(RHSA-2015:1929) Important: openstack-ironic-discoverd security update

ID RHSA-2015:1929
Type redhat
Reporter RedHat
Modified 2017-07-21T12:43:03


Ironic provides bare metal provisioning for OpenStack nodes.

It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console (effectively, a command shell). (CVE-2015-5306)

All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.