Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0995: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-tripleo-heat-templates) security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-4180: openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken
Red Hat Security Data
Open in Source
#sql#vulnerability#mac#red_hat#memcached

Issued:

2022-03-23

Updated:

2022-03-23

RHSA-2022:0995 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 16.2 (openstack-tripleo-heat-templates) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-tripleo-heat-templates is now available for Red Hat
OpenStack Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Heat templates for TripleO

Security Fix(es):

  • Data leak of internal URL through keystone_authtoken (CVE-2021-4180)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

  • Red Hat OpenStack 16.2 x86_64
  • Red Hat OpenStack for IBM Power 16.2 ppc64le

Fixes

  • BZ - 1855678 - Configure Ceph Messenger for encryption OTW
  • BZ - 1869587 - Octavia and LB issues after OSP13z11 and OSP16.x upgrade
  • BZ - 1886762 - [RFE] support NFS mount at the conversion directory
  • BZ - 1921112 - [OSP13->OSP16.2] nova-consoleauth still present in cli after upgrade.
  • BZ - 1949673 - [RHOSP16.2] [rsyslog] Miss configuration generated in 50_openstack_logs.conf
  • BZ - 1949675 - [RHOSP16.2] [rsyslog] rsyslog containers does not forward logs to elasticsearch
  • BZ - 1955562 - Backup and Restore: Backup openstack client integration - openstack backup using bad nfs server address is not erroring out
  • BZ - 1962304 - cinder volume at DCN unable to read central cephx keyring
  • BZ - 1965233 - [FFU 13 -> 16.x] xinetd is running after upgrade, blocking swift_rsync container
  • BZ - 1969411 - [RFE]: allow for the deployment of RHCS dashboard on any composable network
  • BZ - 1975271 - Minor update does not restart ha resource when it is in failed stated
  • BZ - 1976055 - Configuration of Memcached TLS requires the user to duplicate configuration entries
  • BZ - 1978228 - [OSP13->OSP16.2] Leapp upgrade failed with TLSEverywhere
  • BZ - 1980542 - [16.2] LC_CTYPE: cannot change locale (C.UTF-8) during OC upgrade 13 to 16.2 seems to fail upgrade
  • BZ - 1983748 - NeutronL3AgentAvailabilityZone does not set specified value for Availability zone of Neutron L3 agent
  • BZ - 1984555 - [RHOSP16.2] Smart plugin doesn’t work for CAP_SYS_RAWIO capability missing.
  • BZ - 1984875 - [OSP13->16.2] the leapp persistentnetnamesdisable actor should be removed so that a reboot can be avoided
  • BZ - 1992506 - [RHOSP16.2] dpdk ovs vhost postcopy requires to start ovs with --mlockall=no
  • BZ - 1999324 - NovaLiveMigrationPermitAutoConverge should default to true to match NovaLiveMigrationPermitPostCopy
  • BZ - 1999725 - [RFE] Allow for the deployment of Ganesha on the overcloud “external” network
  • BZ - 2000582 - ceph ssl radosgw port is closed for tempest (undercloud node)
  • BZ - 2002346 - [OSP-16.2] [Upgrades][TripleO] Revert of the TSX change in tripleoclient
  • BZ - 2003176 - [OSP16.2] ovn-dbs pacemaker update_tasks can race with pacemaker update_tasks
  • BZ - 2005086 - Unable to disable gateway validation on deployment
  • BZ - 2005680 - Cinder __DEFAULT__ volume type is installed but *tripleo* volume type is the real default
  • BZ - 2008418 - Stack reconfiguration failed because ha-proxy container crashed during reconfiguration
  • BZ - 2009422 - Deployment failing due to “Create /etc/openstack directory if it does not exist” task
  • BZ - 2010114 - Openstack ceilometer archival policy is not taking effect
  • BZ - 2010703 - rhosp-release package is removed during upgrade from all nodes
  • BZ - 2010940 - ceph-nfs not coming up after the FFU
  • BZ - 2013913 - Minion should be configured with same default tuning as Undercloud for atleast heat & ironic
  • BZ - 2014758 - There’s a typo in MySQLInodbBufferPoolSize as it should be MySQLInnodbBufferPoolSize
  • BZ - 2021575 - [16.2] openstack overcloud upgrade run times out / HAProxy container fails to start
  • BZ - 2022234 - Parameter ‘ValidateGatewaysIcmp:false’ is not working in OSP16.2
  • BZ - 2022691 - [OSP16.2] qemu logs are not accessible on the host
  • BZ - 2026290 - Some log files are not collected/relayed by rsyslog to remote log server
  • BZ - 2027787 - Undercloud upgrade to 16.2 fails because of missing dependencies of swtpm
  • BZ - 2030409 - [OSP16.2] Memcached if off for Heat, Keystone and Nova since caching backend is dogpile.cache.null
  • BZ - 2031110 - Long t-h-t role name causes OVNMacAddressPort tag to exceed the neutron tag length limit
  • BZ - 2032010 - [OSP16.2.0] neutron-dhcp-agent causes oom issues on controllers
  • BZ - 2034189 - Validation if NTP/Chrony is configured during at initial stage of deployment procedure
  • BZ - 2034730 - Horizon log not collected/relayed by rsyslog to remote log server
  • BZ - 2035793 - CVE-2021-4180 openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken
  • BZ - 2037940 - [OVN] Enable ovn-monitor-all to help with OVN scale
  • BZ - 2038897 - [RHOSP16.2] [DCN] [STF] metrics_qdr containers failed to start with bind address error
  • BZ - 2046185 - From time to time memcached stops processing requests and brings down OpenStack control plane
  • BZ - 2046211 - [OSP13->OSP16.2] Leapp actors directory change impacting in the upgrade
  • BZ - 2050154 - [update] 16.1->16.2 experience a connectivity cut (ping loss) to FIP during update of the controllers.

Red Hat OpenStack 16.2

SRPM

openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.src.rpm

SHA-256: d73a5fcdea23545d3242444d518140c3c48c4ca0d8dc88dd47c78d47c8c64691

x86_64

openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.noarch.rpm

SHA-256: b30f0062687f04fb489a428abfafb8d4796da60d0c6841f0fc498b4d3dbf2a31

Red Hat OpenStack for IBM Power 16.2

SRPM

openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.src.rpm

SHA-256: d73a5fcdea23545d3242444d518140c3c48c4ca0d8dc88dd47c78d47c8c64691

ppc64le

openstack-tripleo-heat-templates-11.6.1-2.20220116004912.el8ost.noarch.rpm

SHA-256: b30f0062687f04fb489a428abfafb8d4796da60d0c6841f0fc498b4d3dbf2a31

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data