OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources.
Security Fix(es):
An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. (CVE-2017-2621)
An information-leak vulnerability was found in the OpenStack Orchestration (heat) service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services. (CVE-2016-9185)
Red Hat would like to thank Hans Feldt (Ericsson) for reporting CVE-2017-2621.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python-heat-tests | < 6.1.0-3.el7ost | python-heat-tests-6.1.0-3.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-heat-api-cfn | < 6.1.0-3.el7ost | openstack-heat-api-cfn-6.1.0-3.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-heat-common | < 6.1.0-3.el7ost | openstack-heat-common-6.1.0-3.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-heat-api-cloudwatch | < 6.1.0-3.el7ost | openstack-heat-api-cloudwatch-6.1.0-3.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-heat-engine | < 6.1.0-3.el7ost | openstack-heat-engine-6.1.0-3.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-heat-api | < 6.1.0-3.el7ost | openstack-heat-api-6.1.0-3.el7ost.noarch.rpm |