Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (puppet-firewall) security update

An update for puppet-firewall is now available for Red Hat OpenStack Platform 16.2.3 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-barbican) (RHSA-2022:5114)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5114 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Securit...

RHEL 8 : Red Hat OpenStack Platform 16.2 (puppet-firewall) (RHSA-2022:5116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:5116 advisory. Manages Firewalls such as iptables Security Fixes: unmanaged rules could leave system in an unsafe state via duplicate comment CVE-2022-0675 For more...

SUSE: Security Advisory (SUSE-SU-2022:2150-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in openstack-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5101 Malicious code in openstack-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE: Security Advisory (SUSE-SU-2022:2098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

openstack-tripleo-heat-templates is vulnerable to information disclosure. The vulnerability exists due to lack of santization allowing an attacker to discover the internal IP or hostname through the wwwauthenticateuri parameter configuration files...

SUSE: Security Advisory (SUSE-SU-2022:1891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:1884-1 Security update for openstack-neutron

This update for openstack-neutron fixes the following issues: - CVE-2021-40797: Fixed routes middleware memory leak for nonexistent controllers bsc1190339. - CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extradhcpopts bsc1189794...

SUSE: Security Advisory (SUSE-SU-2022:1836-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:1833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenStack Neutron Denial of Service vulnerability

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API...

GHSA-CPX3-696P-3CW9 OpenStack Neutron Denial of Service vulnerability

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API...

OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extradhcpopts value...

GHSA-FH73-GJVG-349C OpenStack Neutron vulnerable to authenticated attackers reconfiguring dnsmasq via crafted extra_dhcp_opts value

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extradhcpopts value...

networking-bagpipe (>=8.0.1 <=10.0.1), networking-baremetal (=1.0.1) +8 more potentially affected by CVE-2021-38598 via neutron (>=12.1.1 <=15.3.4)

neutron PYPI version =12.1.1, =8.0.1, =15.0.0, =13.0.1, =5.1.0, =13.0.2, =13.0.2, =14.0.1, =14.3.0 Source cves: CVE-2021-38598 Source advisory: OSV:GHSA-HVM4-MC7M-22W4...

OpenStack Neutron vulnerable to hardware address impersonation

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch c...

GHSA-HVM4-MC7M-22W4 OpenStack Neutron vulnerable to hardware address impersonation

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch c...

OpenStack Keystone allows information disclosure during account locking

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...