Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0830
HistoryApr 16, 2015 - 1:11 p.m.

(RHSA-2015:0830) Important: openstack-foreman-installer security update

2015-04-1613:11:20
access.redhat.com
15

EPSS

0.021

Percentile

89.1%

JSON

Red Hat Enterprise OpenStack Platform Installer is a deployment management
tool. It provides a web user interface for managing the installation and
configuration of remote systems. Deployment of changes is performed using
Puppet. Additionally, Dynamic Host Configuration Protocol (DHCP), Domain
Name System (DNS), Preboot Execution Environment (PXE), and Trivial File
Transfer Protocol (TFTP) services can be provided. Controlling these
services also enables provisioning of physical systems that do not yet have
an operating system installed.

It was discovered that the puppet manifests, as provided with the
openstack-puppet-modules package, would configure the pcsd daemon with a
known default password. If this password was not changed and an attacker
was able to gain access to pcsd, they could potentially run shell commands
as root. (CVE-2015-1842)

Note: This flaw only affects Red Hat Enterprise Linux OpenStack Platform
installations deployed using the HA feature set.

For additional information on addressing this flaw see:
https://access.redhat.com/articles/1396123

This issue was discovered by Alessandro Vozza of Red Hat.

The augeas package has been upgraded to version 1.0.0-7, which provides a
number of bug fixes over the previous version. (BZ#1198236)

This update also fixes the following bug:

  • A problem with cloned constraints for neutron caused RHEL OpenStack
    Platform deployments to fail. This update corrects the cloned constraints,
    and deployments are now successful. (BZ#1209628)

All Red Hat Enterprise Linux OpenStack Platform Installer users are advised
to upgrade to these updated packages, which correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHat6srcruby193-rubygem-staypuft< 0.4.15-1.el6ostruby193-rubygem-staypuft-0.4.15-1.el6ost.src.rpm
RedHat6noarchruby193-rubygem-staypuft< 0.4.15-1.el6ostruby193-rubygem-staypuft-0.4.15-1.el6ost.noarch.rpm
RedHat6srcrhel-osp-installer< 0.4.7-2.el6ostrhel-osp-installer-0.4.7-2.el6ost.src.rpm
RedHat6noarchopenstack-foreman-installer< 2.0.34-1.el6ostopenstack-foreman-installer-2.0.34-1.el6ost.noarch.rpm
RedHat6srcaugeas< 1.0.0-7.el6_6.1augeas-1.0.0-7.el6_6.1.src.rpm
RedHat6x86_64augeas< 1.0.0-7.el6_6.1augeas-1.0.0-7.el6_6.1.x86_64.rpm
RedHat6srcopenstack-foreman-installer< 2.0.34-1.el6ostopenstack-foreman-installer-2.0.34-1.el6ost.src.rpm
RedHat6noarchopenstack-puppet-modules< 2014.1.2-1.el6ostopenstack-puppet-modules-2014.1.2-1.el6ost.noarch.rpm
RedHat6noarchruby193-rubygem-staypuft-doc< 0.4.15-1.el6ostruby193-rubygem-staypuft-doc-0.4.15-1.el6ost.noarch.rpm
RedHat6srcopenstack-puppet-modules< 2014.1.2-1.el6ostopenstack-puppet-modules-2014.1.2-1.el6ost.src.rpm
Rows per page:
1-10 of 121

Related

prion 1
nvd 1
nessus 1
cvelist 1
veracode 1
cve 1
redhat 4
prion
prion
Default credentials
2015-04-10 15:00:00
nvd
nvd
CVE-2015-1842
2015-04-10 15:00:02
nessus
nessus
ClusterLabs Pacemaker PCS Daemon Default Password
2015-05-07 00:00:00
cvelist
cvelist
CVE-2015-1842
2015-04-10 14:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:05:15
cve
cve
CVE-2015-1842
2015-04-10 15:00:02
redhat
redhat
(RHSA-2015:0791) Important: Red Hat Enterprise Linux OpenStack Platform Installer update
2015-04-07 00:00:00
(RHSA-2015:0831) Important: openstack-packstack and openstack-puppet-modules update
2015-04-16 00:00:00
(RHSA-2015:0789) Important: openstack-packstack and openstack-puppet-modules security and bug fix update
2015-04-07 00:00:00

EPSS

0.021

Percentile

89.1%

JSON
Related for RHSA-2015:0830
prion1nvd1nessus1cvelist1veracode1cve1redhat4