Issued:: 2024-11-21
Updated:: 2024-11-21

RHSA-2024:9982 - Security Advisory

Overview
Updated Packages

Synopsis

Important: RHOSP 17.1.4 (openstack-ironic) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-ironic is now available for Red Hat
OpenStack Platform (RHOSP) 17.1 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Ironic

Security Fix(es):

Specially crafted image may allow authenticated users to gain access to potentially sensitive data (CVE-2024-44082)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 17.1 for RHEL 9 x86_64

Fixes

BZ - 2309331 - CVE-2024-44082 openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data

CVEs

CVE-2024-44082

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 17.1 for RHEL 9

SRPM
openstack-ironic-17.1.1-17.1.20240917210749.c31db88.el9ost.src.rpm	SHA-256: 547b68f576f7a99ad89c962e0071085b049813bc8f9a28e8c68292167362b5b6
x86_64
openstack-ironic-api-17.1.1-17.1.20240917210749.c31db88.el9ost.noarch.rpm	SHA-256: dcab3573215c41f4d853400f6998de68f6e6e8483dd8bcc90ce409be3341eca0
openstack-ironic-common-17.1.1-17.1.20240917210749.c31db88.el9ost.noarch.rpm	SHA-256: 28946f93a1162f260206e02e2a3dd4116e99203166bfd24ff3eb382e0c89d449
openstack-ironic-conductor-17.1.1-17.1.20240917210749.c31db88.el9ost.noarch.rpm	SHA-256: 25d4df5e787b59e042848cd9dcf86002d9a6b01171e0c9aa80f2fca43b846bb5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation