(RHSA-2015:1929) Important: openstack-ironic-discoverd security update

2015-10-22T23:34:24
ID RHSA-2015:1929
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:59

Description

Ironic provides bare metal provisioning for OpenStack nodes.

It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console (effectively, a command shell). (CVE-2015-5306)

All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.