- Issued:
- 2016-06-13
- Updated:
- 2016-06-13
RHSA-2016:1222 - Security Advisory
Synopsis
Important: rhosp-director-images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Updated deployment images are now available for Red Hat OpenStack Platform 8.0 (Liberty) director.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
Security Fix(es):
- An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default. (CVE-2016-4474)
Red Hat would like to thank David Patterson (Dell) for reporting this
issue.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat OpenStack 8 x86_64
Fixes
- BZ - 1342412 - CVE-2016-4474 overcloud-full: Default root password set
CVEs
Red Hat OpenStack 8
| SRPM | |
|---|---|
| rhosp-director-images-8.0-20160603.2.el7ost.src.rpm | SHA-256: 05665d3f362b064524d359984342f222b6b4c245ffbe78a18e5487d89a86c561 |
| x86_64 | |
| rhosp-director-images-8.0-20160603.2.el7ost.noarch.rpm | SHA-256: d1c3b961a5588939918e827fad85aba22f4b4c45a8220f998919588a3043c6c9 |
| rhosp-director-images-ipa-8.0-20160603.2.el7ost.noarch.rpm | SHA-256: e29e164173e697938e563d68f57c2d5a9c783d0fc84c6895f2f602cd958925d6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.