(RHSA-2017:1243) Moderate: openstack-heat security, bug fix, and enhancement update

OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources.

The following packages have been upgraded to a later upstream version: openstack-heat (7.0.2). (BZ#1431258)

Security Fix(es):

• An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. (CVE-2017-2621)

Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue.