Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: openstack-tripleo-common security and bug fix update

Related Vulnerabilities: CVE-2019-3895   CVE-2019-3895   CVE-2019-3895  

Source

Synopsis

Moderate: openstack-tripleo-common security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 13.0 (Queens).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI (codename tripleo).

Security Fix(es):

  • openstack-tripleo-common: Allows running new amphorae based on arbitrary images (CVE-2019-3895)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Introspection of baremetal nodes fail with 'No hypervisor matching' problem when node name used instead of uuid (BZ#1677016)
  • config-download backports from RHOSP 14 to RHOSP 13 (openstack-tripleo-common) (BZ#1688461)
  • RHOSP-13 Connection reset by peer: libvirtError: operation failed: Failed to connect to remote libvirt URI # Live Migration failure: operation failed: Failed to connect to remote libvirt URI (BZ#1712410)
  • There are two new CLI arguments you can use with `config-download`:
  • Monitor the deployment in a separate CLI session or with the API with `openstack overcloud status`.
  • Log and save Ansible errors for future analysis with `openstack overcloud failures`. (BZ#1688461)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 13 x86_64
  • Red Hat OpenStack for IBM Power 13 ppc64le

Fixes

  • BZ - 1677016 - Introspection of baremetal nodes fail with 'No hypervisor matching' problem when node name used instead of uuid
  • BZ - 1688461 - config-download backports from RHOSP 14 to RHOSP 13 (openstack-tripleo-common)
  • BZ - 1694608 - CVE-2019-3895 openstack-tripleo-common: Allows running new amphorae based on arbitrary images
  • BZ - 1717060 - Rebase openstack-tripleo-common to c42c360
  • BZ - 1722738 - OSP12 to 13 upgrade - fail to upgrade controllers.

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started