- 発行日:
- 2018-02-13
- 更新日:
- 2018-02-13
RHSA-2018:0315 - Security Advisory
概要
Moderate: openstack-aodh security update
タイプ/重大度
Security Advisory: Moderate
Red Hat Lightspeed パッチ分析
このアドバイザリーの影響を受けるシステムを特定し、修正します。
トピック
An update for openstack-aodh is now available for Red Hat OpenStack Platform 11.0 (Ocata).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry (ceilometer) or Time-Series-Database-as-a-Service (gnocchi).
openstack-aodh has been rebased to the upstream 4.0.2-3 version.
Security Fix(es):
- A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person's trust ID and obtain a keystone token containing the delegated authority of that user. (CVE-2017-12440)
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Zane Bitter (Red Hat) as the original reporter.
解決策
For details on how to apply this update, which includes the changes described in this advisory, refer to:
影響を受ける製品
- Red Hat OpenStack 11 x86_64
修正
- BZ - 1478834 - CVE-2017-12440 openstack-aodh: Aodh can be used to launder Keystone trusts
- BZ - 1511108 - Rebase openstack-aodh to 221a74e
- BZ - 1531873 - Rebase openstack-aodh to c77c0aa
CVE
Red Hat OpenStack 11
| SRPM | |
|---|---|
| openstack-aodh-4.0.2-3.el7ost.src.rpm | SHA-256: 398069debbf83c44f65f471f360592831bd1a4714ad1b4e8fab2a189736e9464 |
| x86_64 | |
| openstack-aodh-api-4.0.2-3.el7ost.noarch.rpm | SHA-256: d5fad92a73d200bb99f1e60e3777a8ce4c8d23dc94a1c65b5d02b2bc5644a33c |
| openstack-aodh-common-4.0.2-3.el7ost.noarch.rpm | SHA-256: 27de9be0233a2328eb3d6bc0d52e7ac7bd40299b0bf4bb034b1bef4b5857420f |
| openstack-aodh-compat-4.0.2-3.el7ost.noarch.rpm | SHA-256: 2407a306594721612f9527ce61e40af3c1f5bb91fedf0e6f9ae619a283b65ff8 |
| openstack-aodh-evaluator-4.0.2-3.el7ost.noarch.rpm | SHA-256: 2f4af852211e599c5c690e25d7d0a3bb3c000218f58b18f3bd6bf72a090c28ee |
| openstack-aodh-expirer-4.0.2-3.el7ost.noarch.rpm | SHA-256: d0875e3518a0df4342f805f5c02040d19022fb437f2ce2eb5d6b72cf60607f57 |
| openstack-aodh-listener-4.0.2-3.el7ost.noarch.rpm | SHA-256: 21f4ed1c294288b5dcc1a293805cbb7e2aabda47259debfa2918fab5a99e29a6 |
| openstack-aodh-notifier-4.0.2-3.el7ost.noarch.rpm | SHA-256: 607cce5cd8ca3b526c3c5d8126f1d4704693056fc3ecaf450ec76539b1704629 |
| python-aodh-4.0.2-3.el7ost.noarch.rpm | SHA-256: 22a7a2bd452c7e40ec91fe7566c4698e239407581be1ffabf186b0974d48d91c |
| python-aodh-tests-4.0.2-3.el7ost.noarch.rpm | SHA-256: 4638c2c151917b1a4a5eb139b42df0cc8bd372283138099c2e3843df55b45aa5 |
Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。