Red Hat Security Advisory 2022-8849-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.2.4 (Train).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (python-XStatic-Angular) security update  
Advisory ID:       RHSA-2022:8849-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8849  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-10768  
====================================================================  
1. Summary:

An update for python-XStatic-Angular is now available for Red Hat OpenStack  
Platform 16.2.4 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Angular JavaScript library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* Prototype pollution in merge function could result in code injection  
(CVE-2019-10768)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1813309 - CVE-2019-10768 AngularJS: Prototype pollution in merge function could result in code injection

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-XStatic-Angular-1.5.8.0-13.el8ost.src.rpm

noarch:  
XStatic-Angular-common-1.5.8.0-13.el8ost.noarch.rpm  
python3-XStatic-Angular-1.5.8.0-13.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10768  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpVdzjgjWX9erEAQhHKw//R+N/9lZBpBGHZo/FYTh/4l1u1L/m07bG  
wW/+z3D185zL4LZQQS//K2WpzMgZEgEV8GlvVJ8FG0Olw8urrZzervxI8r72xApD  
9Wx0TAFh8Sgf/t5qJvvt022jrXlOE9/+Y9EjYxoSWkbVmFUKUodeL4Me1H0oTpRY  
OzKtkRg/E7TNwQEllFpJgyFICUoUr21EyhreE7gSRga/2MqVNDwsWOiPhcxNZqB1  
Cz/yssJftzrUL3dbi9BbOsIelsMDAS9woSkZD7uS4xXdNmwcFxbxVazaX6L/XzuR  
HTETjmy2xxy/oO6eFj8/Ym/ZvjnCxkesaSigvUMFV5CMNqMEMWO4xZKdDXTuFY4X  
4iZFc4FTQKwRqd8bCosFEqUcinw3NmuByIU3MnPhSbaY0La+FsqbZ614K+wBxxlC  
NlBfUV5WkgYWP/Jd++I4vOWOLoxfabplRlvN84lperErtieX+YAMKZWgQpP0rEXd  
bfC9O3/N1sfA3wg4ZFf8KQPFPR9EAEaI3WPyqmrx7QX6wt+nO1n6HueiQ8G2hkfT  
RAkBCoPikgNk7mLBxFdicMX8mvawKoDGam3SByk8NLK6nS4TDogfmTKOhioaRL18  
e3JvzZ0Qyr3xHdnXwyOHpbZEL2lOCcgAOQIWxDbUj7EZul9Vu5jpFHtqYmPHmOEn  
YO5E1kZUxbE=KRoQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8849-01

Red Hat Security Advisory 2022-8852-01 - A fast multidimensional array facility for Python. Issues addressed include a null pointer vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (numpy) security update  
Advisory ID:       RHSA-2022:8852-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8852  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-41495  
====================================================================  
1. Summary:

An update for numpy is now available for Red Hat OpenStack Platform 16.2.4  
(Train) for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - ppc64le, x86_64

3. Description:

A fast multidimensional array facility for Python

Security Fix(es):

* NULL pointer dereference in numpy.sort in the PyArray_DescrNew() due  
to missing return-value validation (CVE-2021-41495)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2035037 - CVE-2021-41495 numpy: NULL pointer dereference in numpy.sort in in the PyArray_DescrNew() due to missing return-value validation

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

ppc64le:  
numpy-debugsource-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.ppc64le.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.ppc64le.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

Red Hat OpenStack Platform 16.2:

Source:  
numpy-1.17.0-11.el8ost.src.rpm

x86_64:  
numpy-debugsource-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-debuginfo-1.17.0-11.el8ost.x86_64.rpm  
python3-numpy-f2py-1.17.0-11.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-41495  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpYNzjgjWX9erEAQhgfg//f83LbU6ItAgUp+zoZFPPbzSk47S195bN  
43EB3UOSd4Sf+JCtClkeGgzS05ogVF/7aEuQkpUDAMYplJrv6gxBEy1NKbW3vLOI  
/H/Zh3baeXBA9SwT57kah/iLyao4T1QvuIWQXaJRnmtNGftZWHTsldsiBQpCn+/j  
JEZx6edutX1I8U2+j4arfd2RqPWG/RnXSEBsuutoTqFz4rLI8igC+lHf9k8EiJe8  
N/5h39IUBIveahOj3zV64p4hdatQ3MMjl7cTIgeapnoigSRSPsQmX+5pQ2DPlNlu  
5ObBwCsSAmEy2cygPAq2E7/BglaYey3gxUrjPaUSUsX3FmVFaDh+sKzgnr1jS5oq  
eX+hToVOehvoDktDJs17Drv+H0xvZwYKZueACEk9oY0zWfl4PShxZqEb9Zj/G4ay  
TAoAc8+hAXE51X+INfpfMVvP5pB8y7Yk40+AWfhfojiTl34FsafG3PM8kGhhodr9  
p3HYLVVb4UhGgSTIJ+CCz4jhZrmBMYRu4R+kL4p7itZwDUVEs9eScIdHZgrHV4C9  
J9BapgqnjNq7wkrkdJFgfVh9E3lCQsOD1mHNDBcEh2PMeiZQLR294PYqspDfYmqd  
IAKuP4bz4L28euC0fsHzt6xG+Iya5UqjbkFfrGyqgNo3J0rS9YyTcGsFxtc+bYZi  
FD+LO1bgUAQ=7igt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8852-01

Red Hat Security Advisory 2022-8873-01 - An update for python-oslo-utils is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-oslo-utils) security update  
Advisory ID:       RHSA-2022:8873-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8873  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-0718  
====================================================================  
1. Summary:

An update for python-oslo-utils is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

The OpenStack Oslo Utility library.

Security Fix(es):

* incorrect password masking in debug output (CVE-2022-0718)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2056850 - CVE-2022-0718 python-oslo-utils: incorrect password masking in debug output

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
python-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.src.rpm

noarch:  
python-oslo-utils-lang-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm  
python3-oslo-utils-3.41.6-1.20220426095230.f4deaad.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0718  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpmtzjgjWX9erEAQgS3Q//RqYOosziJEn6E8s0Vk7RSiHHbDGrdAYy  
CeJjTvb/4rGYW91Mr6zhuRkAgmjVOPHHcNAx18fBmig8W0yb4phF21I5IbaOezjv  
mp4r9MD7XKxtu1SPbwscIyne0HTzMKH1rtTQXRPgXxARefrANNIdsdBrH/u1c1Uo  
hL5G/ohmfu9hNWSV/2vAqKZMneIQOLWVeogmS2lVyynHwUZDluJSDbP52r7DcJ/Q  
vcyqhuzbRUBODv3s361v8TmZ1KAsypbxfs30jXRgthMx0Pz43IZ9XvoGFEhvyGSx  
lWllxT47flsDOuUulCqCvRe8TcTFRvzOQ6f6Y+YcxJZDuR3SfdjQbizySaNlglSq  
NNY8Y6AqEmZj9CGx4FkZ+OLp8IZ2D6dNRF04ILiMPoKkYS/hGe/qSU0krJ+uS9UF  
yF97rSZe7TduSVu5erE/sXVQiAHqUt/Nz/LCuRe+f8MclHaHx8KHTEs6x4fluIvD  
PlRseR2oN7ePWiTBgbQ3XMPh6wNhKsm0y1oaNK7E2dUo2qa8aQO2ziqNMZPrOJsv  
O6jc5OZes6R4XvoXCqmVPURMOdmeQJ16V7Fp1QDUWVNLvZupQFxy/RwmYPkLV4Fv  
0Ywg6QbxNHPnLBsBlW+0TeTsgLCYxICrSbUNp3duWplCWcBqKZOoXtMFfzJrD3PS  
5Jyxu/2yRRY=qIcJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8873-01

Red Hat Security Advisory 2022-8866-01 - An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-XStatic-Angular) security update  
Advisory ID:       RHSA-2022:8866-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8866  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-10768  
====================================================================  
1. Summary:

An update for python-XStatic-Angular is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Angular JavaScript library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* Prototype pollution in merge function could result in code injection  
(CVE-2019-10768)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1813309 - CVE-2019-10768 AngularJS: Prototype pollution in merge function could result in code injection

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-XStatic-Angular-1.5.8.0-13.el8ost.src.rpm

noarch:  
XStatic-Angular-common-1.5.8.0-13.el8ost.noarch.rpm  
python3-XStatic-Angular-1.5.8.0-13.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-10768  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpatzjgjWX9erEAQhl+w/5AfKkbI34bXXE7yfPixf+GvcfYai7s7Ku  
3PBTymbKFdIla+c5zJfv5xux0YRYcqRt7tSlHHbybEEWxtrFXS9H8QSMW9q8h7QH  
B32AsI3ooAKyrTTZqWDXyri77Z2WeNGXbyTc/2OTbNJANNZjAE5OmP2YtrInh0I9  
y0Dds9U1gWJMFqO6mKamISJz6V+k7bmaaFeSHwZ59LfwIW5HD8OXM7yLsxgWyb4d  
AxUSHugrRHgmjjoAwfylYlT+VPRgL9TvAa9/kuQgrGzq4Iy3bgtO3tkoJihweM/Y  
BjxthGzwXBBA6MKHiwCqujm0GwtkfaBKMGNNJOVeY5BkqEYJOOyjN6y9kE/cYZ1K  
zxvqotXYrhvx8RzQUNhaqpjreTa4AadLvGMdBEqMunAlXdUF9n3841lcfs0/daD3  
I+N2YhPQHQ1ltusqp+50QIMf8EIAzptCQ4btMYhIRLdYYd7LwujcalqX5q4gC6is  
lngsTlZ/HwQai5UJ//BozTTWegW5zeBEcqFdqsS7D4WQM/bn5o1eR6shBIzxsAhA  
X3cpMk4vJ7E+nS+1wYVUEkmJZ26oZ4evCNYYpNu9FHtsUpN25IiM3qC5iw4GFIcZ  
/zLmVLXAt/YN/4zDuu5I9fQD/MkaMoGnYppPkMXxja2ducJNuPnZiO0n2Qi2XbwB  
qu4qTT4UppI=vX3U  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8866-01

Red Hat Security Advisory 2022-8865-01 - An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Issues addressed include a cross site scripting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack 16.1.9 (python-XStatic-Bootstrap-SCSS) security update  
Advisory ID:       RHSA-2022:8865-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8865  
Issue date:        2022-12-07  
CVE Names:         CVE-2019-8331  
====================================================================  
1. Summary:

An update for python-XStatic-Bootstrap-SCSS is now available for Red Hat  
OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Bootstrap style library packaged for setuptools (easy_install) / pip.

Security Fix(es):

* XSS in the tooltip or popover data-template attribute (CVE-2019-8331)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-XStatic-Bootstrap-SCSS-3.4.1.0-2.el8ost.src.rpm

noarch:  
python3-XStatic-Bootstrap-SCSS-3.4.1.0-2.el8ost.noarch.rpm  
xstatic-bootstrap-scss-common-3.4.1.0-2.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-8331  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpdtzjgjWX9erEAQi+PQ//WgtiRPFZgWZEJYXEuv1aa6qZ1aeDOuHp  
5r8DVEov/APq+k0y1Hu9KQts7ruvUSwWtXwiCmldhEGcTdrs53PnuuykZqG2hKcT  
IzRj7Cat55yIs6hWFNUT6Whj+6LUEZd3kLfz9xqaYhNTJrIEtUAKxXoPjjd97DAQ  
j1OpfOGJKvdQyJ469RBOWbVeWaKCnFbJSkotlbW3OkhA4Qm8hbxvf8DCC1ysqXr3  
eN9lLabMpO69iHX9EUzGaSe73s+Yh/bT+Z/kN9fksAPC5uFRbEKwLS3Z0uONQbXm  
dtWbSiZRTLNZj3oSZg4FYIz8GJEFIZhPG7nP/pIoN0Pm2z0cwxbk+KxCdphsI05N  
k0vJst5aMX4AxvR1tocBDK5uwAQtfGgaitw/xIVw+63NtRMpmwqpva645i9pOpzC  
Fr9aCGJRZfpDt2AtMaKweCnuUBsPu3RaJWy786qGOAZ8W7WOqJL51nzJrUqCpvSB  
JVTEUYrwoCImeodmtl9OtpmTDUp7GKhrpdf0Jvugmau7H+J++SwA5CQE8BWw/JTm  
gs04sOX7ObmjqSBew6b1UbBMqqqMLSpBlAP6UoPYeQWjcK8ZMtiNVf2XhDb+KLc2  
0T4WGH0a6iT3v9NVromgDjFEXcKrw3mZ9QdUkzCSzAQDpO48Unw+Lf9IXPQCHRRA  
zJike7DwksY=ICYc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8865-01

Red Hat Security Advisory 2022-8864-01 - UltraJSON is an ultra fast JSON encoder and decoder. Issues addressed include a double free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (python-ujson) security update  
Advisory ID:       RHSA-2022:8864-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8864  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-31116 CVE-2022-31117  
====================================================================  
1. Summary:

An update for python-ujson is now available for Red Hat OpenStack Platform  
16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

UltraJSON is an ultra fast JSON encoder and decoder

Security Fix(es):

* improper decoding of escaped surrogate characters may lead to string  
corruption key confusion or value overwriting (CVE-2022-31116)

* Potential double free of buffer during string decoding (CVE-2022-31117)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104739 - CVE-2022-31117 python-ujson: Potential double free of buffer during string decoding  
2104740 - CVE-2022-31116 python-ujson: improper decoding of escaped surrogate characters may lead to string corruption, key confusion or value overwriting

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
python-ujson-2.0.3-3.el8ost.src.rpm

ppc64le:  
python-ujson-debugsource-2.0.3-3.el8ost.ppc64le.rpm  
python3-ujson-2.0.3-3.el8ost.ppc64le.rpm  
python3-ujson-debuginfo-2.0.3-3.el8ost.ppc64le.rpm

x86_64:  
python-ujson-debugsource-2.0.3-3.el8ost.x86_64.rpm  
python3-ujson-2.0.3-3.el8ost.x86_64.rpm  
python3-ujson-debuginfo-2.0.3-3.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-31116  
https://access.redhat.com/security/cve/CVE-2022-31117  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpmNzjgjWX9erEAQhZfQ/+IhYH6eqe+ywktC+Y63UbIW62u+lB3vlZ  
XUHQnxrfTfdrFs5NzaAWRpEq09NAa+BTqaveN4s9UwL7GHkBCjVcUaefV6jW1ZNf  
kee52203dPdPfQhkC048p+g9tfb4rIZmGkh/bK13z/T7cD5GhEDbI1600hYGP2YB  
YhmyzU3J+dGhm7RzgSCmpvXTE7A0Aw0glXq3gGHTG9za2970TeS64QFo/x7IrI54  
ZjuL8O6zZS/nQbx7PpE60i/unjlMHqlAs1VjF5a4JsMrvE+cGr2DW2OL6Bs8a7yH  
hVSLDIsG/hqUrmIlk0uvhzf1YX+sRRBvfI1883Pv26/NMXBAcie/yTn/VFRnnCzq  
dsEzWG1BPc14x+ZTvDNd/UtJvEJQ01p8du9x6iOLXtdZI5GvvmSAqRime9TsObFc  
GYVmPfhMIaA+Gqw9GUDk1eunRMPwtSxO5fnwaXZQ8Mpmdst/bYMFqe5KQvWINbqW  
uTC7pvv18H0PI2kNfJMYbImSCGCOaT3SW6mC+RNtKdIVJN4xzlwNkH9Q/P37/CdU  
lQDPal/FJgIDT7JDOuYJPF9Ln4DpGc+EjL9DekKpDQytQxVH7DONgAeZMmi99r4l  
unWj9QI6H/Nar0UHEyv4UExvJrInVl17McZ+V6gAvzM86ePqkf6xiESzoXGwAQBa  
ZQt1OY6ucVg¦iB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8864-01

Red Hat Security Advisory 2022-8853-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4. Issues addressed include cross site scripting and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (python-django20) security update  
Advisory ID:       RHSA-2022:8853-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8853  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-22818 CVE-2022-23833  
====================================================================  
1. Summary:

An update for python-django20 is now available for Red Hat OpenStack  
Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Security Fix(es):

* Possible XSS via '{% debug %}' template tag (CVE-2022-22818)

* Denial of service possibility in file uploads (CVE-2022-23833)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag  
2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
python-django20-2.0.13-18.el8ost.src.rpm

noarch:  
python3-django20-2.0.13-18.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-22818  
https://access.redhat.com/security/cve/CVE-2022-23833  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpY9zjgjWX9erEAQj1thAApODPOfrstOl0YkXLW8QcfS6do+Yx3SzB  
e0FtoGW3L1rRLjSXj4vNNK6Xa81zgx+BMns7uMpntqvScBGOpB8bbRdJOwizQcVc  
bJDpIZTccCg2L6J1G2XaFyMsHR82OmPc3AZtXpmx9hg81AQJ6R2nhpTYWUJA4Lkm  
OUZRlkOP1CP9CaJawGct4lNWo3ZJZ69XgJ78+ltkLBn1IXWtfrn8bDFtiGnZ7N7Y  
Qa50Ggqq+cYL2mHW0fDUsdgbgNYpmrfF1qlF/0B9HASQC1xx0fxc0S125vmU8yja  
ILOC+bwpDOBSnDKv/IKnAKt5Zb80ojUC519s8SPVHrZF/71DlZid0ly+pL9YWNAL  
hpziugB224Fp3GYEWlvzzoBz/C0XDFV/A3nSUnJ8CuP7QisxI1Jt068jvTlDdPjI  
Sv4uJE7u/eG/ME9SY74rfevznkrh0iLDOdAvPgS/4ScD4RoTZPFnH7/sn3d92mGC  
77yF0ZCxJe1iNCaCvHPRGuQ1aCfxEUhLRSAPO4wdd5TTMPGc2fFcYIYlgyoqQ2Z0  
KjKfL5cX4lUCDWKZ1fSbr2BxeNBpOt/udM3bRLRjEJsEVGh15CC7b/J+fyXuL1tq  
nBxhqzqTo3+ZtZTsGSchsZa/0kUNNJ9okGT2sm++YVKyuKRIU9KbVUiMLh6sRdMF  
wLUsVkAfhUQ=aJ8/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8853-01

Red Hat Security Advisory 2022-8847-01 - An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (protobuf) security update  
Advisory ID:       RHSA-2022:8847-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8847  
Issue date:        2022-12-07  
CVE Names:         CVE-2021-22570   
=====================================================================

1. Summary:

An update for protobuf is now available for Red Hat OpenStack Platform  
16.2.4 (Train).  
Red Hat Product Security has rated this update as having a security impact  
of Moderate.  
A Common Vulnerability Scoring System (CVSS) base score, which gives a  
detailed severity rating,  
is available for each vulnerability from the CVE link(s) in the References  
section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Protocol Buffers are a way of encoding structured data in an efficient  
yet extensible format. Google uses Protocol Buffers for almost all of  
its internal RPC protocols and file formats.

Protocol buffers are a flexible, efficient, automated mechanism for  
serializing structured data – think XML, but smaller, faster, and  
simpler. You define how you want your data to be structured once, then  
you can use special generated source code to easily write and read  
your structured data to and from a variety of data streams and using a  
variety of languages. You can even update your data structure without  
breaking deployed programs that are compiled against the old format. This  
package contains Protocol Buffers compiler for all programming  
languages and C++ headers and Static libraries for Protocol Buffers built  
with optimize_for = LITE_RUNTIME.

Security Fix(es):

* Incorrect parsing of nullchar in the proto symbol leads to Nullptr  
dereference (CVE-2021-22570)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:  
https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
protobuf-3.6.1-6.el8ost.src.rpm

noarch:  
python3-protobuf-3.6.1-6.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
protobuf-3.6.1-6.el8ost.src.rpm

noarch:  
python3-protobuf-3.6.1-6.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-22570  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpWNzjgjWX9erEAQj74hAAn8C33fY+jEtfS5EsOVSEbyw1OPxyfEfz  
kvBFwTG+R+9rd/pvLUr6+pKsPyASiBiO3ddm9GY++IePXxjwMn7bvOe4H9QqgP23  
5DhDrdWW8Oqv+wrOV7BAs13nCIGZTSof3NJ17SjUk6Wxex/Ne71Y0GEDhzqv3hXR  
WuGJ8tMWBftny9EdnQgLh4O0TC5Y1FBcIXL+ftwaKPCrs3QF+GwXmKYsiq4h0KGi  
98jDfKpP7EMF1ZojBzhIjc60wQUIbLiJKLx8bcsG13bPvxGiRyxRYHueHCJoWhcN  
amNRVdj+xUWYPPolRw5i1pZmPjIlbjwaL299MGeK1SfJ51eQYYzlKHBLKk2OfnE6  
AsONiGJKWICU6tx7ZcrW3p4skgNvGVd6WKAANWv7KWOdQy3OQ3m9ivG0qCxp3EyA  
nTjiWoX1+crMAcvtnqZ/Z9op9TLqL0eyhcgCpOIMZKFVy9NoKMmR7qpsx5lBBVTr  
82paMUhkzqNrHREeswMhxq3Q0zD3fZrjCR1Pl/+rYKVfjkX0ht2KFBjDEGUqH+uG  
N+z5H9kL3lP9W/lCwiIMbgUnvoqmrLFBqq5uXJSle6vmPF5ZthoQaUEsQUtqxKVM  
i7jmBmPOoOGYu1iLlu47fYUSgRMI+JjeXDz8bOOg42FJSYMcvfuzNGkEcTX0A9Me  
+GEDO6GfPBQ=  
=DSkQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8847-01

Red Hat Security Advisory 2022-8870-01 - An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.1.9 (openstack-neutron) security update  
Advisory ID:       RHSA-2022:8870-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8870  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-3277  
====================================================================  
1. Summary:

An update for openstack-neutron is now available for Red Hat OpenStack  
Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

OpenStack Networking (neutron) is a virtual network service for OpenStack.  
Just as OpenStack Compute (nova) provides an API to dynamically request and  
configure virtual servers, OpenStack Networking provides an API to  
dynamically request and configure virtual networks. These networks connect  
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute  
VMs).  The OpenStack Networking API supports extensions to provide advanced  
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Security Fix(es):

* unrestricted creation of security groups (CVE-2022-3277)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2015531 - Nova evacuate fails due to timeout waiting for a network-vif-plugged event for instance  
2023242 - MAC address validation passes on invalid MAC addresses (dropped hex digits) [osp-16.1]  
2024692 - [RFE][OVS] QoS policies implementation with HW offload when OVS metering is not offloaded (max BW, egress)  
2035302 - Concurrent bulk requests make neutron-server use 100% CPU on all the workers  
2041346 - [RHOSP 16.1] set the log priority to log.info in "ensure_device_is_ready" function in ip_lib.py  
2055294 - Allow RBAC on Neutron quotas  
2070629 - Since implementation of uplink_status_propagation, default behavior changed for VF link propagation from auto to disabled  
2077016 - [OSP16.1] HA L3 router/keepalived stability issues (ML2/OVS)  
2078266 - [RCA][OSP16.1] Neutron HA qrouter namespace disappeared and router in inconsistent state in DB  
2129193 - CVE-2022-3277 openstack-neutron: unrestricted creation of security groups  
2129712 - [PerfCI][OVS][16.1] create_and_list_networks scenario fails SLA since puddle  RHOS-16.1-RHEL-8-20220804.n.1

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
openstack-neutron-15.2.1-1.20221005123225.40d217c.el8ost.src.rpm

noarch:  
openstack-neutron-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-common-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-linuxbridge-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-macvtap-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-metering-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-ml2-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-openvswitch-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-rpc-server-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
openstack-neutron-sriov-nic-agent-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm  
python3-neutron-15.2.1-1.20221005123225.40d217c.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3277  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpjdzjgjWX9erEAQjl4A//RH87p4PcUa3+8Ssgyi5t7G4fA/a+8bEt  
9ku3jhhSLao7fsgPYX9Ab8v+OjmuX6yYPb3APV4GhG84mMvoqNgQZahFT1mprIIj  
re453zVNVhLCLhS8GMW/Ve4IPBFK6IByLi1SsPMFuQNP/1wCPyxeulbgDbQjrHP2  
dgniOR6dZ9e1jXAdv3wngGZreVfy9g9V6K2gy2SykV2cQ2H7b9VbkeSlymB399Bi  
hNoVRoippZiMerDMJ5Cy28qHqtr94tHC0vrATGgy/Y9QmlQDyxaSFT4PRGWZ9t/b  
07z8nqoqO5J+RMEG2D39RzgEoWkHrqPuN5XHPGtTV9/pZSTIuBz7cY48vNRXjtqL  
41jRA6zQSKsG+YTaWNVdjsTY3Qov+DFlH2E4VlkvUOJn6TK9/s8Ivpygbf2gXrpe  
qTNBNC4pBY32pIWuOxEfvEYlacmF75Jzd0WvvbAEp8FlaxzLkc/f738HMPZHjpEQ  
48XgizmDJ7mQblmaQj6F6Bhb3aR2yDwkuCZ8lsLSUO/wifXynZ9HSZGglyVbj47m  
GphysvBLy69AlTHCUAuqlITLn9Eaa/EyLk7F78nbInbzGY6f8zVklUfT5ykwJv08  
7O7OC63X5jL/Wbvhhe9DxX4/gU9zrGOAnfu22pRv6/CsBarcotUhkctUZLsMmgQV  
vCjurW8QquE=CZ0M  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8870-01

Red Hat Security Advisory 2022-8855-01 - OpenStack Networking is a virtual network service for OpenStack. Just as OpenStack Compute provides an API to dynamically request and configure virtual servers, OpenStack Networking provides an API to dynamically request and configure virtual networks. These networks connect 'interfaces' from other OpenStack services. The OpenStack Networking API supports extensions to provide advanced network capabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenStack Platform 16.2.4 (openstack-neutron) security update  
Advisory ID:       RHSA-2022:8855-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8855  
Issue date:        2022-12-07  
CVE Names:         CVE-2022-3277  
====================================================================  
1. Summary:

An update for openstack-neutron is now available for Red Hat OpenStack  
Platform 16.2.4 (Train) for Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

OpenStack Networking (neutron) is a virtual network service for OpenStack.  
Just as OpenStack Compute (nova) provides an API to dynamically request and  
configure virtual servers, OpenStack Networking provides an API to  
dynamically request and configure virtual networks. These networks connect  
'interfaces' from other OpenStack services (e.g. virtual NICs from Compute  
VMs). The OpenStack Networking API supports extensions to provide advanced  
network capabilities (e.g. QoS, ACLs, network monitoring, etc.)

Security Fix(es):

* unrestricted creation of security groups (CVE-2022-3277)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2097444 - OVS minimum bandwidth is not cleaned when network policy is removed from port  
2102147 - [RHOSP16.2.1] Incorrect port count in horizon overview page  
2107602 - neutron revision_number does not bump on network update  
2129193 - CVE-2022-3277 openstack-neutron: unrestricted creation of security groups  
2135922 - Nova evacuate fails due to timeout waiting for a network-vif-plugged event for instance

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
openstack-neutron-15.3.5-2.20221005184727.c81fb5b.el8ost.src.rpm

noarch:  
openstack-neutron-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-common-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-linuxbridge-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-macvtap-agent-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-metering-agent-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-ml2-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-openvswitch-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-rpc-server-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
openstack-neutron-sriov-nic-agent-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm  
python3-neutron-15.3.5-2.20221005184727.c81fb5b.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3277  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5FpedzjgjWX9erEAQixsQ//cexa5tqkrcCgUH/1SAac7uLHuHfSF5td  
Hs4yJsc/NjRtvJadvBLA66BXgLmMQodN491hbE8Q+Mh6pzIYaf6HziisScLn1FjU  
dnJQFO0CXjV5p6v7DV6ewkGq0P7ZOctUhOeqV3hJxbUCqcSQzXMQmR2jswM1kfJI  
AMmo6FBDE8JHW7AyIDtnyfbQ0/LVT5y/wufvWUd2FTRLLslD7naSinRUaSfGNTAl  
woyxY52kGdEATJVSoNgAHLDOwao2L60Dxvx7c9nkKQ3nRzzzo9o30lJRW6ds91cv  
zzwwRQ16HDCgWaLJLPL6JEDM4kMpASjevjYA9u8SqK82I4hgpXA0udgtAMxmPI9j  
iKW1jSbiLMIM/wnqejw1bgKPCx+GUcVYgEiKxbBnVsxTMC2ZCa0P86C5XDEV1rmC  
GJHsClPbM5MLXueRE1dbJKWBgsmZFoMpcfztKpucoyVN+2/FFxMp95oA/AoYPTBn  
1xUzMTfV3VPS+NiWESp4S+q6Fyxf02cJUqX1WLAkzDDqUr+XfDRUIdxY1RfjCJ+e  
DKnqonSascxxhr+p4siuEApLq0DaLW0Nt/oXZZK9vKYPe5xM+ybegKybXineNgJu  
GbeUh/CLUQNDwd+9F1mjxhsIlqYbkCmwHhnjwpspudE2NWJPnbEH43qlyzCj07g9  
ROQNtYlFJgM=1W9J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#js