Issued:: 2024-11-21
Updated:: 2024-11-21

RHSA-2024:9991 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-tripleo-common and python-tripleoclient is now
available for Red Hat OpenStack Platform (RHOSP) 17.1 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Python library for code used by TripleO projects

a Python TripleOClient for Openstack Director

Security Fix(es):

RHOSP Director Disables TLS Verification for Registry Mirrors

(CVE-2024-8007)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 17.1 for RHEL 8 x86_64

Fixes

BZ - 2258093 - FATAL Create containers managed by Podman for /var/lib/tripleo -config/container-startup-config/step_5
BZ - 2294406 - insecure image registry isn't always properly generated
BZ - 2305975 - CVE-2024-8007 openstack-tripleo-common: RHOSP Director Disables TLS Verification for Registry Mirrors

CVEs

CVE-2024-8007

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 17.1 for RHEL 8

SRPM
openstack-tripleo-common-15.4.1-17.1.20240911093743.e5b18f2.el8ost.src.rpm	SHA-256: 9f1b1819d71998c473f1da1f5132ba6a37496bde3bb52de09b4697dff54dfee7
python-tripleoclient-16.5.1-17.1.20240913093745.f3599d0.el8ost.src.rpm	SHA-256: 452c6ae623b27a0e4e377807db3ac364d8df78e6176390a60b340c7555da50e7
x86_64
openstack-tripleo-common-15.4.1-17.1.20240911093743.e5b18f2.el8ost.noarch.rpm	SHA-256: 7cfc9ed9d8ceee53b93c18add1ac1921e9ecaa507ee0cd9bc56fc1c73c8aad88
openstack-tripleo-common-container-base-15.4.1-17.1.20240911093743.e5b18f2.el8ost.noarch.rpm	SHA-256: c7e9d7b4b0e4f3390d73a65debbdf4bf9c7af8a61cba1ba36450ffaa675a9f1d
openstack-tripleo-common-containers-15.4.1-17.1.20240911093743.e5b18f2.el8ost.noarch.rpm	SHA-256: 365d3da973482482d737ed898a65be492412ea0f8f4b5d6336b0b6ae4fe7f58a
python3-tripleo-common-15.4.1-17.1.20240911093743.e5b18f2.el8ost.noarch.rpm	SHA-256: a1612b27bb2a98f4d1545af298c12b5357e34740093b0932a3d5e707c9063c6f
python3-tripleoclient-16.5.1-17.1.20240913093745.f3599d0.el8ost.noarch.rpm	SHA-256: 4205fe346a457b294f8b27fb3a4cdbf4726b4dbe68e53fa2c1e1397dfa37c8ba

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation