Issued:: 2019-03-14
Updated:: 2019-03-14

RHSA-2019:0566 - Security Advisory

Overview
Updated Packages

Synopsis

Low: openstack-ceilometer security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 13.0 (Queens).

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Telemetry (ceilometer) collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for data collection. This data is stored in a database and presented via the REST API. In addition, Telemetry's extensible design means it can be optionally extended to gather customized data sets.

Security Fix(es):

openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files (CVE-2019-3830)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 13 ppc64le
Red Hat OpenStack 13 x86_64

Fixes

BZ - 1659044 - Undercloud installation fails with --skip-metering-database when telemetry is enabled
BZ - 1669296 - Rebase openstack-ceilometer to 8944142
BZ - 1671037 - ceilometer writing snmp credentials to log file
BZ - 1677389 - CVE-2019-3830 openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files

CVEs

CVE-2019-3830

References

https://access.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 13

SRPM
openstack-ceilometer-10.0.1-6.el7ost.src.rpm	SHA-256: 5a40000ef03fa3bad15c363b54017c8b739bc6fa4142d3c6e11604a5e9b7ab75
ppc64le
openstack-ceilometer-central-10.0.1-6.el7ost.noarch.rpm	SHA-256: 88f34f14a34d44e49c769970619c1377a5996f37f79cd578ecc59bd4df43047f
openstack-ceilometer-common-10.0.1-6.el7ost.noarch.rpm	SHA-256: b4b748da00f1f1896afe0310eaaeb9859adc12d1224cc3e3d74041fd030db574
openstack-ceilometer-compute-10.0.1-6.el7ost.noarch.rpm	SHA-256: 5a89c9010ea149d8b2b63020200d54853aea43f75aad6141409816c679334b34
openstack-ceilometer-ipmi-10.0.1-6.el7ost.noarch.rpm	SHA-256: 35803a02fe60bf413d49b91d23093d7c0b3e8891092fce0dd68097528e3ec81a
openstack-ceilometer-notification-10.0.1-6.el7ost.noarch.rpm	SHA-256: a505358bbd9d64aaec0f6e609e4e73ed16ded02d2687a466fbb0dbfa7cb66b0f
openstack-ceilometer-polling-10.0.1-6.el7ost.noarch.rpm	SHA-256: 64802b15b1da1a099e02f225c2ab0bcf0d58a62f11c750a964c991aa37040734
python-ceilometer-10.0.1-6.el7ost.noarch.rpm	SHA-256: e22474bc341bac56b37c82ca01c3001af61d7d9d6c8a6a4038613f1702bff02a

Red Hat OpenStack 13

SRPM
openstack-ceilometer-10.0.1-6.el7ost.src.rpm	SHA-256: 5a40000ef03fa3bad15c363b54017c8b739bc6fa4142d3c6e11604a5e9b7ab75
x86_64
openstack-ceilometer-central-10.0.1-6.el7ost.noarch.rpm	SHA-256: 88f34f14a34d44e49c769970619c1377a5996f37f79cd578ecc59bd4df43047f
openstack-ceilometer-common-10.0.1-6.el7ost.noarch.rpm	SHA-256: b4b748da00f1f1896afe0310eaaeb9859adc12d1224cc3e3d74041fd030db574
openstack-ceilometer-compute-10.0.1-6.el7ost.noarch.rpm	SHA-256: 5a89c9010ea149d8b2b63020200d54853aea43f75aad6141409816c679334b34
openstack-ceilometer-ipmi-10.0.1-6.el7ost.noarch.rpm	SHA-256: 35803a02fe60bf413d49b91d23093d7c0b3e8891092fce0dd68097528e3ec81a
openstack-ceilometer-notification-10.0.1-6.el7ost.noarch.rpm	SHA-256: a505358bbd9d64aaec0f6e609e4e73ed16ded02d2687a466fbb0dbfa7cb66b0f
openstack-ceilometer-polling-10.0.1-6.el7ost.noarch.rpm	SHA-256: 64802b15b1da1a099e02f225c2ab0bcf0d58a62f11c750a964c991aa37040734
python-ceilometer-10.0.1-6.el7ost.noarch.rpm	SHA-256: e22474bc341bac56b37c82ca01c3001af61d7d9d6c8a6a4038613f1702bff02a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation