Bug 1847024 - [OSP 13] os-brick patch for CVE-2020-10755
Summary: [OSP 13] os-brick patch for CVE-2020-10755
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-os-brick
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: z13
: 13.0 (Queens)
Assignee: Brian Rosmaita
QA Contact: Tzach Shefi
URL:
Whiteboard:
Depends On:
Blocks: 1842749
TreeView+ depends on / blocked
 
Reported: 2020-06-15 13:06 UTC by Brian Rosmaita
Modified: 2020-10-28 18:24 UTC (History)
10 users (show)

Fixed In Version: python-os-brick-2.3.9-4.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1847016
Environment:
Last Closed: 2020-10-28 18:23:50 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 733104 0 None MERGED Remove VxFlex OS credentials from connection_properties 2021-02-02 07:19:06 UTC
OpenStack gerrit 736749 0 None MERGED Fix "Remove VxFlex OS credentials" regression 2021-02-02 07:19:08 UTC
Red Hat Product Errata RHBA-2020:4388 0 None None None 2020-10-28 18:24:09 UTC

Description Brian Rosmaita 2020-06-15 13:06:08 UTC 
+++ This bug was initially created as a clone of Bug #1847016 +++

The fix for CVE-2020-10755 requires either a patched or updated os-brick release.

See https://access.redhat.com/security/cve/CVE-2020-10755 for details.

The upstream stable/queens branch is no longer released from, but it was patched with the fix as a courtesy.  Patch is https://review.opendev.org/733104
Comment 16 errata-xmlrpc 2020-10-28 18:23:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 13.0 director bug fix advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4388
Note You need to log in before you can comment on or make changes to this bug.