RHSA-2016:1222 - Security Advisory
Important: rhosp-director-images security and bug fix update
Security Advisory: Important
Updated deployment images are now available for Red Hat OpenStack Platform 8.0 (Liberty) director.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
- An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default. (CVE-2016-4474)
Red Hat would like to thank David Patterson (Dell) for reporting this
For details on how to apply this update, which includes the changes described in this advisory, refer to:
- Red Hat OpenStack 8 x86_64
- BZ - 1342412 - CVE-2016-4474 overcloud-full: Default root password set
Red Hat OpenStack 8