-cinder) security update Advisory ID: RHSA-2023:1016-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1016 Issue date: 2023-02-28 CVE Names: CVE-2022-47951 ==================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 17.0 - noarch 3. Description: Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161812 - CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor 6. Package List: Red Hat OpenStack Platform17.0: Source: openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.src.rpm noarch: openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm python3-cinder-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm python3-cinder-common-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm Red Hat OpenStack Platform 17.0: Source: openstack-cinder-18.2.1-0.20230202190311.1776695.el9ost.src.rpm noarch: python3-cinder-common-18.2.1-0.20230202190311.1776695.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-47951 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/5H69zjgjWX9erEAQg9GQ//e15SEjpA3X7tj9b4RDInsVxck9CuZKQc ogM/KfPa4stVrY05jbEVvvtdjtT1gkqLmu4SeTaicNrZ08A9EbMvZ1+rR2Lx3Rzf 8KxLQMfFNM2DmUyjjmaBSpE1FYhgouwa0Tt59fJkpJLuStBaDgqAD9LAdIhGCrbo EiMhr6NllWPo3G+xg6tea62UFjK2+BSPpocCpy0VX2/m1e00MXKF2OWOdXT6Yx1a Gc6dRUXjcdFhr3LqeAJ2f7vOgqtfJWjzON6sohGmCM4Jq3a6E80anyr6I3wWDbEZ +EcFkKUnmXTdusVplINwxGT4nizSXTx1xzFOXPm3wE+i5XDk8Sf+EnB/KypKc0d1 oUHuJL4q8QsIl3MNAgXmPHZZT49hfJ5/1qeZiIN6SYG7hPz4ih2WUyDmwL2O5FY0 xT5n9kLxTZ4Pj0SBRhhZrNgK3NdZQtacnA95JqGjZ+rDJgOiPKLHhCe8Q5dXZJEn cvEwzq5CtPr+jsNSk+FciJ/qrwUQyNiX9t0NSFjBF1CVDvD6Irg4qYd1Q9cX2XuN kYMRuucMaNMU/UeAClBacHyYyZnKxVjabV9IhPjaWj4k38XivU9iIlXxvw5pu0Rc 1JI22+oPg5TW04nLCWTUQnWtVTpu+8/KIsKp+z8JsMHP20R6RYr4yNYyH1bUJ1Ky flo0mrWDaUI=UhJF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.2 (python-waitress) security update Advisory ID: RHSA-2022:1253-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1253 Issue date: 2022-04-06 CVE Names: CVE-2022-24761 ==================================================================== 1. Summary: An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: Pure-python WSGI server Security Fix(es): * Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CVE-2022-24761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2065086 - CVE-2022-24761 waitress: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 6. Package List: Red Hat OpenStack Platform16.2: Source: python-waitress-2.0.0-1.el8ost.src.rpm noarch: python3-waitress-2.0.0-1.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24761 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYk1oGNzjgjWX9erEAQjteg/+Mt2AdQligq44W0Fsjq3icE0sr+1yuL6H pq6WCzXRxDMEnt2P3QsqB3UI6/6MC748hQ1siWJ1B61jOE7jowWW3n3KMIk8JbN3 BZ2KKtI6K+wq1AYwQYDgAN1SIWec/LI+amzr73mIn/C8nWDTpRmixntgtFbl6FzV /M1FN3c+1o8JR85ny7w5YjTg1A/ZAQAboKaXnDmkif3Wie1A4mByBVQnLVUHvjSb nqcacZEODSbfi+Q+ZRhY8BSMpAJH/RCkJm9LgMt5UF2N2o3Dz0jqlbzCy3uDwbNA 43S8OSG0CD2N39NMIMOHAERsAsiL3+zPE6fTR44/7dUk6J3YPVUdDLChwjyLISC1 a70fhyna0WBZ5Vaa9jimsCniaVKfdy2sksjWX4yJgi5V726aYX5EaVAFWXyh6rh3 FOg93Js9jx36R794S9qB1klGsld1Wv02xi+uce70fpT4qhbjBdbtqjObwupike3e dbiAWJe/bk2/QW04UPmUnobstdcutYNS3S5M799JhOqBwY1fFriUAK1k+APieBho AeTbfO3auuOALJibzr5oMJObycf9ZcnmWqkmjYIUfqnTcfY2nglf7HliLYzwOX2x r5Qo+0J0BQ8CrULyAQ6oACd8G7rdEGGHQDoPlQ179bI8jqWYGTupqlfK5X0ThkXu etPFvB5HZz8=bb0N -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for golang-github-vbatts-tar-split is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update Advisory ID: RHSA-2022:0988-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0988 Issue date: 2022-03-24 CVE Names: CVE-2021-29923 CVE-2021-34558 ==================================================================== 1. Summary: An update for golang-github-vbatts-tar-split is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - ppc64le, x86_64 3. Description: Security Fix(es): * net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS clientto panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 2020629 - Rebuild OSP16.1 golang dependencies on golang 1.15 6. Package List: Red Hat OpenStack Platform 16.1: Source: golang-github-vbatts-tar-split-0.11.1-6.el8ost.src.rpm ppc64le: golang-github-vbatts-tar-split-0.11.1-6.el8ost.ppc64le.rpm x86_64: golang-github-vbatts-tar-split-0.11.1-6.el8ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyOhNzjgjWX9erEAQjOzA//WW/ZtcC9Uu/MzYPYa93eYECAbk+aG4yJ Ew7Zx32KWsdc3b78IVcCVHSeXeAcJpP3AzTN3Cf/Y/pCZn7Y5bnJwHbfAkcyY9+1 CoWG3z2vFnB5NKuHttW1GlPY2vSmVvuYQVD/aa3CGpkvbA8HuYvZUG3blW8N64lx xnpqBnEwZx0bo+qd4CgZNSGKWF9d0HwEod3zEaBeliyehqehaORYRDl+KCUmOx6z CgovkmRWJEj6RqCUHRGjaEo8kEl6p+Eid8t41/ZKuua3hZLpEGN3qoWiSp+gC8Jn BbzIvE2hV7Yf3HwvLHO+qbx5xb7S7YtjzR9A5BvDFCb6hdFCYo8+0jjM/49ti01Z 4+5J5kJybA8IohTdoAaioZSRqojoewWR1N5VqTOKei+GxO6nMgJ3KMUeRm4udbdk 3s36rQXGHmUvoZIOVGq7K//zoGv0SVgk8AWSoY3eFNG+Xn6hTaQ8T1j2SqAr7r32 vVkO+HZucpFkkVibLmABi7x6Q4wtWj4kKcf3Zb/Jn5UzAVz/7eywO/r21uWmV3fY 1p3WIAEx0i97Kkbfohw66fMb0aLrKbxBI5HQwtQS3aMHqvmMFqGS1B8AHyZHIf0y fuoIiNybJLUU7CsomBkpYu6ICTBJwV+I0FTZ6x1pIVuPIFHELqeIwbev8TbmZ9Sb 6s/o+JnW/uc=PomQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.2 (etcd) security update Advisory ID: RHSA-2021:3487-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3487 Issue date: 2021-09-15 CVE Names: CVE-2021-31525 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 ==================================================================== 1. Summary: An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - ppc64le, x86_64 3. Description: A highly-available key value store for shared configuration Security Fix(es): * net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply thisupdate, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 6. Package List: Red Hat OpenStack Platform 16.2: Source: etcd-3.3.23-3.1.el8ost.1.src.rpm ppc64le: etcd-3.3.23-3.1.el8ost.1.ppc64le.rpm etcd-debuginfo-3.3.23-3.1.el8ost.1.ppc64le.rpm etcd-debugsource-3.3.23-3.1.el8ost.1.ppc64le.rpm x86_64: etcd-3.3.23-3.1.el8ost.1.x86_64.rpm etcd-debuginfo-3.3.23-3.1.el8ost.1.x86_64.rpm etcd-debugsource-3.3.23-3.1.el8ost.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-31525 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYUGVQtzjgjWX9erEAQhFPQ//aj9A90xuGEN2GzTcpfYQ/ZsicrzDl372 C//bo1eXlViR6brf+lBH8BWD2XSyK+Jl/7cD0AFV5/PuPdJ6OPIUHPjc3/jPiTfH B2Z9qT2T8U6A59e6WwaYVP+HNTTdxp9AEBcbfWqwrbQnUEVTbgGQQcpsTfeBuQ2F VKT9m3yxK/RHnwfGYZLT2Uv670+JmdlAwWMXMPqcOfSuWB8p5x9iOs0H6VEWpngf gZY+JhOXtWQ3PRvEzsojmsxB4uUNpxoWOs0OsV2OvFpJeOwHDHqPUPfJGjy2xoW2 F3HY48Igq+wpHbma2QEeGnQE5OwI3x3uL2riOMNtD1VEItdXo2xBw1fXT0bPStsh jNQoTTpPPueXIWqJQW/1JDXSTDoXHZJuycQHLB7+n4jnKW3Kn9t69zZC+suTOVZ2 dIr65ArrI1N5ZQRK5KU2bEKBcy257Prg2vpEQu2oIs2gqNP5uAIguRvLiswzypku sleLGkzlSP0izYR2DOdvQHm2igJm+mXXtK/T3ISeou2BFW8wcFsQcnsaNEIFvMTy ymQ2FHoCxYM0LHvji4MMt0mEuAKFtzXZeckk08+3hZxotYYIHLKH1NWngSr3SQsB cyXnLMStAoXer/NU0f86DlIKYGvs8zmJrXN/emBbenenSGbspnjfDUzCmrd9LWBb SL1fym9Pq1I=6dzK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for openvswitch2.11 and ovn2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openvswitch2.11 and ovn2.11 security update Advisory ID: RHSA-2021:0931-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0931 Issue date: 2021-03-18 CVE Names: CVE-2015-8011 CVE-2020-10722 CVE-2020-10723 CVE-2020-10724 ==================================================================== 1. Summary: An update for openvswitch2.11 and ovn2.11 is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - noarch, ppc64le, x86_64 3. Description: Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * buffer overflow in the lldp_decode function in daemon/protocols/lldp.c (CVE-2015-8011) * librte_vhost Integer overflow in vhost_user_set_log_base() (CVE-2020-10722) * librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723) * librte_vhost Missing inputs validation inVhost-crypto (CVE-2020-10724) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828867 - CVE-2020-10722 dpdk: librte_vhost Integer overflow in vhost_user_set_log_base() 1828874 - CVE-2020-10723 dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() 1828884 - CVE-2020-10724 dpdk: librte_vhost Missing inputs validation in Vhost-crypto 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1905246 - Include latest FDP release in RHOSP 13z15 6. Package List: Red Hat OpenStack Platform 13.0: Source: openvswitch-selinux-extra-policy-1.0-17.el7fdp.src.rpm openvswitch2.11-2.11.3-77.el7fdp.src.rpm ovn2.11-2.11.1-57.el7fdp.src.rpm noarch: openvswitch-selinux-extra-policy-1.0-17.el7fdp.noarch.rpm ppc64le: openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.ppc64le.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.ppc64le.rpm ovn2.11-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-central-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-debuginfo-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-host-2.11.1-57.el7fdp.ppc64le.rpm ovn2.11-vtep-2.11.1-57.el7fdp.ppc64le.rpm python-openvswitch2.11-2.11.3-77.el7fdp.ppc64le.rpm x86_64: openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-debuginfo-2.11.3-77.el7fdp.x86_64.rpm openvswitch2.11-devel-2.11.3-77.el7fdp.x86_64.rpm ovn2.11-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-central-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-debuginfo-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-host-2.11.1-57.el7fdp.x86_64.rpm ovn2.11-vtep-2.11.1-57.el7fdp.x86_64.rpm python-openvswitch2.11-2.11.3-77.el7fdp.x86_64.rpm Red Hat OpenStack Platform13.0: Source: openvswitch-selinux-extra-policy-1.0-17.el7fdp.src.rpm noarch: openvswitch-selinux-extra-policy-1.0-17.el7fdp.noarch.rpm Red Hat OpenStack Platform 13.0: noarch: openvswitch2.11-test-2.11.3-77.el7fdp.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8011 https://access.redhat.com/security/cve/CVE-2020-10722 https://access.redhat.com/security/cve/CVE-2020-10723 https://access.redhat.com/security/cve/CVE-2020-10724 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFNS3tzjgjWX9erEAQgodQ//TafrmK1oRWEZce0JW1WHJm40ehzABsK5 j1+IMDt5zfT3OZxLPQ/cDnIlHcBVS+Wt2GEiI78cK5rPLrqmaiIthBmCN/1SXBdM qgD7i2Kf9zvIw3WLIz0hmH6UWnTiCg5oxRdA+cZzGHFcIHXLaiGNn+feyd7sHSSQ JFo5gTcosvIqrB/raRGUOCLVOoztKFYD+HrWYib79VlWhAXKSyvwNX4YZCmpc8xG 1Urj3aQbEkKt+5DAPatPaqX85ApnrRK1zr+vfKG8YGxbaymenoGYyCy6zgAUnqM5 HDEwDFUZ+OZfZqu7VJY1elCWm8ZxB288kATTozHyMuvPbt3VpugR3lpdHGLvTKQH SY0v41CvTcQ0F3nZin9x0xfXN6KZKK07tAuuNUiw24+dFJSFIse7GlyQclc7zD+8 ro6YMz9MhzYJnyXDocjN+q/X6ZWJxKiCg0ek0/sBa9vfCkkZ3x0fFzMUVM9KocSu vPJ6d5vN042Hhn0OoPigXFuhb8XBoN8T5dr+lTIKCl0/C9daJdB7r1YJryaCXUUZ fu0GBGoIudAmUPFYab+Cuo+aW+/VkdYS9GB+ygQ27o2x+9Iw75JJpVXPl8mPLR/+ Qf4cn7uRnIAp9KXJAudeC2hVIVd2mFNTmDCTCfFu5k8JM3To2q+bHT5oNzaU6CVE tvBsfBXM2Io=/cYk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: qemu-kvm-rhev security update Advisory ID: RHSA-2021:0934-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0934 Issue date: 2021-03-18 CVE Names: CVE-2020-1983 CVE-2020-16092 ==================================================================== 1. Summary: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ppc64le, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) * reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1829825 - CVE-2020-1983 QEMU: slirp: use-after-free in ip_reass() function in ip_input.c 1860283 - CVE-2020-16092 QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c 6. Package List: Red Hat OpenStack Platform 13.0: Source: qemu-kvm-rhev-2.12.0-48.el7_9.2.src.rpm ppc64le: qemu-img-rhev-2.12.0-48.el7_9.2.ppc64le.rpm qemu-kvm-common-rhev-2.12.0-48.el7_9.2.ppc64le.rpm qemu-kvm-rhev-2.12.0-48.el7_9.2.ppc64le.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.2.ppc64le.rpm qemu-kvm-tools-rhev-2.12.0-48.el7_9.2.ppc64le.rpm x86_64: qemu-img-rhev-2.12.0-48.el7_9.2.x86_64.rpm qemu-kvm-common-rhev-2.12.0-48.el7_9.2.x86_64.rpm qemu-kvm-rhev-2.12.0-48.el7_9.2.x86_64.rpm qemu-kvm-rhev-debuginfo-2.12.0-48.el7_9.2.x86_64.rpm qemu-kvm-tools-rhev-2.12.0-48.el7_9.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1983 https://access.redhat.com/security/cve/CVE-2020-16092 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYFNQStzjgjWX9erEAQjbyg/8DIW5WEMUHxluKeaNckrWZwTN5ZTTQD+Q iJpQbf5+fIoCYZzgK3Vh55jSXbyCgJnHJATvZFss/tH2wy4zbw1T9V1n146cRflv fT+LtnB0VDVBnF6X/q8Ih+ugHTa0+6sR1xBSRH8ACc3wnR2V4PFWj6apGbxzHKp/ Wutr5U7lLc5ashRM6ztwqM2CM/YOZeJMfSr1NnIXqnf4BmiOF7wmO6sZrqDTDhKq UKlz9ohBpPldbLVHNF43BHUn4RqUgf/xTDNv0ft0ogTVs3MY9vdmcoBnMh70tNqb 9jqDZEVinyMoEqpI0+jEewmzYXrFbc6bBWMfd2C5OLNIn3606V5PBNftJqKmAAdP fa2iHq0wU7rLfaXKgErYxvWi6oPt0tKRDsJbQksSEr8rwARrqBPzH5U/oprGmPLV dBMXlVXj1btoVx9PxAM5LneuzQOHpJNYxIZPlaI1yqTb79PZPoYRIxBYFFPS2hFI puoWcNxcWGBLcaGIZvFTSEiCfg6yScFQab5Fje7BE4OOrE9tJqN5Uc8TTQJm5E+P LbJQUx9VN31uQAlWm8KFkoLqHARyoTHWpcPyMsMjyncLg3HAIs6U709uHZdKeV8w RqYtlxkyxS4+N93sQtx4CTL93GWfPZhvy/2C+AlfePyKsfpTzBUAeu+AVEr8uYA2 EvG4AP7XUq8=D5Gj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for rubygem-em-http-request is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rubygem-em-http-request security update Advisory ID: RHSA-2021:0937-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0937 Issue date: 2021-03-18 CVE Names: CVE-2020-13482 ==================================================================== 1. Summary: An update for rubygem-em-http-request is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 Operational Tools for RHEL 7 - ppc64le, x86_64 3. Description: EventMachine based, async HTTP Request client. Security Fix(es): * missing SSL hostname validation allows MITM (CVE-2020-13482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1911457 - CVE-2020-13482 rubygem-em-http-request: missing SSL hostname validation allows MITM 6. Package List: Red Hat OpenStack Platform 13.0 Operational Tools for RHEL7: Source: rubygem-em-http-request-1.1.5-4.el7ost.src.rpm ppc64le: rubygem-em-http-request-1.1.5-4.el7ost.ppc64le.rpm rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.ppc64le.rpm x86_64: rubygem-em-http-request-1.1.5-4.el7ost.x86_64.rpm rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-13482 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFNPltzjgjWX9erEAQhy4w/+JJrsRo5h3qFyZJG85pUWAY0PdewMtN6H 8qbUj3rj9NJ5jIa72ms3ELmG/KK/+Afrw09K5WpjRt3s0bKn4UUmiM1sP6mWH6XM TZ1JCWkwGhABGSc3DrH78mU31npPMOd99KO0DzpoXU096YcZonYqSJUQLrdvBfVK neCZOvOWaDqap9j/nkPqK49ZuK45VKE2fjvcmkNLLkVfjy0m4e51AIos9YXLDFa8 jGsuRJGeXhGCS3IskViOJZ79gtm2vZKPdNY7tyl9dgPlj30VJ2+7zgZqXdmwqaft 3BlCCv/HyDMCjqZZdqZxviqTGeAcVKZd3Oyu8iKlgW9BdIUvYkHnJM82KASDUPzC msbz8rMVphnadR1xEu8mKJLQRYe5XXsiP6fkPxJx40nt8FmNgZa70lg6eW5ZG5bS dY+gaYX6hU01+3xzzTCJjYYLYOyeGPw1jDiHz26yzz61CApC4nDs3vb8JrgT4brQ 7tBdHQy93BYJv4Q2+A/sgHGAsxC8EPjlwl1YDU8Oix8TX1887j1vyU6sKFntklIM 9d++Dpho+mz8vpURgOZv2BZQHYaY8/GLvuG/1KFiH6XlPDYddBZrDl3H2aoJpTQ1 QeY0UOcHCMqy74Pd4nIYcGZ7R1WFkk/U/EcfKGOAGEl0uLPrA/tfpkeR/SAGa1Pg fSUW1FsKuVU=MG1I -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2020:3708-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3708 Issue date: 2020-09-10 CVE Names: CVE-2020-17376 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix(es): * Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: openstack-nova-17.0.13-24.el7ost.src.rpm noarch: openstack-nova-17.0.13-24.el7ost.noarch.rpm openstack-nova-api-17.0.13-24.el7ost.noarch.rpm openstack-nova-cells-17.0.13-24.el7ost.noarch.rpm openstack-nova-common-17.0.13-24.el7ost.noarch.rpm openstack-nova-compute-17.0.13-24.el7ost.noarch.rpm openstack-nova-conductor-17.0.13-24.el7ost.noarch.rpm openstack-nova-console-17.0.13-24.el7ost.noarch.rpm openstack-nova-migration-17.0.13-24.el7ost.noarch.rpm openstack-nova-network-17.0.13-24.el7ost.noarch.rpm openstack-nova-novncproxy-17.0.13-24.el7ost.noarch.rpm openstack-nova-placement-api-17.0.13-24.el7ost.noarch.rpm openstack-nova-scheduler-17.0.13-24.el7ost.noarch.rpm openstack-nova-serialproxy-17.0.13-24.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-17.0.13-24.el7ost.noarch.rpm python-nova-17.0.13-24.el7ost.noarch.rpm python-nova-tests-17.0.13-24.el7ost.noarch.rpm Red Hat OpenStack Platform13.0: Source: openstack-nova-17.0.13-24.el7ost.src.rpm noarch: openstack-nova-17.0.13-24.el7ost.noarch.rpm openstack-nova-api-17.0.13-24.el7ost.noarch.rpm openstack-nova-cells-17.0.13-24.el7ost.noarch.rpm openstack-nova-common-17.0.13-24.el7ost.noarch.rpm openstack-nova-compute-17.0.13-24.el7ost.noarch.rpm openstack-nova-conductor-17.0.13-24.el7ost.noarch.rpm openstack-nova-console-17.0.13-24.el7ost.noarch.rpm openstack-nova-migration-17.0.13-24.el7ost.noarch.rpm openstack-nova-network-17.0.13-24.el7ost.noarch.rpm openstack-nova-novncproxy-17.0.13-24.el7ost.noarch.rpm openstack-nova-placement-api-17.0.13-24.el7ost.noarch.rpm openstack-nova-scheduler-17.0.13-24.el7ost.noarch.rpm openstack-nova-serialproxy-17.0.13-24.el7ost.noarch.rpm openstack-nova-spicehtml5proxy-17.0.13-24.el7ost.noarch.rpm python-nova-17.0.13-24.el7ost.noarch.rpm python-nova-tests-17.0.13-24.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17376 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX1nWCtzjgjWX9erEAQgYHQ/+KVJROuN2vosZ2AoOOJ+lDaKSfl04ivl4 APJ7wElgwenLhH7KacUpoDuVQiTicXjcYG9MOlMW8/8iYDBO59UKSGu4IvIol9sS qGWQ/jcU2yk/iidPlVMh5e1OgJWWN7hCQgaHTCL1OMS3mvRXwI3Kc9SwExlI+MVu gPkwpzYgdcFWn/IM5WyHFgmxItUC94l32LlwEtqWLnzR2Nwgkzs0s506Wsce5tOQ vCPP2gO9efTtVmajDV4lhimvfV2rOl6jvYKCRSZCe//oZ35RlJif4dHVXf4VbvPV CcSu8fYkh2fR4JcBn+2k4ZThcPeCC9qXeV/ANkopkOm+nlmhDiyjpUSMZZGeaMUL d0a267F36O255PxvWUzT3KSE54Bjiom2i3kInJb8V6XxHcxNjSE1oufFFNBm0vrd vwMMEbSRUoP0RFxiGoXtjXZPFRi3SlfNV20pGQnKlIGz5xUlsn2/k0uiZCJ5Yw4Q mE567OtWMFoSjBb4OstLqRERTiMY0DxEdJ7ozXTAV40CVrxdEycTwMMfA78KUe0F r8BQjZ73QONJtsQrQNgXbJntZpo6CFpPNF+j53txpjt6SsXBWvIJpeaEN3cBka4Y 9m21u0FEUC+dmMLGfwbOOUFUYiBJ6pk3/UGBSNV+T6W4gieGzWdi8vRtaJufJddp TqODW5aYbp4=lIEQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Get the latest Linux and open source security news straight to your inbox.