[RHSA-2013:1196-01] Important: Foreman security update

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Important: Foreman security update

Advisory ID: RHSA-2013:1196-01

Product: Red Hat OpenStack

Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1196.html

Issue date: 2013-09-03

CVE Names: CVE-2013-4180 CVE-2013-4182

=====================================================================

 

1. Summary:

 

Updated Foreman packages that fix two security issues are now available for

Red Hat OpenStack 3.0.

 

The Red Hat Security Response Team has rated this update as having

important security impact. Common Vulnerability Scoring System (CVSS) base

scores, which give detailed severity ratings, are available for each

vulnerability from the CVE links in the References section.

 

2. Relevant releases/architectures:

 

OpenStack 3 - noarch

 

3. Description:

 

The Foreman packages provide facilities for rapidly deploying Red Hat

OpenStack 3.0. These packages are provided as a Technology Preview. For

more information on the scope and nature of support for items marked as

Technology Preview, refer to

https://access.redhat.com/support/offerings/techpreview/

 

A flaw was found in the API where insufficient privilege checks were

conducted by the hosts controller, allowing any user with API access to

control any host. (CVE-2013-4182)

 

A denial of service flaw was found in Foreman in the way user input was

converted to a symbol. An authenticated user could create inputs that would

lead to excessive memory consumption. (CVE-2013-4180)

 

Red Hat would like to thank Daniel Lobato of CERN IT-PES-PS for reporting

CVE-2013-4182. The CVE-2013-4180 issue was discovered by Marek Hulán of the

Red Hat Foreman team.

 

Users of Foreman are advised to upgrade to these updated packages, which

correct these issues. In Red Hat OpenStack, Foreman runs on the Apache HTTP

Server using mod_passenger. As such, after installing the updated packages,

the httpd service must be restarted ("service httpd restart") for this

update to take effect.

 

4. Solution:

 

Before applying this update, make sure all previously released errata

relevant to your system have been applied.

 

This update is available via the Red Hat Network. Details on how to

use the Red Hat Network to apply this update are available at

https://access.redhat.com/site/articles/11258

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

989755 - CVE-2013-4180 Foreman: hosts_controller.rb power/ipmi_boot Symbol creation DoS

990374 - CVE-2013-4182 foreman: app/controllers/api/v1/hosts_controller.rb API privilege escalation

 

6. Package List:

 

OpenStack 3:

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/ruby193-foreman-1.1.10014-1.2.el6ost.src.rpm

 

noarch:

ruby193-foreman-1.1.10014-1.2.el6ost.noarch.rpm

ruby193-foreman-mysql-1.1.10014-1.2.el6ost.noarch.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://access.redhat.com/security/team/key/#package

 

7. References:

 

https://www.redhat.com/security/data/cve/CVE-2013-4180.html

https://www.redhat.com/security/data/cve/CVE-2013-4182.html

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/support/offerings/techpreview/

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://access.redhat.com/security/team/contact/

 

Copyright 2013 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFSJkm1XlSAg2UNWIIRAnt7AKCrMMY1ONechqDAvLFlLYZd7sGRpwCeNmfq

JT/3n85nTbAu4052iubYo8w=

=UrJy

-----END PGP SIGNATURE-----

 

 

--