Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2783 Moderate: Red Hat Enterprise Linux OpenStack Platform security update 19 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat Enterprise Linux OpenStack Platform Publisher: Red Hat Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-14635 CVE-2018-14620 CVE-2018-10915 Reference: ESB-2018.2768 ESB-2018.2312 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2721 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise Linux OpenStack Platform security update Advisory ID: RHSA-2018:2721-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:2721 Issue date: 2018-09-17 CVE Names: CVE-2018-10915 CVE-2018-14620 CVE-2018-14635 ===================================================================== 1. Summary: An update is now available for Red Hat OpenStack Platform 13.0 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. Security Fix(es): * openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build (CVE-2018-14620) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The Red Hat OpenStack Platform container images have been updated to address security advisory/ies: RHSA-2018:2557, RHSA-2018:2710. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Bugs fixed (https://bugzilla.redhat.com/): 1624062 - Rebase openstack-containers to latest - OSP13 1626953 - CVE-2018-14620 openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build 5. References: https://access.redhat.com/security/cve/CVE-2018-10915 https://access.redhat.com/security/cve/CVE-2018-14620 https://access.redhat.com/security/cve/CVE-2018-14635 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6DthNzjgjWX9erEAQjhfRAAhU8VRPcNX3l5izeqfU6SBSQW407TTzjg 2i4jQRIGd4XahUqJMeVNsantcMQyrsiCpvYnicI4Sv/MwpbIwiu9S9RE1tk6xZN8 Cci4oyk6ZF/IsfSD3ChckIrXfeeQgFPimjEWN6LSUWhVRNeCR4zmXLpT+/ibys0w fNvEpqDW7er5RfDsOfuYQWcj3eMfhVFR+clD3/DDheznNZXRga4owfrHbiRPC1zu Zz6Q45pncw/uYmPC3wSnwScX58/u6g0/I7rfg06LcXe8fwf8XCYa0mlw1kmePtaq 2X7wrYYTraTqBr/QJaxHipkami9ACnUNWRspT/hLDaSMwPfFG8fcAG+gBWHRJXUA H0Dl0h7RqbGxH+e4DghrQLCT62D77uAla/ZTZvpaq9EVLKdKRJqahjEqW1qOSVl8 +4/+t1xMi1VaQeRFxQ6gRsHFJ162aGg/C8kkvdvxSgONJ6pdBsDHETXj6RL3S24K 99yOkYXAL2Axlt0c/n5gs3xOHihC+EbgqZIoGMz6jiCrl2NxNdB9xqFacTWixYvY 3PAUcVACgGUouU/XWALekJG0w3W9PP2SyGDpfIGPff5z5ecPTJ/PKeg2x3RGkIl6 Cjb0esTd901N7wQe7BuasGCACh+2ekNHqmItFufLK2YfyFOL7LAHGJmU/VmvqmZU CQBdyQqEcDQ= =B5fa - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6HLLmaOgq3Tt24GAQgeshAAuwgo5jXuX0c8p5JFKReePQHYwSZxBS/a RxsCFR6S5FotjqOQSnkkRWXx2btrLcfgKBOZZzTcp9jkF0Jnd1LUBHIl9qOaknTm rCgUTBYqvLusI/ErHsaReTRHE+xModTYbJyIdc3P0v0+zyjKqeH/KZPSJ5oLZY1c HE/K3j82yf2lDLR36RcK6zNyacytCn0dSSAknQyUSnDzHFBOtOAvctGZVDN5lIbC rZeQCAiUirh+ynHCHP9qpB1D+o/BxUzr5/rHtgWNDwqKrC77lvE39tL2P8T3YM3Q vFHLdWoL+slA6jZsireUW0Dad7KjVXencw8M5FsAvSzkt8tvRiqisTVwj0jtyaz/ G+3bhDiSGWSLGsBn9JIjoonBcacbz6qnHwNxBJe2HGbfQ1T+nm5RiFXEbUBcFJVI WQWEVYaEtxNtzvcRpJJJztjguvaBfWVlKV7oQLdM9Ej6O5/rnUjbdzt6MIA21zCw tm6egdIC5tTDw6TThEfILCrDhgfcW/IKNBpb+H42jKXdNV4xPVjz/oxTCzPR8e3O B4luUyRxTTNwEzyXQpEFRpZSXYvduNlIpORI87OcxyS3qMemKnCfc/u63EQa4FRj Fra6uvvGb+lOLCNXapoLQYSGzCvJHdR+PXSikKU73aNcys2Lif/78Nj2yvfpEZkX n+g3e3m/M14= =4GSn -----END PGP SIGNATURE-----