(RHSA-2015:0791) Important: Red Hat Enterprise Linux OpenStack Platform Installer update

Red Hat Enterprise OpenStack Platform Installer is a deployment management
tool. It provides a web user interface for managing the installation and
configuration of remote systems. Deployment of changes is performed using
Puppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain
Name System (DNS), Preboot Execution Environment (PXE), and Trivial File
Transfer Protocol (TFTP) services can be provided. Controlling these
services also enables provisioning of physical systems that do not yet have
an operating system installed.

It was discovered that the puppet manifests, as provided with the
openstack-puppet-modules package, would configure the pcsd daemon with a
known default password. If this password was not changed and an attacker
was able to gain access to pcsd, they could potentially run shell commands
as root. (CVE-2015-1842)

Note: This flaw only affects Red Hat Enterprise Linux OpenStack Platform
installations deployed using the HA feature set.

For additional information on addressing this flaw see:
https://access.redhat.com/articles/1396123

This issue was discovered by Alessandro Vozza of Red Hat.

In addition to the above issue, this update also addresses multiple bugs
which are documented in the Red Hat Enterprise Linux OpenStack Platform
Technical Notes, linked to in the References section.

All Red Hat Enterprise Linux OpenStack Platform Installer users are advised
to upgrade to these updated packages, which correct these issues.