The openstack-foreman-installer package provides facilities for rapidly
deploying Red Hat Enterprise Linux OpenStack Platform 4.
It was discovered that the Qpid configuration created by
openstack-foreman-installer did not have authentication enabled when run
with default settings in standalone mode. An attacker able to establish a
TCP connection to Qpid could access any OpenStack back end using Qpid (for
example, nova) without any authentication. (CVE-2013-6470)
This update also fixes several bugs and adds enhancements. Documentation
for these changes is available in the Technical Notes document linked to
in the References section.
All openstack-foreman-installer users are advised to upgrade to this
updated package, which corrects these issues and adds these enhancements.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | openstack-foreman-installer | < 1.0.12-1.el6ost | openstack-foreman-installer-1.0.12-1.el6ost.noarch.rpm |
RedHat | 6 | src | openstack-foreman-installer | < 1.0.12-1.el6ost | openstack-foreman-installer-1.0.12-1.el6ost.src.rpm |