Issued:: 2020-06-24
Updated:: 2020-06-24

RHSA-2020:2729 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-manila and openstack-manila security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-manila and openstack-manila is now available for
Red Hat OpenStack Platform 13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Shared Filesystem Service (Manila) provides services to manage
network filesystems for use by Virtual Machine instances.

Security Fix(es):

User with share-network UUID is able to show create and delete shares

(CVE-2020-9543)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack for IBM Power 13 ppc64le
Red Hat OpenStack 13 x86_64

Fixes

BZ - 1809855 - CVE-2020-9543 openstack-manila: User with share-network UUID is able to show, create and delete shares
BZ - 1832361 - Rebase openstack-manila to cd8c004

CVEs

CVE-2020-9543

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 13

SRPM
openstack-manila-6.3.2-3.el7ost.src.rpm	SHA-256: 32d09a8bd2c52f82221ece477d27e772ad586e6938873e2cf3709d22cef2cede
ppc64le
openstack-manila-6.3.2-3.el7ost.noarch.rpm	SHA-256: f0adaf7210f92e5cf10a7f1b4d20e5ee9b206a9e4c68d03319b8dac7faf6ad47
openstack-manila-share-6.3.2-3.el7ost.noarch.rpm	SHA-256: 504e7903ce2a1cc638c696534689c5a08610d523f0789d66403d46f065ac34af
python-manila-6.3.2-3.el7ost.noarch.rpm	SHA-256: 0c5b7e1cd84daebe1783fc1577d7013cb20a1c62ebb37288e13f5e26de5eead2
python-manila-tests-6.3.2-3.el7ost.noarch.rpm	SHA-256: dca6344a61f634116dfe04fcfbfdc0561a0344a230dbddc595fc609b1ee8b5ed

Red Hat OpenStack 13

SRPM
openstack-manila-6.3.2-3.el7ost.src.rpm	SHA-256: 32d09a8bd2c52f82221ece477d27e772ad586e6938873e2cf3709d22cef2cede
x86_64
openstack-manila-6.3.2-3.el7ost.noarch.rpm	SHA-256: f0adaf7210f92e5cf10a7f1b4d20e5ee9b206a9e4c68d03319b8dac7faf6ad47
openstack-manila-share-6.3.2-3.el7ost.noarch.rpm	SHA-256: 504e7903ce2a1cc638c696534689c5a08610d523f0789d66403d46f065ac34af
python-manila-6.3.2-3.el7ost.noarch.rpm	SHA-256: 0c5b7e1cd84daebe1783fc1577d7013cb20a1c62ebb37288e13f5e26de5eead2
python-manila-tests-6.3.2-3.el7ost.noarch.rpm	SHA-256: dca6344a61f634116dfe04fcfbfdc0561a0344a230dbddc595fc609b1ee8b5ed

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation