Issued:: 2017-06-28
Updated:: 2017-06-28

RHSA-2017:1584 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-mistral security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-mistral is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Workflow (mistral) groups multiple OpenStack tasks into workflows. Red Hat OpenStack Platform uses these workflows to perform common functions, including bare-metal node control, validations, plan management, and overcloud deployment.

The following packages have been upgraded to a later upstream version: openstack-mistral (3.0.2). (BZ#1452643)

Security Fix(es):

An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. (CVE-2017-2622)

Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1420992 - CVE-2017-2622 openstack-mistral: /var/log/mistral/ is world readable
BZ - 1452643 - Rebase openstack-mistral to ece050

CVEs

CVE-2017-2622

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-mistral-3.0.2-11.el7ost.src.rpm	SHA-256: e0d7091c114249c677b4f4cbb84c3abf1568c6168219061695e07e5626083809
x86_64
openstack-mistral-all-3.0.2-11.el7ost.noarch.rpm	SHA-256: 828586582e940ab8927c08947337e7f995f965aebd479c6421945fb581e61db7
openstack-mistral-api-3.0.2-11.el7ost.noarch.rpm	SHA-256: fbaad3050ffec66723f92b1a67bd772e70f3789348ee7471d89bc4dfee6f2ee1
openstack-mistral-common-3.0.2-11.el7ost.noarch.rpm	SHA-256: 88c36aa8ee39fadeecff2dce74f96dd0bb02613bc53b611846784532f770d816
openstack-mistral-engine-3.0.2-11.el7ost.noarch.rpm	SHA-256: 41e5b3d359f96aa0542b5b2371e57718e9e38617393f4572ee7fd4c2dc9c243a
openstack-mistral-executor-3.0.2-11.el7ost.noarch.rpm	SHA-256: 5fbe2878102ad9f085cb7bb8f3176d449c81f6fcf6728bd7a53ac44ebd5d9af8
python-mistral-tests-3.0.2-11.el7ost.noarch.rpm	SHA-256: 23dd3c749dc127beb4c6a35fe09ddf73d8790e1bf51514ae995eee8e6c548d02
python-openstack-mistral-3.0.2-11.el7ost.noarch.rpm	SHA-256: ed6a2468b0e9aea81952ec47dd44a02ead01e37aa1500b53693130f3df73842a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation