-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 13.0 (instack-undercloud) security update
Advisory ID:       RHSA-2022:8897-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8897
Issue date:        2022-12-08
CVE Names:         CVE-2022-3596
====================================================================
1. Summary:

An update for instack-undercloud is now available for Red Hat OpenStack
Platform 13 (Queens).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch

3. Description:

Installation tools to install an undercloud via instack

Security Fix(es):

* instack-undercloud: rsync leaks information to undercloud (CVE-2022-3596)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2136596 - CVE-2022-3596 instack-undercloud: rsync leaks information to undercloud

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:
instack-undercloud-8.4.9-13.el7ost.src.rpm

noarch:
instack-undercloud-8.4.9-13.el7ost.noarch.rpm

Red Hat OpenStack Platform 13.0 - ELS:

Source:
instack-undercloud-8.4.9-13.el7ost.src.rpm

noarch:
instack-undercloud-8.4.9-13.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3596
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY5ISGNzjgjWX9erEAQgJ/g//a152/V/cAQFCJuriVCOfT6hbz98Whjm9
zfBd2GiP1qafrvQD2r1roV+0acT+JUJE+Mvn5qKGD042qO0hkeCglbnYSSEB7/mz
GwLpp0VMdBHXhadIsOsXiFAD0Isaqa09Bgj8V1DHk9xHcglZn+UjO8Fl2uJB7US2
BFicLdX9TqU9csvz6p4plohw8LjcVfPQJlACcgoYQPNCnacavZXXuBgvAs1f1CUV
XgqEY+QMgBFKQ4KywPEoHXqf7frjyz+Lvww1UY//GZqNwmH8btWkdRZFjv6DuIWL
g93esk9eIa8Lh7JZWGj+P86iA75n+Z0ipHlbRloLANZD8hyNqq7mVQpHR8+wPcGf
Xnf95t2WDxVZB5EYl2cFQC1cdV4piHICWu+HkufJAk96Xjb+5VIPHN+kgattTk6+
Ag66l0rSq2O6OmExjZRT43r2d8c/LytaPht6bJ++m0XQoDgPgwNJpDKt93Xc+2Qb
Pa4KDHcti6em1V+iCha/AhD8e2sF01JBYwfhsLfy6u5X3piLevvSNXl+WBjdX3gY
RwJfJymlSBist3jcchwx4bAm2KI4yLhSPyHUNb6f0cvowNYXI310pEWbqGckFm3A
femaHmxn0MFropLVpjBb6472xzNJkbqinrSNonUm+kIs6qR3BqSRoQUdwb1n1QTO
ropRGjIs1FsPV
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce