Issued:: 2020-05-14
Updated:: 2020-05-14

RHSA-2020:2165 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-manila security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-manila is now available for Red Hat OpenStack
Platform 16 (Train).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Shared Filesystem Service (Manila) provides services to manage network filesystems for use by Virtual Machine instances.

Security Fix(es):

User with share-network UUID is able to show create and delete shares

(CVE-2020-9543)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 16 ppc64le
Red Hat OpenStack 16 for RHEL 8 x86_64

Fixes

BZ - 1809855 - CVE-2020-9543 openstack-manila: User with share-network UUID is able to show, create and delete shares
BZ - 1824519 - Rebase openstack-manila to f071a43

CVEs

CVE-2020-9543

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 16

SRPM
openstack-manila-9.1.2-0.20200405045746.f071a43.el8ost.src.rpm	SHA-256: 004350dae6466e706d8f64fa0852c936e9f38b3e74a5a9f8e7a862e8be641ac5
ppc64le
openstack-manila-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: f70eefa9a61439d210fd18a4e902ab11fa2ab16509fe6ef6545a9824cd90dcc3
openstack-manila-share-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: f603e203f82b306dce5afeec53c7dcd6cec60b130bb79241e9f8f6003662b096
python3-manila-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: 6545bd0faa24e2bb5693bc2caf1f0d1bf548c905fb2709f75dfeb7579d5b9adc

Red Hat OpenStack 16 for RHEL 8

SRPM
openstack-manila-9.1.2-0.20200405045746.f071a43.el8ost.src.rpm	SHA-256: 004350dae6466e706d8f64fa0852c936e9f38b3e74a5a9f8e7a862e8be641ac5
x86_64
openstack-manila-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: f70eefa9a61439d210fd18a4e902ab11fa2ab16509fe6ef6545a9824cd90dcc3
openstack-manila-share-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: f603e203f82b306dce5afeec53c7dcd6cec60b130bb79241e9f8f6003662b096
python3-manila-9.1.2-0.20200405045746.f071a43.el8ost.noarch.rpm	SHA-256: 6545bd0faa24e2bb5693bc2caf1f0d1bf548c905fb2709f75dfeb7579d5b9adc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation