Red Hat Security Advisory 2022-8867-01 - An update for rabbitmq-server is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting and improper neutralization vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Low: Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) security update  
Advisory ID:       RHSA-2022:8867-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8867  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-32718  
====================================================================  
1. Summary:

An update for rabbitmq-server is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

RabbitMQ is an implementation of AMQP, the emerging standard for high  
performance enterprise messaging. The RabbitMQ server is a robust and  
scalable implementation of an AMQP broker. # We want to install into  
/usr/lib, even on 64-bit platforms

Security Fix(es):

* improper neutralization of script-related HTML tags in a web page (basic  
XSS) in management UI (CVE-2021-32718)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1977002 - CVE-2021-32718 rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in management UI

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
rabbitmq-server-3.7.23-9.el8ost.src.rpm

ppc64le:  
rabbitmq-server-3.7.23-9.el8ost.ppc64le.rpm

x86_64:  
rabbitmq-server-3.7.23-9.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-32718  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpaNzjgjWX9erEAQhFhw//cMHoe2JOTRgroiI4kKMBHO4nbWv0jxkR  
I2IM6gBNHg3/hxsu3LQsaGVM70lqjrbS+H55ukDmGfhXz2xHU+2qpfCIDcm0gxhW  
KOFaYvSlps8CjpjciIXVhy0LDcOnk9ipqx2ogLLv3DQjQAF5MdtuqtOf/wQuMRnh  
mUlY0u9XYiaXv7HHc1CRx1LkbLSHROTwe8Kl/om3p6velOF0tSr5cpjBjuUIuznh  
p5KOAZBsswQQZuwTrqYfyjCX8STX9mPrOQsddY+nxdd6L0XZ0vSmWcm94mMEA0PO  
xBl+2vNKEt2AB4UB2PEi0o7aVZrImix9JKEEhQREHX3qkP2RDsDlOkl8cZpAW9/K  
Gr3MXO8zSKJhC6E+5lnx0uIQHWyLTbnK4hixespaXCcclIRarsshv7+KbeFTYjTd  
Lw5ZdQdAeW3Pudr7a40HeMHlfRUcgwZKuvFur5wFVIeahxCVL/gL1ddirUiXDjZW  
+D5EsorMY+9fhn3iHlPUHpxl+JY3QM94qBm30KSB4qaBdhg1EcFB3Yv1Ojp/l1+k  
268RSc71eErmWl4dNo3tEgPLX6fZ8hJlKkefu8gg+mmauXgns2tM9/gQT2UFfLv0  
JFpLLwmOnSCbTDv2ZposZyROTK9cEs8jpHGFaoK+4M8aN2VmUxC2UCzEGb7UQyyl  
7pym91Xe0jQ=ueW9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8867-01

Red Hat Security Advisory 2022-8847-01 - An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (protobuf) security update  
Advisory ID:       RHSA-2022:8847-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8847  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-22570   
=====================================================================

1. Summary:

An update for protobuf is now available for Red Hat OpenStack Platform  
16.2.4 (Train).  
Red Hat Product Security has rated this update as having a security impact  
of Moderate.  
A Common Vulnerability Scoring System (CVSS) base score, which gives a  
detailed severity rating,  
is available for each vulnerability from the CVE link(s) in the References  
section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Protocol Buffers are a way of encoding structured data in an efficient  
yet extensible format. Google uses Protocol Buffers for almost all of  
its internal RPC protocols and file formats.

Protocol buffers are a flexible, efficient, automated mechanism for  
serializing structured data – think XML, but smaller, faster, and  
simpler. You define how you want your data to be structured once, then  
you can use special generated source code to easily write and read  
your structured data to and from a variety of data streams and using a  
variety of languages. You can even update your data structure without  
breaking deployed programs that are compiled against the old format. This  
package contains Protocol Buffers compiler for all programming  
languages and C++ headers and Static libraries for Protocol Buffers built  
with optimize_for = LITE_RUNTIME.

Security Fix(es):

* Incorrect parsing of nullchar in the proto symbol leads to Nullptr  
dereference (CVE-2021-22570)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:  
https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
protobuf-3.6.1-6.el8ost.src.rpm

noarch:  
python3-protobuf-3.6.1-6.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
protobuf-3.6.1-6.el8ost.src.rpm

noarch:  
python3-protobuf-3.6.1-6.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-22570  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpWNzjgjWX9erEAQj74hAAn8C33fY+jEtfS5EsOVSEbyw1OPxyfEfz  
kvBFwTG+R+9rd/pvLUr6+pKsPyASiBiO3ddm9GY++IePXxjwMn7bvOe4H9QqgP23  
5DhDrdWW8Oqv+wrOV7BAs13nCIGZTSof3NJ17SjUk6Wxex/Ne71Y0GEDhzqv3hXR  
WuGJ8tMWBftny9EdnQgLh4O0TC5Y1FBcIXL+ftwaKPCrs3QF+GwXmKYsiq4h0KGi  
98jDfKpP7EMF1ZojBzhIjc60wQUIbLiJKLx8bcsG13bPvxGiRyxRYHueHCJoWhcN  
amNRVdj+xUWYPPolRw5i1pZmPjIlbjwaL299MGeK1SfJ51eQYYzlKHBLKk2OfnE6  
AsONiGJKWICU6tx7ZcrW3p4skgNvGVd6WKAANWv7KWOdQy3OQ3m9ivG0qCxp3EyA  
nTjiWoX1+crMAcvtnqZ/Z9op9TLqL0eyhcgCpOIMZKFVy9NoKMmR7qpsx5lBBVTr  
82paMUhkzqNrHREeswMhxq3Q0zD3fZrjCR1Pl/+rYKVfjkX0ht2KFBjDEGUqH+uG  
N+z5H9kL3lP9W/lCwiIMbgUnvoqmrLFBqq5uXJSle6vmPF5ZthoQaUEsQUtqxKVM  
i7jmBmPOoOGYu1iLlu47fYUSgRMI+JjeXDz8bOOg42FJSYMcvfuzNGkEcTX0A9Me  
+GEDO6GfPBQ=  
=DSkQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8847-01

Red Hat Security Advisory 2022-8856-01 - An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Low: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update  
Advisory ID:       RHSA-2022:8856-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8856  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-1655  
====================================================================  
1. Summary:

An update for python-django-horizon is now available for Red Hat OpenStack  
Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Horizon is a Django application for providing Openstack UI components. It  
allows performing site administrator (viewing account resource usage,  
configuring users, accounts, quotas, flavors, etc.) and end user operations  
(start/stop/delete instances, create/restore snapshots, view instance VNC  
console, etc.)

Security Fix(es):

* Horizon session cookies are not flagged HttpOnly (CVE-2022-1655)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1931593 - [RHOSP13] Not able to attach floating IP from horizon  
2075681 - CVE-2022-1655 OpenStack: Horizon session cookies are not flagged HttpOnly  
2076482 - [RHOSP16.2.2] Resize from horizon fails  
2129483 - Unable to update port as member user from Horizon

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.src.rpm

noarch:  
openstack-dashboard-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm  
python3-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1655  
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpkNzjgjWX9erEAQjvGg/+Nw2oEteeFdLlCPQfeej4MMuugk2GsS7g  
5KzxLM38U1/bV0NniI12A3uYESDVIgmtLDK/7GPiPqgnLHbxlmEZ4WBW5QCCqJFd  
hnS0smQ3jGR4QVsaug6FWo2iIWA9vINKMi0htyu14bs6er5kWsYw4DLq1WMW22cl  
5Z6UC5OXRU0bv10UwTtASOoBrp3Q05rqxLLTOeJFocqIo1o+kv0mKkaOIzyuGSSo  
QdyQogCINszofdeaQOSO48jnx0+QlBDqwfpW4qdWtaWSAunx7q/Pubp/EZOxKP3+  
ylR2K5Q2TjuJvfelX9mXGys62cvCLuPhKKvLBWysS//RhFGBcjQN+Qnf3NYMnVxw  
PqZ/3ZQwnPChvzeGBol/V2AcVcl3eLH0JZ3XXne+rcmGqMAULeE75h8mkAf98hEi  
TEov2AMGKJNTwUCsF+PwuDgA18PZpl/5nn6nfMANqozIlzo8J1UAzb705MTiNarc  
TB7DD1gjty5zBQbIQUo+yc9vFCJhjEqO5UAOl21BvjOCQ9k7wWsc0TafhoB7+poj  
g/EtzuY2iLthHud8G/0RfmVlxBfDA1aRESpkQ5s7jGr3/URFx0v4EaYbcqUJ/xA2  
SsujK2YLPCkTycQDAzGTUvGxrwYRrCtyBRMgo1bF7z9VPvXZsVoCBAI1/2VUNVCb  
YQAJy6x+pKc=ARGz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8856-01

Red Hat Security Advisory 2022-8854-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.2.4 (Train) director for Red Hat Enterprise Linux (RHEL) 8.4.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (python-scciclient) security update  
Advisory ID:       RHSA-2022:8854-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8854  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-2996  
====================================================================  
1. Summary:

An update for python-scciclient is now available for Red Hat OpenStack  
Platform 16.2.4 (Train) director for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Python ServerView Common Command Interface (SCCI) Client Library

Security Fix(es):

* missing server certificate verification (CVE-2022-2996)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2115122 - CVE-2022-2996 python-scciclient: missing server certificate verification

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-scciclient-0.9.1-2.20220111031440.el8ost.src.rpm

noarch:  
python3-scciclient-0.9.1-2.20220111031440.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2996  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5Fph9zjgjWX9erEAQhGlg//XkIIDIkqxyEXLzoHxI9P0JXwR4WsRX/l  
ILNw8o2m8ZAdnDE9NOh7F7ub9fcggvNulL2Dnk4S52+SrWZ0kc+FcXeqagkVlo7N  
rMjI0N3mVGL87kivLv5Z48hdKdfVxfsLM4wAwa7VuxpOiVorLVE9udP7svSusA6l  
leasWQMXeUToqwMXhxkD7p5mTJj1MrvhdZ42c2XOSCJqJDHIC4ER+YdJXwS46uOM  
o/OViMFKPeKUfXV0rTO21Y1LGwDgJKEYWdOJ7mYRKateHkdSo4kLXYiXFG5zpP8C  
B8qTpFSaiM0gDvP031Av/rUHjyGN7GFSG3Zt4BlJnia8l4omIH9eaYK9GsMfy8wz  
nFPnOR9r3WiodOo9EezB3T1gc6x/lk8w6SSY4xAOKX5NT7hfVxRgI+kVafD1PTAt  
RCb35fwOgDPVK7lrh1t+AXzKs6R/oTOu79bvOo8TQM3zq78+nQoSXA5oTRgUGe9/  
dl3DI3H843XADCRbRnPHnxKmjvGhfPDuroTXCTcl0egkVWTgf6euoPfL4WUGI67/  
03I1gE9O5JiInE61RnDUH3KIISWpfooAJyRmllGBe7S5GWpUA3gIDULDfT97eOjQ  
MfJ6X3AaPuelA55iH02NSHHiSjdTmSoOOzBtyNUufeOLKZQXyNf8bk+wFDNaTajp  
gT2hSzWqipw¤PZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8854-01

Red Hat Security Advisory 2022-8872-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include cross site scripting, denial of service, remote shell upload, and remote SQL injection vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.1.9 (python-django20) security update  
Advisory ID:       RHSA-2022:8872-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8872  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-22818 CVE-2022-23833 CVE-2022-28346  
====================================================================  
1. Summary:

An update for python-django20 is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Security Fix(es):

* SQL injection in QuerySet.annotate() aggregate() and extra()  
(CVE-2022-28346)

* Possible XSS via '{% debug %}' template tag (CVE-2022-22818)

* Denial of service possibility in file uploads (CVE-2022-23833)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag  
2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads  
2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-django20-2.0.13-18.el8ost.src.rpm

noarch:  
python-django20-bash-completion-2.0.13-18.el8ost.noarch.rpm  
python3-django20-2.0.13-18.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-22818  
https://access.redhat.com/security/cve/CVE-2022-23833  
https://access.redhat.com/security/cve/CVE-2022-28346  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5Fpk9zjgjWX9erEAQiGEQ//W5dm128ZvVJ8uqpW5bKiVfGFsHvUIJQx  
xOECFG1058hibEqYVyBaiMNPNrKGPbJy+qWfcOemTai4w+3YUYi8sbcajoT+Qwkd  
4eLPtGDMvjhd1UuEWcbQO+byXnMXhrJhPB59QXPHrU87+juIn52KyDT2/N16eVsM  
+Dkm8W9HvQHFqDE73D7gcEBZVmICCfgjy/Do0DgsCsCXbWg2HiJKGrzwXUc3Wwr3  
6dIfrY+oyGBpmH/3mVHaiW8GLxVHFEfXZ2Vr8o7QcG0ohjWacUGlP8CHd2CuEtK/  
1zHwWxcMHMNUtfNGiblI5iEEQIvXXzY0cXsjUxruSXAKpvUHczZt40Yv5ssOpAvl  
bBnsmDcpaJAdq62Fhm49TCnoCshgV0M2IuLbLiJfuY0Z9MxeQWc9ycXXNLplyAWC  
20MmJVgQrMwhw73dil2l+ZnB73tiV/E3yjzU/JgMXzaHFRyxJL6Ughjx3AdCuWpi  
D2lw0297aziBBXMsndAAd5a1A+UjPFDZnB5ryjDouJKwIe3hnCtmFUjZOHkuWotJ  
1b6b+4JiXC56+Vp++7WK53dEDIyT0/JeFAT/BzIEwjA91WKD89LgKqnPJwiDz7x9  
79lQxzkUuaEo5NqinETte5M8FGpHU6balmdlEjzbd1S2EEumGjCC6wXySTg76tyt  
yfYYQfdjUJM=rRS/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8872-01

Red Hat Security Advisory 2022-8863-01 - Paramiko is a module for python 2.3 or greater that implements the SSH2 protocol for secure connections to remote machines. Unlike SSL, the SSH2 protocol does not require heirarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-paramiko) security update  
Advisory ID:       RHSA-2022:8863-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8863  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-24302  
====================================================================  
1. Summary:

An update for python-paramiko is now available for Red Hat OpenStack  
Platform 16.1.9 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Paramiko (a combination of the esperanto words for paranoid and friend) is  
a module for python 2.3 or greater that implements the SSH2 protocol for  
secure (encrypted and authenticated) connections to remote machines. Unlike  
SSL (aka TLS), the SSH2 protocol does not require heirarchical certificates  
signed by a powerful central authority. You may know SSH2 as the protocol  
that replaced telnet and rsh for secure access to remote shells, but the  
protocol also includes the ability to open arbitrary channels to remote  
services across an encrypted tunnel. (This is how sftp works, for example.)

Security Fix(es):

* Race condition in the write_private_key_file function (CVE-2022-24302)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2065665 - CVE-2022-24302 python-paramiko: Race condition in the write_private_key_file function

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-paramiko-2.4.2-8.el8ost.src.rpm

noarch:  
python3-paramiko-2.4.2-8.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-paramiko-2.4.2-8.el8ost.src.rpm

noarch:  
python3-paramiko-2.4.2-8.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-24302  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpftzjgjWX9erEAQiHhQ//XuOXXXKgCySGggwaggpRjXDncNeCSxhC  
TtNm9CWPtR/KRupNDCJ4Mr4Z8RU4sUgiimCno2k6tzGmKSeQF8uVC7QaKsT6dLD0  
2uk+IhpgTJp+FnOfWfxiHCr5lN5Qus1sQ7XSYyONBomJdJI3y3+92N/wKaw0/dxk  
6HtYbYADTxOfXt6M4iA6QZmOIW4v6odsAMbjxELgRK5L3le6qWu3l6qQHBVfJ2LA  
VpsCI/RgvSD8+VGBU+dEUIDRGAT+sFiF2lr4eeJuzGAyf9u1FQX8tcd0pfpmzFE8  
SvpgqRh1avsZKqRQz3J+7IOXUldi4ZM9SSghbDBpt3MsaoLEPTTEW5MPpblYJiIV  
B8cJrUZQTWv20NVlyVCQCNaNXsYK7OxuQF1w4xB7ao2Pry7uTxEXnsbaxieBU14O  
En9a+TFlLOzZISVZBB9c2YKL/qVGe56vNxPwIXALNc924A+jGLPzJVvtri9Ca8n3  
U9fQbQsqzMp+LynRE7vz7Vkq8AXLP8by3tBxKCODogdXuG2SIi3Ppc4cmxo1QUM5  
J/qOd3auCobwdDoztVFd8D7lKp6r4dO8R98J0pfJp9yJWCe64OVRh1WEPNIEB/dd  
cscu/dRYUhUruegGapUDRkOFz5W3xNw23sX9FFnkDaz4a7B3RV6k5bNXDi5+pyWK  
a0neN/dtaIE4L  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8863-01

Red Hat Security Advisory 2022-8861-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (numpy) security update  
Advisory ID:       RHSA-2022:8861-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8861  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-41495  
====================================================================  
1. Summary:

An update for numpy is now available for Red Hat OpenStack Platform 16.1.9  
(Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

A fast multidimensional array facility for Python

Security Fix(es):

* NULL pointer dereference in numpy.sort in the PyArray_DescrNew() due  
to missing return-value validation (CVE-2021-41495)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2035037 - CVE-2021-41495 numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.1:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.1:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41495  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpXdzjgjWX9erEAQjuAw/+J98PzX9ebz5l8WTTGG3bmYmCqjOSjyoz  
i0HhluPaACP2yC7ZlP8KHE9r/CHkkpwmbd4X4vXfROglNTT1PW7Pn2n5Cbl++XFJ  
hYstYrnUR6+xOyM/g+IaXbR1MRE6Zc3SHRI0Z0iEGFA1tPsZ2SM1PhAO5bFAr3iP  
JNubTl0Qi20oB9xRICU9HJl54O4RoV4MtqBUbsXGJ1b6ikOEZ1M3QrSuXiij5T6S  
oeb+1yUo8BIpByY11rBHucWtq7NuLSqW45DMKkAIBIaWbnq4a/4RtgHDl4EfmqNe  
fZioM3IU/SS866iv//+Aunt0XjihO+nX3F9kwC9vYoVfQAO0yRJHT7ng4GVzICrU  
uQEFbMPBznLG7UG9R80jXYy0gP44IEOiz0980A3Khg/4MzSOXDleAF3CqL29RUv0  
uQElZrf4waixRHRVns7m83vWXULEoYKegYNertukErUFlbjYCHNXbsvdRjMBDIwn  
OGNzFiUspgQgDIDIesFGHHtGqbC0S+ZhXLIjJT3xoL3Hb2xv0sW0vZyF6IrjP0UL  
oauNs+YFaNoiQ7ZMvyKBOKd31lN6x1kNh8gKv2/qzZX/xjfl8N7ZNv0Fvutnt02Z  
oNFrTMb1z7FFZkglHojw9LOysneVs6MVaf1QXaMXG+1yGtNamKMEFTE1YzU0/iBV  
mueR1vvOOPE=DHF9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8861-01

Red Hat Security Advisory 2022-8868-01 - An update for python-scciclient is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-scciclient) security update  
Advisory ID:       RHSA-2022:8868-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8868  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-2996  
====================================================================  
1. Summary:

An update for python-scciclient is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Python ServerView Common Command Interface (SCCI) Client Library

Security Fix(es):

* missing server certificate verification (CVE-2022-2996)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2115122 - CVE-2022-2996 python-scciclient: missing server certificate verification

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-scciclient-0.9.1-2.20220111031440.el8ost.src.rpm

noarch:  
python3-scciclient-0.9.1-2.20220111031440.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2996  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpitzjgjWX9erEAQg5jg/8D4qNN5r/dFyD7uVkqSPMjhzcpu+vzwBA  
uqZQszzp53W33zxyCzr/jEhrT7GfHmveVmsphbIenoH8B9LYMi0T9bgUGO6MTn2G  
iUsCMyjnNE8+sjqTkvgL/JysmJ1RiXdPxTQ27JdascEPUpVCXgqHq5v5rV5HcMzh  
ASosm2/qX/FKNOVzGP59eMHvNISL83ehGzbo8BluFTO4dI99poUPhD7E4HdUgC3d  
+E3z8VdVq7qi/g5DMXyPxJELNbeklLSEckt/ONclQlfWlTEFCR1AMIePe4cuoGu9  
44tDkvLadBULYWNoeKZlxpmQHpmt7Au4lnnUbcjWQiF2Bfup7joTptGWH4eMfl/Z  
WJD4e/PFHaq9dQ1x0ZktBJnPVF4riVtEIjb+OR9lkaufrkPJXFpSL+fNkrRozump  
F1ibg4QhU/7nNWED2HHnAWqjFGvt9lTcHWt2My0WeA1TRQjEFP5BUoffxbuW0fZp  
YAbBdVHiijqeA95USLXP32CGPdxqYTaLxgtLJCutWnAeAKyUsBYP37jNOpv173EH  
gpdIlvNMD3ggQSUD//vQ3NWOh/v0VMYeacNAq60ILcZbGpt/ofo/ct/1kLXknxWj  
QrNgZxPNIF6QaiMlWudFXPdYR9pDolYxJ/BT7q/SyMNITF/Tx/9HpCdtcR09NlsM  
HqylqtyT8do=yM+S  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8868-01

Red Hat Security Advisory 2022-8870-01 - An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (openstack-neutron) security update  
Advisory ID:       RHSA-2022:8870-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8870  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-3277  
====================================================================  
1. Summary:

An update for openstack-neutron is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

OpenStack Networking (neutron) is a virtual network service for OpenStack.  
Just as OpenStack Compute (nova) provides an API to dynamically request and  
configure virtual servers, OpenStack Networking provides an API to  
dynamically request and configure virtual networks. These networks connect  
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute  
VMs).  The OpenStack Networking API supports extensions to provide advanced  
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Security Fix(es):

* unrestricted creation of security groups (CVE-2022-3277)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2015531 - Nova evacuate fails due to timeout waiting for a network-vif-plugged event for instance  
2023242 - MAC address validation passes on invalid MAC addresses (dropped hex digits) [osp-16.1]  
2024692 - [RFE][OVS] QoS policies implementation with HW offload when OVS metering is not offloaded (max BW, egress)  
2035302 - Concurrent bulk requests make neutron-server use 100% CPU on all the workers  
2041346 - [RHOSP 16.1] set the log priority to log.info in "ensure_device_is_ready" function in ip_lib.py  
2055294 - Allow RBAC on Neutron quotas  
2070629 - Since implementation of uplink_status_propagation, default behavior changed for VF link propagation from auto to disabled  
2077016 - [OSP16.1] HA L3 router/keepalived stability issues (ML2/OVS)  
2078266 - [RCA][OSP16.1] Neutron HA qrouter namespace disappeared and router in inconsistent state in DB  
2129193 - CVE-2022-3277 openstack-neutron: unrestricted creation of security groups  
2129712 - [PerfCI][OVS][16.1] create_and_list_networks scenario fails SLA since puddle  RHOS-16.1-RHEL-8-20220804.n.1

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
openstack-neutron-15.2.1-1.20221005123225.40d217c.el8ost.src.rpm

noarch:  
openstack-neutron-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-common-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-linuxbridge-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-macvtap-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-metering-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-ml2-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-openvswitch-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-rpc-server-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-sriov-nic-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
python3-neutron-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3277  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpjdzjgjWX9erEAQjl4A//RH87p4PcUa3+8Ssgyi5t7G4fA/a+8bEt  
9ku3jhhSLao7fsgPYX9Ab8v+OjmuX6yYPb3APV4GhG84mMvoqNgQZahFT1mprIIj  
re453zVNVhLCLhS8GMW/Ve4IPBFK6IByLi1SsPMFuQNP/1wCPyxeulbgDbQjrHP2  
dgniOR6dZ9e1jXAdv3wngGZreVfy9g9V6K2gy2SykV2cQ2H7b9VbkeSlymB399Bi  
hNoVRoippZiMerDMJ5Cy28qHqtr94tHC0vrATGgy/Y9QmlQDyxaSFT4PRGWZ9t/b  
07z8nqoqO5J+RMEG2D39RzgEoWkHrqPuN5XHPGtTV9/pZSTIuBz7cY48vNRXjtqL  
41jRA6zQSKsG+YTaWNVdjsTY3Qov+DFlH2E4VlkvUOJn6TK9/s8Ivpygbf2gXrpe  
qTNBNC4pBY32pIWuOxEfvEYlacmF75Jzd0WvvbAEp8FlaxzLkc/f738HMPZHjpEQ  
48XgizmDJ7mQblmaQj6F6Bhb3aR2yDwkuCZ8lsLSUO/wifXynZ9HSZGglyVbj47m  
GphysvBLy69AlTHCUAuqlITLn9Eaa/EyLk7F78nbInbzGY6f8zVklUfT5ykwJv08  
7O7OC63X5jL/Wbvhhe9DxX4/gU9zrGOAnfu22pRv6/CsBarcotUhkctUZLsMmgQV  
vCjurW8QquE=CZ0M  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8870-01

Red Hat Security Advisory 2022-8869-01 - An update for puppet-firewall is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (puppet-firewall) security update  
Advisory ID:       RHSA-2022:8869-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8869  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-0675  
====================================================================  
1. Summary:

An update for puppet-firewall is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Manages Firewalls such as iptables

Security Fix(es):

* unmanaged rules could leave system in an unsafe state via duplicate  
comment (CVE-2022-0675)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2071567 - CVE-2022-0675 puppetlabs-firewall: unmanaged rules could leave system in an unsafe state via duplicate comment

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
puppet-firewall-3.4.0-1.94f707cgit.el8ost.src.rpm

noarch:  
puppet-firewall-3.4.0-1.94f707cgit.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
puppet-firewall-3.4.0-1.94f707cgit.el8ost.src.rpm

noarch:  
puppet-firewall-3.4.0-1.94f707cgit.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0675  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5Fpe9zjgjWX9erEAQjRRQ/8CTKAPC5oms2EjLy70lg8+qHLwJ52k0Ef  
iJJV0LiorSaSHQB0T5H/ushaCoKPUsI1flxogr+wpZpWuq3ZGh1F6I8myy3puwYt  
ayG/O1wnz/oOgm0td/eh1KJynwN4Fy5QFuFP76FZepS6Wrb05i1hmzd3PCEYvP6W  
NrOPVC6zHpnIOMIjy7d+CO7mRirud+PYNtXmVr4DemVMvLSZYYlBL8xbJw0XPd6/  
5IapWFftZE6P/XM6uiEbwIVZQPNeKKsO26wWkwm78offaG5+0cEFzlCNTnVcou2L  
BCCAJ17K5g70ogyTAZLVbA47vu3mBKVb0/S0C6mOtEqSi6R0U5LLvkTRfY3zSYEN  
CACEoe2EWrjTMWZrEAv0Fy4+Beds3CMWWJjflGRN/lvZ89UQExdnTQlVBnMQiYY5  
ObuNLXDZCf55xjEv2sVeyEz3HVX+fQGf5t1InfUUKr6aA3/IYtpC3bc8IB6i3/OQ  
mslaqfhWDLuI/w7GxdjD1Afb8RzB6+pV2wJTFHCPhcV+ExGm8BjM5sT+k2sik2HR  
7DevlIBZMu+R11ONLs6aBeMJKMzthtjMjxnkC/X2hMJPyPxjUBVx7rIHx9zkKLU6  
QwGmSR4jbMrvT0sz0oynS9OAudqyERvz4XnZMavGECHX7iKavgZtLO95gYJOrLXZ  
kmX/I2Yqg1o=9zYR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm