Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-4582-01

Red Hat Security Advisory 2023-4582-01 - Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Packet Storm
#vulnerability#red_hat#git#jira

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Release of containers for Red Hat OpenStack Platform 17.1 director Operator
Advisory ID: RHSA-2023:4582-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4582
Issue date: 2023-08-16
CVE Names: CVE-2022-21235
=====================================================================

  1. Summary:

Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are
now available.

  1. Description:

Release of Red Hat OpenStack Platform 17.1 (Wallaby) director Operator
containers provides these changes:

Security Fix(es):

  • github.com/Masterminds/vcs: Command Injection via argument injection
    (CVE-2022-21235)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

  1. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

2215019 - Update osp-director-operator references to GA locations
2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
2218299 - git url logic does not handle non-default ports and users
2221326 - Playbooks list is ignored for FFU and minor update

  1. JIRA issues fixed (https://issues.redhat.com/):

OSPK8-701 - nil ptr can hide actual error

  1. References:

https://access.redhat.com/security/cve/CVE-2022-21235
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/release_notes

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk3DJeAAoJENzjgjWX9erEuiMP/imCcjBOW9R1wSh1zKd1RBzP
dXVFE1OHcMotwaW33tL28avFe7BLiKsk/VVfKb38zplWVtyCw1e3Zl3PMf/Z/1vk
eizEwae5xPrSEPf0Y0XCrzE/Pkyvk6jnZUDjvUNt5j50iqkUZmhRJV+6BJlqqo/Y
7mJaj7Nl997iM7U/c/EKe15UOh7wUx5f4sEEOo0PCPNWhn5LuoK1/SdqLRtPBrEI
n52vhWP/+/neDifntcuZrs+sADJeIINC6U5vemSMl+bQImftzI17zaxV9T6q9lwp
tLVFqtkTJut/uy8ic5kwCZB6uJZgOmnfj9BkVY5CuK685Hxpsb25233xC0tfikQe
HXASQ+PrUGiP8TSYdqhJn3TVHdAZtKl1j6QFo2AEGqQ9N74yTov9iztJ0f8AELTh
OljWQ/ch2AhdttWuKqXiDgeAIUISrs2Kal0FIYvJKx9zog52Wq3U50nRnW6sQxrL
E958UJGZp6/ZfyI2mwvmuurQx9ketC0R4KVrqD72ml10dqeEwGjqYyiJO2UWqS9F
kGQBG/8RLQUtSWi1Ww0epUBdinG9fn6/h0Equss8KadEqWXmRKRPmJ6pj2IX9Rp/
/XZpsqEUIemqTSOnV84x7LEJ/9P+KIzemwc3lgJKInFBEFvOvIj+JIjOPVRWXZKn
DtiXu2EL4YuzPSbCD8Gm
=s0iR
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2023-4694-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4053-01

Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13