RHSA-2024:9990 - Security Advisory

Topic

An update for openstack-tripleo-common and python-tripleoclient is now
available for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Python library for code used by TripleO projects

a Python TripleOClient for Openstack Director

Security Fix(es):

• RHOSP Director Disables TLS Verification for Registry Mirrors

(CVE-2024-8007)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat OpenStack 17.1 for RHEL 9 x86_64

Fixes

• BZ - 2213408 - wait_for_message_queue() in heat_launcher.py sets the aggressive timeout.
• BZ - 2251692 - Deploy the Ceph dashboard prometheus v4.12
• BZ - 2259470 - The user information section outputted by overdeployment is hard to read
• BZ - 2272202 - UserWarning: You have a configured API_VERSION with 'latest' in it. In the context of openstacksdk this doesn't make any sense.
• BZ - 2279328 - Error performing deploy_step write_image: Command execution failed: Unable to stat device /dev/dm-0p2 after attempting to verify 3 times
• BZ - 2292699 - 17.1 FFU - overcloud_node.py failing with role_net_ip_map[role_name][net['network']][idx] - IndexError: list index out of range
• BZ - 2295391 - Request limit exceeded: Template size exceeds maximum allowed size (524288 bytes).
• BZ - 2301634 - [OSP17.1] metrics_qdr service is fluctuating Prometheus and HealthCheck failing on node
• BZ - 2303654 - [FFU 16.2 to 17.1 ] Upgrade truncates the nic config file for custom role in overcloud-deploy network-environment file.
• BZ - 2305975 - CVE-2024-8007 openstack-tripleo-common: RHOSP Director Disables TLS Verification for Registry Mirrors
• BZ - 2307955 - OSP17.1 include fix for Openstack 17.1 is unable to pull image from Satellite 6.16
• BZ - 2308677 - rhosp17 overcloud images lost kernel-modules-extra and hctp is missing
• BZ - 2320103 - `tripleo container image` commands are broken

CVEs

• CVE-2024-8007

References

• https://access.redhat.com/security/updates/classification/#moderate