- Issued:
- 2024-05-22
- Updated:
- 2024-05-22
RHSA-2024:2736 - Moderate: openstack-tripleo-heat-templates and tripleo-ansible update
Synopsis
Moderate: openstack-tripleo-heat-templates and tripleo-ansible update
Type/Severity
Security Advisory Moderate
Topic
An update for openstack-tripleo-heat-templates and tripleo-ansible is now available for Red Hat OpenStack Platform 17.1 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools (codename heat), which can be used to help deploy OpenStack.
Security Fix(es):
- tripleo-ansible: bind keys are world readable (CVE-2023-6725)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Banner text is not being displayed for overcloud hosts (BZ#2237000)
-
RHOSP16.2 to 17.1 upgrade: During Leapp uprade steps the network interface names are not preserved (BZ#2249024)
-
[FFU][DCN] ceph-ansible package is removed at the end of ceph adopt" stage during ceph upgrade (BZ#2249690)
-
[FFU] The Host System upgrade of HCI nodes fails on setting noout flags (BZ#2254036)
-
Config state files created during update run for tripleo ha services has unexpected file suffixes (BZ#2256780)
-
[OSP17.1] After upgrade to OSP16.2.6 Octavia Mgmt network amphoras having random MTU change: smaller MTU (1500) compared to orginal value 8950 (jumbo frames) (BZ#2257274)
-
multi-rhel-container-image-prepare.py for 16.2 to 17.1 upgrades returning wrong ceph image (BZ#2259286)
-
Upgrade [OSP16.2 -> OSP17.1] VMS stoped due to use Libvirt on RHEL-8 computes instead of LibvirtLegacy (BZ#2263916)
-
iptables on the undercloud not starting due to neutron rules (BZ#2272006)
-
[RHOSP 17.1] "ipmi/main" plugin read error in collectd container (BZ#2274010)
Enhancement(s):
- DCN - FFU 16.2 to 17.1.1 computes only (BZ#1900663)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat OpenStack | 17.1 | x86_64 |
Updated Packages
- openstack-tripleo-heat-templates-14.3.1-17.1.20231103010840.el9ost.src.rpm
- tripleo-ansible-3.3.1-17.1.20231101230831.el9ost.noarch.rpm
- tripleo-ansible-3.3.1-17.1.20231101230831.el9ost.src.rpm
- openstack-tripleo-heat-templates-14.3.1-17.1.20231103010840.el9ost.noarch.rpm
Fixes
- This content is not included.BZ - 1900663
- This content is not included.BZ - 2233300
- This content is not included.BZ - 2237000
- This content is not included.BZ - 2249024
- This content is not included.BZ - 2249273
- This content is not included.BZ - 2249690
- This content is not included.BZ - 2250940
- This content is not included.BZ - 2254036
- This content is not included.BZ - 2255114
- This content is not included.BZ - 2256780
- This content is not included.BZ - 2257274
- This content is not included.BZ - 2259286
- This content is not included.BZ - 2260304
- This content is not included.BZ - 2263226
- This content is not included.BZ - 2263916
- This content is not included.BZ - 2264884
- This content is not included.BZ - 2266206
- This content is not included.BZ - 2272006
- This content is not included.BZ - 2274010
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.