- Issued:
- 2019-11-07
- Updated:
- 2019-11-07
RHSA-2019:3788 - Security Advisory
Synopsis
Moderate: openstack-octavia security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 (Queens).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The OpenStack Load Balancing service (openstack-octavia) provides a Load Balancing-as-a-Service (LBaaS) version 2 implementation for Red Hat OpenStack platform director based installations.
Security Fix(es):
- openstack-octavia: amphora-agent not requiring client certificate (CVE-2019-17134)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [Backport request]Add failover logging to show the amphora details. (BZ#1743476)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat OpenStack for IBM Power 13 ppc64le
- Red Hat OpenStack 13 x86_64
Fixes
- BZ - 1712448 - Cannot delete load balancer that is in PENDING_UPDATE with PENDING_CREATE LISTENER after running into BZ 1693808
- BZ - 1760178 - Rebase openstack-octavia to 431d9c9
- BZ - 1761307 - CVE-2019-17134 openstack-octavia: amphora-agent not requiring client certificate
CVEs
Red Hat OpenStack for IBM Power 13
| SRPM | |
|---|---|
| openstack-octavia-2.1.2-1.el7ost.src.rpm | SHA-256: 96ed9b51e5ed99214431374c06196a3496c48881e239ca20edada5359d64db73 |
| ppc64le | |
| openstack-octavia-amphora-agent-2.1.2-1.el7ost.noarch.rpm | SHA-256: f313e24d16aecf110885a29571ac9adbc67057d2a551a493cab24df63ca475cb |
| openstack-octavia-api-2.1.2-1.el7ost.noarch.rpm | SHA-256: a1d589054d7900366a159db4865609d7ee4471901791a80f2cdd21eb4e662175 |
| openstack-octavia-common-2.1.2-1.el7ost.noarch.rpm | SHA-256: a4da104bc06e1b5cac15c85a6ed5f2f3075ec204281b14ca59f862df3ad6bca4 |
| openstack-octavia-debuginfo-2.1.2-1.el7ost.ppc64le.rpm | SHA-256: b72ecad46160be89cca668a13b7f1e5692d8fce76e4288f929dff118bb68d969 |
| openstack-octavia-diskimage-create-2.1.2-1.el7ost.noarch.rpm | SHA-256: b8469948bcc2fe05cd670cdbb9860e50462b4276c46bbb04ff23c47ef06de7ad |
| openstack-octavia-health-manager-2.1.2-1.el7ost.noarch.rpm | SHA-256: 591432467f73d74d2c99b097db2a7f67fc0f9909f4b84a3eacec978ca4190d8f |
| openstack-octavia-housekeeping-2.1.2-1.el7ost.noarch.rpm | SHA-256: 27bbda0798ad7f53457328f650f976bdfb104bb393dd42ab720cd4dd285e5c7e |
| openstack-octavia-worker-2.1.2-1.el7ost.noarch.rpm | SHA-256: e9e11496fd9f2ba7aa307446d1eb1ac414e8a64b1c02ac856d9c50979287a0ba |
| python-octavia-2.1.2-1.el7ost.noarch.rpm | SHA-256: ed4fece801ac2e424d27547a15fd028eced1e35899916b844605c33b095eb6d2 |
| python-octavia-tests-golang-2.1.2-1.el7ost.ppc64le.rpm | SHA-256: d6bc5855a24d65ae09553ba1e86520a4559f5bcc58ff30fe2d40ae0b3ef42585 |
Red Hat OpenStack 13
| SRPM | |
|---|---|
| openstack-octavia-2.1.2-1.el7ost.src.rpm | SHA-256: 96ed9b51e5ed99214431374c06196a3496c48881e239ca20edada5359d64db73 |
| x86_64 | |
| openstack-octavia-amphora-agent-2.1.2-1.el7ost.noarch.rpm | SHA-256: f313e24d16aecf110885a29571ac9adbc67057d2a551a493cab24df63ca475cb |
| openstack-octavia-api-2.1.2-1.el7ost.noarch.rpm | SHA-256: a1d589054d7900366a159db4865609d7ee4471901791a80f2cdd21eb4e662175 |
| openstack-octavia-common-2.1.2-1.el7ost.noarch.rpm | SHA-256: a4da104bc06e1b5cac15c85a6ed5f2f3075ec204281b14ca59f862df3ad6bca4 |
| openstack-octavia-debuginfo-2.1.2-1.el7ost.x86_64.rpm | SHA-256: bf09c42afcf64fdc7564eb10ff3f618403d65d2afc1ea8a291d11ba76ad16934 |
| openstack-octavia-diskimage-create-2.1.2-1.el7ost.noarch.rpm | SHA-256: b8469948bcc2fe05cd670cdbb9860e50462b4276c46bbb04ff23c47ef06de7ad |
| openstack-octavia-health-manager-2.1.2-1.el7ost.noarch.rpm | SHA-256: 591432467f73d74d2c99b097db2a7f67fc0f9909f4b84a3eacec978ca4190d8f |
| openstack-octavia-housekeeping-2.1.2-1.el7ost.noarch.rpm | SHA-256: 27bbda0798ad7f53457328f650f976bdfb104bb393dd42ab720cd4dd285e5c7e |
| openstack-octavia-worker-2.1.2-1.el7ost.noarch.rpm | SHA-256: e9e11496fd9f2ba7aa307446d1eb1ac414e8a64b1c02ac856d9c50979287a0ba |
| python-octavia-2.1.2-1.el7ost.noarch.rpm | SHA-256: ed4fece801ac2e424d27547a15fd028eced1e35899916b844605c33b095eb6d2 |
| python-octavia-tests-golang-2.1.2-1.el7ost.x86_64.rpm | SHA-256: 5601792bcb045a1ed9c32d6bd279df8061f87ba5f7e2f055164c061a0dceca8f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
