CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

Red Hat OpenStack Platform Remote Privilege Vulnerability

Red Hat OpenStack Platform is a Red Hat platform that provides the next generation of IaaS Infrastructure as a Service cores for private, public and hybrid clouds. RedHat OpenStack Platformis vulnerable to a remote privilege extraction vulnerability. An attacker can exploit this vulnerability to...

Moderate: Red Hat Security Advisory: openstack-puppet-modules security update

An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...

CVE-2016-4474

CVE-2016-4474 affects Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) overcloud-full images. The image build process uses a default root password (ROOTPW/rootpw), enabling potential remote root access via unspecified vectors. Red Hat ad...

Red Hat OpenStack Platform Design Vulnerability

Red Hat OpenStack Platform is a Red Hat platform that provides the next generation of IaaS Infrastructure as a Service cores for private, public and hybrid clouds. A security vulnerability exists in Red Hat OpenStack Platform. An attacker can exploit the vulnerability to set 'rootpw' as the defau...

Important: Red Hat Security Advisory: rhosp-director-images security and bug fix update

Updated deployment images are now available for Red Hat OpenStack Platform 7.0 Kilo director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Important: Red Hat Security Advisory: rhosp-director-images security and bug fix update

Updated deployment images are now available for Red Hat OpenStack Platform 8.0 Liberty director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Default credentials

The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update

Updated packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

Red Hat Enterprise Linux OpenStack Platform Stack Buffer Overflow Vulnerability

Red Hat Enterprise Linux OpenStack Platform is an enterprise-class solution. A stack buffer overflow vulnerability exists in Red Hat Enterprise Linux OpenStack Platform. An attacker exploiting this vulnerability could cause a denial of service corrupt heap memory and QEMU crash...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated mariadb-galera and python-eventlet packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-servi...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated OpenStack Compute nova packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base scor...

Low: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, whi...

Moderate: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

Updated openstack-neutron packages that fix one security issue, several bugs, and add multiple enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A...