Bug 1847016 - [OSP 16] os-brick patch for CVE-2020-10755
Summary: [OSP 16] os-brick patch for CVE-2020-10755
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-os-brick
Version: 16.1 (Train)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z2
: 16.1 (Train on RHEL 8.2)
Assignee: Brian Rosmaita
QA Contact: Tzach Shefi
URL:
Whiteboard:
Depends On:
Blocks: 1842751
TreeView+ depends on / blocked
 
Reported: 2020-06-15 12:57 UTC by Brian Rosmaita
Modified: 2020-10-28 15:37 UTC (History)
10 users (show)

Fixed In Version: python-os-brick-2.10.4-0.20200624084657.12d252d.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1846478
: 1847021 1847024 (view as bug list)
Environment:
Last Closed: 2020-10-28 15:37:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 733100 0 None MERGED Remove VxFlex OS credentials from connection_properties 2020-10-26 15:28:30 UTC
OpenStack gerrit 736749 0 None MERGED Fix "Remove VxFlex OS credentials" regression 2020-10-26 15:28:30 UTC
Red Hat Product Errata RHEA-2020:4284 0 None None None 2020-10-28 15:37:55 UTC

Description Brian Rosmaita 2020-06-15 12:57:14 UTC 
The fix for CVE-2020-10755 requires either a patched or updated os-brick release.

See https://access.redhat.com/security/cve/CVE-2020-10755 for details.

This is fixed upstream for Train in os-brick release 2.10.3
Comment 5 Brian Rosmaita 2020-08-10 13:42:13 UTC 
Fix is available in upstream stable/train as commits 55fc99852166f72b95d85dc917197f5544861e7c and 12d252db9cb9deffea3c87b86ea71b3013d93892; also as os-brick release 2.10.4
Comment 13 errata-xmlrpc 2020-10-28 15:37:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4284
Note You need to log in before you can comment on or make changes to this bug.