5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.964 High
EPSS
Percentile
99.6%
Red Hat OpenStack Platform director provides the facilities for deploying
and monitoring a private or public infrastructure-as-a-service (IaaS) cloud
based on Red Hat OpenStack Platform.
Security Fix(es):
To exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. (CVE-2017-12155)
This issue was discovered by Katuya Kawakami (NEC).
This update also includes the following bug fixes and enhancements:
Prior to this update, when removing the ceph-osd RPM from overcloud nodes that do not require the package, the corresponding Ceph OSD product key was not removed. Consequently, the subscription-manager would incorrectly report that the Ceph OSD product was still installed.
With this update, the script that handles removal of the ceph-osd RPM now also removes the Ceph OSD product key. Note: The script that removes the RPM and product key executes only during the overcloud update procedure; the product key is removed only when the overcloud node is updated.
As a result, after removing the ceph-osd RPM, the subscription-manager no longer reports the Ceph OSD product is installed. (BZ#1571436)
Previously, there were errors in the director Heat template that configures the VMAX Cinder backend driver. Consequently, the VMAX driver would not function correctly. With this update, the errors have been corrected, and the VMAX driver functions correctly. (BZ#1546799)
This enhancement adds director support for deploying the Dell EMC VMAX cinder backend. (BZ#1546793)
In this enhancement, if a minor update is blocked by an existing yum process that prevents the package update, the process should exit with an appropriate error message. This was added because the minor update may appear to freeze, due to yum waiting for the existing yum.pid to exit; when it eventually fails it is not immediately clear why. As a result, if there is an existing yum process preventing the package update, then the minor update fails with a clear message to indicate this: “ERROR existing yum.pid detected - can’t continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting”. (BZ#1471721)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openstack-tripleo-heat-templates | < 6.2.12-2.el7ost | openstack-tripleo-heat-templates-6.2.12-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | puppet-tripleo | < 6.5.10-3.el7ost | puppet-tripleo-6.5.10-3.el7ost.noarch.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.964 High
EPSS
Percentile
99.6%