-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 16.1.6 (tripleo-ansible) security update Advisory ID: RHSA-2021:2119-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2119 Issue date: 2021-05-26 CVE Names: CVE-2021-31918 ==================================================================== 1. Summary: An update for tripleo-ansible is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: Ansible project for TripleO. Security Fix(es): * ansible.log file is visible to unprivileged users (CVE-2021-31918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Changes to the tripleo-ansible component: This update prevents Relax and Recover (ReaR) from automatically creating an unrequested backup. Previously, ReaR automatically created the cron file /etc/cron.d/rear, which ran a backup at 1:30 AM. This update prevents the automatic creation of the cron job. (BZ#1919174) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1899404 - pacemaker and pcs shouldn't be required for ceph storage nodes 1905973 - LVM filter only runs if at least 1 item is passed in the Allowlist 1908266 - RHOSP 16.1 minor update fails because of release lock enforcement on Ceph nodes 1911891 - deployment takes a long time when being run manually on the undercloud with ansible-playbook 1916162 - tripleo-transfer can't transfer large databases 1917891 - Back up and Restore role failing to create a backup image 1919174 - Option to remove the self-installed ReaR cron task 1934379 - Ceph cluster is not healthy: auth entities with invalid capabilities 1949290 - cold migration and resize failing in nova-compute: ssh: Host key verification failed 1949398 - FFU tripleo-transfer role syncs a partial list of files creating an inconsistent database leading to mariadb segfaulting 1954250 - CVE-2021-31918 tripleo-ansible: ansible.log file is visible to unprivileged users 6. Package List: Red Hat OpenStack Platform 16.1: Source: tripleo-ansible-0.5.1-1.20210323173506.el8ost.src.rpm noarch: tripleo-ansible-0.5.1-1.20210323173506.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-31918 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYK40ztzjgjWX9erEAQgkEQ//RMjm4hGi/kYAkUy/oVw730x00J1tkClg A9dNrlbW7itiyHa3zZimwz2ASsPmNwKyUsUsBpnT4HCXRf9LB77RSGkMMtX0rNuH Jp/kSTN+deQFPvEbbwcmN+LKKjFTxQJmXpaGfX+TShkhCA8GV4u0Fr6HFG2xabEO 1JZ2r4D4upCQmSpE0XpEfKh93CbyCWa1/l9lmZBihnBNFtTxPVNQYtyoAoorGaK9 fBqdxZ+UfJp9SqApT8AnSEa394lU4wzw7qUMjTgBWNsRfHt5PlZgb14t4M0NZ2o1 HZ3W9q5vg7HQm8nbh7CZbn5eS2vAKautDnPIvvBjQguSCIS/NwfLY0Trcjf+kVUO IKcfBiJ1elSOiscZX91CGz3qLvUEI7/01ttV64cXn732Rs8JnNwXtIPpROCi4z3W xeQ+yVbCQU6Bpm+xe4yILkU9xT+R/SUMVj60V+ZRoGyV3PTEs4dsR1CKfNrQ/vE5 3Dr9It6VMwhVpBPKM8//se+4M1mLkaXBXZ1GcIOO6wx6hHAL/DWtwg5wSCwKt2/j PSCOA9YwafiKK5rDr7/HnBY4KJULyvCAqsnGl10ZKf5AiHFAW2uEm4c+/eE++TSF 72uzkz2WtrHXAfMFEdZO48iQu8lNOiffI6ldmlfa515zy4m11QdaE2ytgKnQdvzO HIG3sr2Ob/U=n/8E -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce