- Issued:
- 2021-05-26
- Updated:
- 2021-05-26
RHSA-2021:2119 - Security Advisory
Synopsis
Important: Red Hat OpenStack Platform 16.1.6 (tripleo-ansible) security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for tripleo-ansible is now available for Red Hat OpenStack
Platform 16.1 (Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Ansible project for TripleO.
Security Fix(es):
- ansible.log file is visible to unprivileged users (CVE-2021-31918)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Changes to the tripleo-ansible component:
This update prevents Relax and Recover (ReaR) from automatically creating an unrequested backup. Previously, ReaR automatically created the cron file /etc/cron.d/rear, which ran a backup at 1:30 AM. This update prevents the automatic creation of the cron job. (BZ#1919174)
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
Affected Products
- Red Hat OpenStack for IBM Power 16.1 ppc64le
- Red Hat OpenStack 16.1 x86_64
Fixes
- BZ - 1899404 - pacemaker and pcs shouldn't be required for ceph storage nodes
- BZ - 1905973 - LVM filter only runs if at least 1 item is passed in the Allowlist
- BZ - 1908266 - RHOSP 16.1 minor update fails because of release lock enforcement on Ceph nodes
- BZ - 1911891 - deployment takes a long time when being run manually on the undercloud with ansible-playbook
- BZ - 1916162 - tripleo-transfer can't transfer large databases
- BZ - 1917891 - Back up and Restore role failing to create a backup image
- BZ - 1919174 - Option to remove the self-installed ReaR cron task
- BZ - 1934379 - Ceph cluster is not healthy: auth entities with invalid capabilities
- BZ - 1949290 - cold migration and resize failing in nova-compute: ssh: Host key verification failed
- BZ - 1949398 - FFU tripleo-transfer role syncs a partial list of files creating an inconsistent database leading to mariadb segfaulting
- BZ - 1954250 - CVE-2021-31918 tripleo-ansible: ansible.log file is visible to unprivileged users
CVEs
Red Hat OpenStack for IBM Power 16.1
| SRPM | |
|---|---|
| tripleo-ansible-0.5.1-1.20210323173506.el8ost.src.rpm | SHA-256: e35902502e7770990b3b75645680928a870a9cfe9dba5d925f1e84fc48da1cb8 |
| ppc64le | |
| tripleo-ansible-0.5.1-1.20210323173506.el8ost.noarch.rpm | SHA-256: 76a02a6051cd6332d9bda2dba7275f2745adbd80c7837c3aae56f83bbb16a2e4 |
Red Hat OpenStack 16.1
| SRPM | |
|---|---|
| tripleo-ansible-0.5.1-1.20210323173506.el8ost.src.rpm | SHA-256: e35902502e7770990b3b75645680928a870a9cfe9dba5d925f1e84fc48da1cb8 |
| x86_64 | |
| tripleo-ansible-0.5.1-1.20210323173506.el8ost.noarch.rpm | SHA-256: 76a02a6051cd6332d9bda2dba7275f2745adbd80c7837c3aae56f83bbb16a2e4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
