-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: openstack-ironic-inspector security update Advisory ID: RHSA-2019:2505-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:2505 Issue date: 2019-08-15 CVE Names: CVE-2019-10141 ===================================================================== 1. Summary: An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 9.0 (Mitaka) director. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: OpenStack 9.0 Director for RHEL 7 - noarch 3. Description: ironic-inspector is an auxiliary service for discovering hardware properties for a node managed by Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduling from a bare metal node, given its power management credentials (e.g. IPMI address, user name and password). Security Fix(es): * openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data (CVE-2019-10141) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1711722 - CVE-2019-10141 openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data 6. Package List: OpenStack 9.0 Director for RHEL 7: Source: openstack-ironic-inspector-3.2.2-5.el7ost.src.rpm noarch: openstack-ironic-inspector-3.2.2-5.el7ost.noarch.rpm openstack-ironic-inspector-doc-3.2.2-5.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-10141 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXVVnRtzjgjWX9erEAQh6GxAAqAuCp6d5MybOv0qWBjsz4ZhXm4DLvZBG zQaaGleUXelObN5v6bbTxBYsBU706XMgjxfeLodrIzEWi3jszftEot2Khkl/7vsp lP/nYTA8dthsHpQk7ErHy6FG03WImpA0Sgve+bSpQuxa1PhVu43btySIjjmeSICG 0GIhCCxWPsfqrxzyKXyJQIx7xCg40ZowRErhjXDhIbgRuTlOH4roKt/ckwxmIYZ4 9VrZ5A7sRhQRjPZdkWnvDz8oC7ub4dzBoEhFdWP2YLyw3V4ZcJi1O4j5/Y41Twih uIfxfeNc/E/8dhjqfS/6Oc89GuuAVYx2P3XDlJskA3+CIpiG6L/IhYhU9YTYV8V/ X3s42HzZZ3fd4WMz20oHbSSv4/8rmQuuvSQzPNOiks67S7wqCN5asv+rhBVLm0qk q6aj23nmlLKqGWzJKi66bXRp0GZKNOJINJoD/1SrdGZiu+IEbOlSI6cVEVhOdCEy hEL+ki1McgUIlUre/v45WlHuGTvSAiTpFYHnjEm4EkXzbvGE8UADsnD694CO2Vfy uSKqOIxOIeffG1f9lP1ijDGiDVSurz4d4HwqpyLavVJE9dIvLO3mxa+8dZJ5eeE2 qklJeGi4WWcqCcfHt8TRGQBdm4ETVW6U/Xok8gZu7HaehZrzZjUjvpXfP9JeTtLW wkSVE9Dp724= =YneY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce