(RHSA-2017:2557) Moderate: instack-undercloud security update

2017-08-30T13:15:52
ID RHSA-2017:2557
Type redhat
Reporter RedHat
Modified 2018-03-19T12:27:34

Description

instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud (using python-instack).

Security Fix(es):

  • A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2017-7549)

This issue was discovered by Matthew Booth (Red Hat).