- Issued:
- 2019-03-14
- Updated:
- 2019-03-14
RHSA-2019:0567 - Security Advisory
Synopsis
Moderate: openstack-octavia security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The OpenStack Load Balancing service (openstack-octavia) provides a Load Balancing-as-a-Service (LBaaS) version 2 implementation for Red Hat OpenStack platform director based installations.
Security Fix(es):
- openstack-octavia: Private keys written to world-readable log files (CVE-2018-16856)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- This feature is "community support" and not supported by Red Hat per RHOSP SLA. (BZ#1671022)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenStack 13 x86_64
- Red Hat OpenStack for IBM Power 13 ppc64le
- Red Hat OpenStack - Extended Update Support 13 for RHEL 7.6 x86_64
Fixes
- BZ - 1547478 - Test Octavia with OVN
- BZ - 1571636 - Backports of general improvements to Octavia
- BZ - 1582145 - Listener's "operating status" is not transitioning to ONLINE even when pool and members are configured for it.
- BZ - 1607276 - All existing amphora instances are deleting when RabbitMQ is down
- BZ - 1649165 - CVE-2018-16856 openstack-octavia: Private keys written to world-readable log files
- BZ - 1669078 - Add support for configuring Octavia LB timeouts in OSP 13
- BZ - 1670170 - Rebase openstack-octavia to 2.0.3
- BZ - 1672370 - flake8 fail: code over-indentation
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat OpenStack 13
| SRPM | |
|---|---|
| openstack-octavia-2.0.3-2.el7ost.src.rpm | SHA-256: 58f70466db84aabcba0e89917dc959c8620d620b9fadfaf566ed7979440a5d72 |
| x86_64 | |
| openstack-octavia-amphora-agent-2.0.3-2.el7ost.noarch.rpm | SHA-256: 9dbc6f14740eb816c89674102b7986f3ad2baf726307b263a944dc04141c2483 |
| openstack-octavia-api-2.0.3-2.el7ost.noarch.rpm | SHA-256: c93febfd7d1096346e676f91bee6def5fc0c34302b394e5917eea29c17cb423c |
| openstack-octavia-common-2.0.3-2.el7ost.noarch.rpm | SHA-256: 3fa48239ca9f4caed49911bb8a214d176cb8f94ca73aff341b8dd7aa1fc09d8d |
| openstack-octavia-debuginfo-2.0.3-2.el7ost.x86_64.rpm | SHA-256: 0b8a24690cca34be64167e0db94115af4a5c9f750338983ba080860426ba9b57 |
| openstack-octavia-diskimage-create-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92a63ec01d86021dcef824151c7f19fc1de67b3872c5d45492a1e1f3d2c64995 |
| openstack-octavia-health-manager-2.0.3-2.el7ost.noarch.rpm | SHA-256: e5622ed87e4411d2d483811dc9f9aa4b73fd1236fc6a9e2af48a401137d233c9 |
| openstack-octavia-housekeeping-2.0.3-2.el7ost.noarch.rpm | SHA-256: 68fbabe605ff7bfd361a63bed9e2c2a88f81738bc7046ee7c4ba1f707ad98f05 |
| openstack-octavia-worker-2.0.3-2.el7ost.noarch.rpm | SHA-256: 4c95b4ab74afdf40e71181e9591f84f21c63a9d39470749f8a8d20178fabb016 |
| python-octavia-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92d43ae9d485f4e9b66bff98e1eeb50ac10b27336ed9817371bfeeff54b4332c |
| python-octavia-tests-golang-2.0.3-2.el7ost.x86_64.rpm | SHA-256: d907a6d7d0028975517517fbf0101157ac0026afde246bfb3fc1ec48ca92c44b |
Red Hat OpenStack for IBM Power 13
| SRPM | |
|---|---|
| openstack-octavia-2.0.3-2.el7ost.src.rpm | SHA-256: 58f70466db84aabcba0e89917dc959c8620d620b9fadfaf566ed7979440a5d72 |
| ppc64le | |
| openstack-octavia-amphora-agent-2.0.3-2.el7ost.noarch.rpm | SHA-256: 9dbc6f14740eb816c89674102b7986f3ad2baf726307b263a944dc04141c2483 |
| openstack-octavia-api-2.0.3-2.el7ost.noarch.rpm | SHA-256: c93febfd7d1096346e676f91bee6def5fc0c34302b394e5917eea29c17cb423c |
| openstack-octavia-common-2.0.3-2.el7ost.noarch.rpm | SHA-256: 3fa48239ca9f4caed49911bb8a214d176cb8f94ca73aff341b8dd7aa1fc09d8d |
| openstack-octavia-debuginfo-2.0.3-2.el7ost.ppc64le.rpm | SHA-256: f50ba37f237cda8f14a02aff33f141aa8793a17b94789b80be058df352ef5238 |
| openstack-octavia-diskimage-create-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92a63ec01d86021dcef824151c7f19fc1de67b3872c5d45492a1e1f3d2c64995 |
| openstack-octavia-health-manager-2.0.3-2.el7ost.noarch.rpm | SHA-256: e5622ed87e4411d2d483811dc9f9aa4b73fd1236fc6a9e2af48a401137d233c9 |
| openstack-octavia-housekeeping-2.0.3-2.el7ost.noarch.rpm | SHA-256: 68fbabe605ff7bfd361a63bed9e2c2a88f81738bc7046ee7c4ba1f707ad98f05 |
| openstack-octavia-worker-2.0.3-2.el7ost.noarch.rpm | SHA-256: 4c95b4ab74afdf40e71181e9591f84f21c63a9d39470749f8a8d20178fabb016 |
| python-octavia-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92d43ae9d485f4e9b66bff98e1eeb50ac10b27336ed9817371bfeeff54b4332c |
| python-octavia-tests-golang-2.0.3-2.el7ost.ppc64le.rpm | SHA-256: e883ed6981347477342c4e89ddd89f910af65885966adaf7ed2972b63029eeac |
Red Hat OpenStack - Extended Update Support 13 for RHEL 7.6
| SRPM | |
|---|---|
| openstack-octavia-2.0.3-2.el7ost.src.rpm | SHA-256: 58f70466db84aabcba0e89917dc959c8620d620b9fadfaf566ed7979440a5d72 |
| x86_64 | |
| openstack-octavia-amphora-agent-2.0.3-2.el7ost.noarch.rpm | SHA-256: 9dbc6f14740eb816c89674102b7986f3ad2baf726307b263a944dc04141c2483 |
| openstack-octavia-api-2.0.3-2.el7ost.noarch.rpm | SHA-256: c93febfd7d1096346e676f91bee6def5fc0c34302b394e5917eea29c17cb423c |
| openstack-octavia-common-2.0.3-2.el7ost.noarch.rpm | SHA-256: 3fa48239ca9f4caed49911bb8a214d176cb8f94ca73aff341b8dd7aa1fc09d8d |
| openstack-octavia-debuginfo-2.0.3-2.el7ost.x86_64.rpm | SHA-256: 0b8a24690cca34be64167e0db94115af4a5c9f750338983ba080860426ba9b57 |
| openstack-octavia-diskimage-create-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92a63ec01d86021dcef824151c7f19fc1de67b3872c5d45492a1e1f3d2c64995 |
| openstack-octavia-health-manager-2.0.3-2.el7ost.noarch.rpm | SHA-256: e5622ed87e4411d2d483811dc9f9aa4b73fd1236fc6a9e2af48a401137d233c9 |
| openstack-octavia-housekeeping-2.0.3-2.el7ost.noarch.rpm | SHA-256: 68fbabe605ff7bfd361a63bed9e2c2a88f81738bc7046ee7c4ba1f707ad98f05 |
| openstack-octavia-worker-2.0.3-2.el7ost.noarch.rpm | SHA-256: 4c95b4ab74afdf40e71181e9591f84f21c63a9d39470749f8a8d20178fabb016 |
| python-octavia-2.0.3-2.el7ost.noarch.rpm | SHA-256: 92d43ae9d485f4e9b66bff98e1eeb50ac10b27336ed9817371bfeeff54b4332c |
| python-octavia-tests-golang-2.0.3-2.el7ost.x86_64.rpm | SHA-256: d907a6d7d0028975517517fbf0101157ac0026afde246bfb3fc1ec48ca92c44b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.