Issued:

2016-06-13

Updated:

2016-06-13

RHSA-2016:1223 - Important: rhosp-director-images security and bug fix update

Synopsis

Important: rhosp-director-images security and bug fix update

Type/Severity

Security Advisory Important

Topic

Updated deployment images are now available for Red Hat OpenStack Platform 7.0 (Kilo) director.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.

Security Fix(es):

• An issue was discovered in the image build process for the overcloud images, as used by director, resulting in all previous images to have a default root password of "rootpw". Remote root access via SSH is disabled by default. (CVE-2016-4474)

Red Hat would like to thank David Patterson (Dell) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Fixes

• This content is not included.BZ - 1342412

CVEs

• CVE-2016-4474

References

• http://www.redhat.com/security/updates/classification/#normal

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.