Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update

An update for python-openstackclient is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on...

RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2729 advisory. A highly-available key value store for shared configuration Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-openstackclient) (RHSA-2024:2737)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2737 advisory. python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-client modules that implemen...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-gunicorn) (RHSA-2024:2727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2727 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

RHEL 8 : Red Hat OpenStack Platform 17.1 (tripleo-ansible and openstack-tripleo-heat-templates) (RHSA-2024:2770)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2770 advisory. Heat templates for TripleO TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments. https://opendev.org...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-paramiko) (RHSA-2024:2735)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2735 advisory. Paramiko a combination of the esperanto words for paranoid and friend is a module for python 2.3 or greater that implements the SSH2 protocol for...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:2734)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2734 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: Request body not stripped after redirect from 303 status changes...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

PT-2024-33096 · Red Hat · Openstack Platform Director

Name of the Vulnerable Software and Affected Versions: OpenStack Platform RHOSP director affected versions not specified Description: A flaw in the OpenStack Platform director allows plaintext passwords to be stored in log files. This can expose sensitive information to anyone with access to the...

CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

PT-2024-31140 · Red Hat · Red Hat Openstack Platform 16.1 +3

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

Red Hat OpenStack Platform 资源管理错误漏洞

Red Hat OpenStack Platform is a cloud computing management platform from Red Hat, Inc. A resource management error vulnerability exists in Red Hat OpenStack Platform versions 16.1 and 16.2, which stems from the presence of uncontrolled resource consumption...

Red Hat OpenStack Platform 安全漏洞

Red Hat OpenStack Platform is a cloud computing management platform from Red Hat, an American company. A security vulnerability exists in Red Hat OpenStack Platform that stems from the presence of uncontrolled resource consumption. The following versions are affected: version 16.1, 16.2, and 17.1...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-glance) (RHSA-2023:1017)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1017 advisory. OpenStack Image Service code-named Glance provides discovery,registration, and delivery services for virtual disk images. The Image Service API serve...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-barbican) (RHSA-2023:6231)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6231 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security Fixes:...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-eventlet) (RHSA-2024:0188)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0188 advisory. Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high...

RHEL 8 : Red Hat OpenStack Platform 17.1 (GitPython) (RHSA-2024:0190)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0190 advisory. GitPython is a python library used to interact with Git repositories. Security Fixes: Blind local file inclusion CVE-2023-41040 For more details abou...

RHEL 9 : Red Hat OpenStack Platform 17.0 (python-flask) (RHSA-2023:3440)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3440 advisory. Flask is called a micro-framework because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation...