RHSA-2019:1728 - Security Advisory
Moderate: python-novajoin security and bug fix update
Security Advisory: Moderate
An update for python-novajoin is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
This Python package provides a dynamic vendordata plugin for the OpenStack nova metadata service to manage host instantiation in an IPA server.
- python-novajoin: novajoin API lacks access control (CVE-2019-10138)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
- TLS-Everywhere - missing folder /var/lib/novajoin (BZ#1608273)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
- Red Hat OpenStack 13 x86_64
- Red Hat OpenStack for IBM Power 13 ppc64le
- BZ - 1608273 - TLS-Everywhere - missing folder /var/lib/novajoin
- BZ - 1670573 - CVE-2019-10138 python-novajoin: novajoin API lacks access control
- BZ - 1717237 - Rebase python-novajoin to 9bfcc96
Red Hat OpenStack 13
Red Hat OpenStack for IBM Power 13