-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform (puppet-mysql) security update Advisory ID: RHSA-2022:7238-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:7238 Issue date: 2022-10-27 CVE Names: CVE-2022-3276 ===================================================================== 1. Summary: An update for puppet-mysql is now available for Red Hat OpenStack Platform 13.0 (Queens), 16.1 (Train), 16.2 (Train) and 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ELS - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch Red Hat OpenStack Platform 16.1 - noarch Red Hat OpenStack Platform 16.2 - noarch Red Hat OpenStack Platform 17.0 - noarch 3. Description: Installs, configures, and manages the MySQL service. Security Fix(es): * Command Injection in the puppetlabs-mysql module (CVE-2022-3276) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2132541 - CVE-2022-3276 Puppetlabs-mysql: Command Injection in the puppetlabs-mysql module 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.src.rpm noarch: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.src.rpm noarch: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.src.rpm noarch: puppet-mysql-5.2.2-0.20180216012143.a5497b2.el7ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.src.rpm noarch: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.src.rpm noarch: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.src.rpm noarch: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.src.rpm noarch: puppet-mysql-10.4.1-2.20221019195006.95f9b98.el8ost.noarch.rpm Red Hat OpenStack Platform 17.0: Source: puppet-mysql-10.6.1-0.20220614215045.937d044.el9ost.src.rpm noarch: puppet-mysql-10.6.1-0.20220614215045.937d044.el9ost.noarch.rpm Red Hat OpenStack Platform 17.0: Source: puppet-mysql-10.6.1-0.20220614215045.937d044.el9ost.src.rpm noarch: puppet-mysql-10.6.1-0.20220614215045.937d044.el9ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3276 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY1x5udzjgjWX9erEAQhfFQ//U9ZVbZoL0JCG1nHdL3bj2usicCZcSct4 0Vk4xpDC7ISLQyNzgfkAjA5T3o14NvZ2FO1C0PL3nj2mOyTfDgIQ5ByyK15Y+aZD ZaIWbNw3tWkmzIAhdUJtSp5bM0dRNdjyK4ElTLQXPw2MKYFDaIxzUd2Y+AHXkoo/ VKWeMn3rOb/ujKiMLferrcRoWQ8R+gVYAlIGA/18bgRLuiruxSJV9s6kjflzOTRq qOvQPV6KZYJ1nuPMWjV3kAVdWwo7ziWQBz5+Iaa3MkkPa2op2CIEOKUOM/1gYaWx S7ciOWhywJVbHTstSngqbEcgx49qthvjQjY7QqXLtPESw4olPDUI2MK61VzaugzH YkTxNC1OvOmEIdMZYb5fkYZIKcWp+bB6udzFXSfVVuRRAf17nRk6uctPAuvRODcl EdcsDDYquYX4i/xpdA1GZc9BpWOvom2SniaOL+wkWNEiG4wVZvj8Zw3ji5yBwLGQ Y4yLeLMI2ijLg31EGFvzMN7R0BSwz9IkRFzX8EjPunBptsa/TCi+93XD2Zc7H/mI wjhMkmO99RhCK0sBtwCJEfEHMKXpoOfFFGtsreJ9tMGyqDqbHmIOyUCaeUVZQ5AM 6aQHjDAnSQCQmU55Ud43NgaNJrZ+b09/BK5+l0ogtSuIRnQtLlTitmNVDH4gDg+q s8JKNeW2BY4= =QHo0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce