- Issued:
- 2016-06-13
- Updated:
- 2016-06-13
RHSA-2016:1222 - Important: rhosp-director-images security and bug fix update
Synopsis
Important: rhosp-director-images security and bug fix update
Type/Severity
Security Advisory Important
Topic
Updated deployment images are now available for Red Hat OpenStack Platform 8.0 (Liberty) director.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
Security Fix(es):
- An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default. (CVE-2016-4474)
Red Hat would like to thank David Patterson (Dell) for reporting this issue.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenStack | 8 | x86_64 |
Updated Packages
- rhosp-director-images-8.0-20160603.2.el7ost.noarch.rpm
- rhosp-director-images-8.0-20160603.2.el7ost.src.rpm
- rhosp-director-images-ipa-8.0-20160603.2.el7ost.noarch.rpm
Fixes
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.