Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0276: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-scciclient) security update

An update for python-scciclient is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2996: python-scciclient: missing server certificate verification
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-01-25

Updated:

2023-01-25

RHSA-2023:0276 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 17.0 (python-scciclient) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-scciclient is now available for Red Hat OpenStack
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Python ServerView Common Command Interface (SCCI) Client Library

Security Fix(es):

  • missing server certificate verification (CVE-2022-2996)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

  • Red Hat OpenStack 17 x86_64

Fixes

  • BZ - 2115122 - CVE-2022-2996 python-scciclient: missing server certificate verification

Red Hat OpenStack 17

SRPM

python-scciclient-0.10.2-0.20220830130628.b8e6e34.el9ost.src.rpm

SHA-256: c91e5821bd419c1cff9c7b2d2a5034ef3b9aed2f204a58b47d2e0dc29fd3d1a6

x86_64

python3-scciclient-0.10.2-0.20220830130628.b8e6e34.el9ost.noarch.rpm

SHA-256: 087281118d904a3a23587f08e18f75eedd4953fcba4d322b99a43e0bbf2f4fc8

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-0276-01

Red Hat Security Advisory 2023-0276-01 - Python ServerView Common Command Interface Client Library.

Red Hat Security Advisory 2022-8854-01

Red Hat Security Advisory 2022-8854-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.2.4 (Train) director for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Security Advisory 2022-8868-01

Red Hat Security Advisory 2022-8868-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

RHSA-2022:8868: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (python-scciclient) security update

An update for python-scciclient is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2996: python-scciclient: missing server certificate verification

RHSA-2022:8854: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-scciclient) security update

An update for python-scciclient is now available for Red Hat OpenStack Platform 16.2.4 (Train) director for Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2996: python-scciclient: missing server certificate verification

CVE-2022-2996: python-scciclient

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.