RedHat: RHSA-2018-2214:01 Important: openstack-tripleo-heat-templates
Summary
openstack-tripleo-heat-templates is a collection of OpenStack Orchestration
templates and tools (codename heat), which can be used to help deploy
OpenStack.
Security fix(es):
* openstack-tripleo-heat-templates: Default ODL deployment uses hard coded
administrative credentials (CVE-2018-10898)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
For more information about the bug fixes and enhancements included with
this update, see the "Technical Notes" section of the Release Notes linked
in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2018-10898 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/release_notes/
Package List
Red Hat OpenStack Platform 13.0:
Source:
openstack-tripleo-common-8.6.1-23.el7ost.src.rpm
openstack-tripleo-heat-templates-8.0.2-43.el7ost.src.rpm
puppet-opendaylight-8.1.2-2.38977efgit.el7ost.src.rpm
python-tripleoclient-9.2.1-13.el7ost.src.rpm
noarch:
openstack-tripleo-common-8.6.1-23.el7ost.noarch.rpm
openstack-tripleo-common-container-base-8.6.1-23.el7ost.noarch.rpm
openstack-tripleo-common-containers-8.6.1-23.el7ost.noarch.rpm
openstack-tripleo-common-devtools-8.6.1-23.el7ost.noarch.rpm
openstack-tripleo-heat-templates-8.0.2-43.el7ost.noarch.rpm
puppet-opendaylight-8.1.2-2.38977efgit.el7ost.noarch.rpm
python-tripleoclient-9.2.1-13.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0:
Source:
puppet-opendaylight-8.1.2-2.38977efgit.el7ost.src.rpm
noarch:
puppet-opendaylight-8.1.2-2.38977efgit.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for openstack-tripleo-heat-templates is now available for Red HatOpenStack Platform 13.0 (Queens) for RHEL 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat OpenStack Platform 13.0 - noarch
Bugs Fixed
1559055 - [Infra] docker logs opendaylight_api command doesn't show the OpenDaylight controller's log
1559105 - OC update does not set additional RBD Cinder backend on stack update
1586132 - OSP13 minor update: docker/services/pacemaker/ovn-dbs.yaml is missing update_tasks
1586171 - [Update] Update of OpenStack and OpenDaylight fails
1589346 - Minor Update runs common_deploy_steps_tasks.yaml twice
1592424 - UpgradeInitCommonCommand not executed on split stack environments
1592823 - Update logs should have timestamps to make debugging easier
1593757 - Firewall rules for octavia-api are not created on UPDATE
1594328 - [Deployment] Use secure ODL password by default
1594333 - [Deployment] Karaf shell should only be exposed to internal API network
1600360 - CVE-2018-10898 openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials