(RHSA-2015:0832) Important: openstack-packstack and openstack-puppet-modules update

2015-04-16T17:12:08
ID RHSA-2015:0832
Type redhat
Reporter RedHat
Modified 2018-06-07T02:47:54

Description

PackStack is a command-line utility for deploying OpenStack on existing servers over an SSH connection. Deployment options are provided either interactively, using the command line, or non-interactively by means of a text file containing a set of preconfigured values for OpenStack parameters. PackStack is suitable for deploying proof-of-concept installations.

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root. (CVE-2015-1842)

This issue was discovered by Alessandro Vozza of Red Hat.

This update also adds the following enhancement:

  • If OpenStack Networking (neutron) is enabled, Packstack now displays a warning if the Network Manager service is active on hosts. (BZ#1117115)

All openstack-packstack and openstack-puppet-modules users are advised to upgrade to these updated packages, which correct these issues and add this enhancement.