Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat OpenStack Platform 13.0 (instack-undercloud) security update
Advisory ID: RHSA-2022:8897-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2022:8897
Issue date: 2022-12-08
CVE Names: CVE-2022-3596
====================================================================
1. Summary:
An update for instack-undercloud is now available for Red Hat OpenStack
Platform 13 (Queens).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 13.0 – ELS – noarch
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server – noarch
3. Description:
Installation tools to install an undercloud via instack
Security Fix(es):
* instack-undercloud: rsync leaks information to undercloud (CVE-2022-3596)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2136596 – CVE-2022-3596 instack-undercloud: rsync leaks information to undercloud
6. Package List:
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
Source:
instack-undercloud-8.4.9-13.el7ost.src.rpm
noarch:
instack-undercloud-8.4.9-13.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0 – ELS:
Source:
instack-undercloud-8.4.9-13.el7ost.src.rpm
noarch:
instack-undercloud-8.4.9-13.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-3596
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIVAwUBY5ISGNzjgjWX9erEAQgJ/g//a152/V/cAQFCJuriVCOfT6hbz98Whjm9
zfBd2GiP1qafrvQD2r1roV+0acT+JUJE+Mvn5qKGD042qO0hkeCglbnYSSEB7/mz
GwLpp0VMdBHXhadIsOsXiFAD0Isaqa09Bgj8V1DHk9xHcglZn+UjO8Fl2uJB7US2
BFicLdX9TqU9csvz6p4plohw8LjcVfPQJlACcgoYQPNCnacavZXXuBgvAs1f1CUV
XgqEY+QMgBFKQ4KywPEoHXqf7frjyz+Lvww1UY//GZqNwmH8btWkdRZFjv6DuIWL
g93esk9eIa8Lh7JZWGj+P86iA75n+Z0ipHlbRloLANZD8hyNqq7mVQpHR8+wPcGf
Xnf95t2WDxVZB5EYl2cFQC1cdV4piHICWu+HkufJAk96Xjb+5VIPHN+kgattTk6+
Ag66l0rSq2O6OmExjZRT43r2d8c/LytaPht6bJ++m0XQoDgPgwNJpDKt93Xc+2Qb
Pa4KDHcti6em1V+iCha/AhD8e2sF01JBYwfhsLfy6u5X3piLevvSNXl+WBjdX3gY
RwJfJymlSBist3jcchwx4bAm2KI4yLhSPyHUNb6f0cvowNYXI310pEWbqGckFm3A
femaHmxn0MFropLVpjBb6472xzNJkbqinrSNonUm+kIs6qR3BqSRoQUdwb1n1QTO
ropRGjIs1FsPV
—–END PGP SIGNATURE—–
—
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce