-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform (openstack-barbican) security update Advisory ID: RHSA-2022:6750-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:6750 Issue date: 2022-09-29 CVE Names: CVE-2022-3100 ===================================================================== 1. Summary: An update for openstack-barbican is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ELS - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch Red Hat OpenStack Platform 16.1 - noarch Red Hat OpenStack Platform 16.2 - noarch Red Hat OpenStack Platform 17.0 - noarch 3. Description: Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security Fix(es): * openstack-barbican: access policy bypass via query string injection (CVE-2022-3100) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2125404 - CVE-2022-3100 openstack-barbican: access policy bypass via query string injection 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: openstack-barbican-6.0.1-6.el7ost.src.rpm noarch: openstack-barbican-6.0.1-6.el7ost.noarch.rpm openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm python-barbican-6.0.1-6.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: openstack-barbican-6.0.1-6.el7ost.src.rpm noarch: openstack-barbican-6.0.1-6.el7ost.noarch.rpm openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm python-barbican-6.0.1-6.el7ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.src.rpm noarch: openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm openstack-barbican-api-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm openstack-barbican-common-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm openstack-barbican-keystone-listener-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm openstack-barbican-worker-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm python3-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.src.rpm noarch: openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm openstack-barbican-api-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm openstack-barbican-common-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm openstack-barbican-keystone-listener-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm openstack-barbican-worker-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm python3-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm Red Hat OpenStack Platform 17.0: Source: openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.src.rpm noarch: openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm openstack-barbican-api-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm openstack-barbican-common-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm openstack-barbican-keystone-listener-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm openstack-barbican-worker-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm python3-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3100 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzXonNzjgjWX9erEAQijjg/+OEM/R4tmChTm3BVnzZ/maaDNZTN1TbN7 3Endp4Auwtw4vVGA2lo3NtX3z6vudutV98XY1pSLGvuLKPGJANkGrnUmcSi21uZy WoviSBiX5j75xOrYVL6WDzeJuZj5s1UwsFniwmVvyv/v8xl6/0szU/0h2RgefjNZ b4HJo7Dp1TN8J0rsEbRqylyj6uPCBuBiWSh8vYe7ss91//8FFPxpPJgbJFCCOobP aMVroBEEzt7GKmRRo0/i+lKdRq6fEe9F/dOaAXX6sUeXKIIUQUrGNgu1HnDPzLgr qW3vHShj0i6sfArWSOdMK+iXNiuIJYGaM0ru/IMyHHDoDCZBuEDSXohFiYqW5Aun 77I+bshNxF3q71f+/o84huTlxUgzL+eavbFnMVJaLLPjLm81aHgB91QH9Navgz6t lXgflCk6jZhCsonDiTN2T0f/RbQLganawz8BXGzHyUSaVm+EEhMeU7UreiTl+3Do TBPB0YgZRaWTGcO7RRs5WAd9qn4NgPzTQF9mXNn92adzFZX5+j9eeafVhn/rhawT Tt7oCscqY8XyqhdlnoUaEgEGxTQmvKdUBLDeTwIcnXrfM4WOAist60aloU+J7CNX lCBuQBI2lg0kO4RgCfMgX+UC8xo2jU4Yr2TfnfE51dU+i96il36Nc+QO7AvDYfxJ 3GKpgch0aNs= =quq1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce