(RHSA-2017:0200) Moderate: puppet-swift security update

2017-01-26T21:30:57
ID RHSA-2017:0200
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:34

Description

puppet-swift is the Puppet module used by Red Hat OpenStack Platform director to install OpenStack Object Storage (swift).

Security Fix(es):

  • An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. (CVE-2016-9590)

Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue.