Issued:: 2023-08-22
Updated:: 2023-08-22

RHSA-2023:4694 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Release of containers for OSP 16.2.z (Train) director Operator

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available.

Description

Release of Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) provides these changes:

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 16.2 x86_64

Fixes

BZ - 2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
BZ - 2218300 - git url logic does not handle non-default ports and users
BZ - 2228513 - [16.2] Ephemeral heat communication is not using svc fqdn and hitting proxy
BZ - 2229173 - [16.2] OpenStackConfigGenerator fails to clone from Azure DevOps with empty git-upload-pack given
OSPK8-735 - Improve logging for BMH selection in BaremetalSet controller

CVEs

References

x86_64

rhosp-rhel8/osp-director-agent@sha256:435b11c52edc98da6f15e21da9fede79825a97b2ac6e5df738d7af77fadb4453

rhosp-rhel8/osp-director-downloader@sha256:7ab88acf3a7c1568b05ec08564a0930cc43a5dcf21ec774bc785bb50545f2b86

rhosp-rhel8/osp-director-operator@sha256:1d06f2bdb1d80b843bc6f5c9b55009c003cb35cec8416c4da9983c48681769b5

rhosp-rhel8/osp-director-operator-bundle@sha256:ebeb0f15e68d0200420e6b6b013116e550e8110c3038e4cc37e73dd38d3ed248

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation