SUSE-SU-2023:0071-1: moderate: Security update for openstack-barbican
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jan 11 20:21:37 UTC 2023
SUSE Security Update: Security update for openstack-barbican
______________________________________________________________________________
Announcement ID: SUSE-SU-2023:0071-1
Rating: moderate
References: #1203873
Cross-References: CVE-2022-3100
CVSS scores:
CVE-2022-3100 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Affected Products:
HPE Helion Openstack 8
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openstack-barbican contains the following fix:
Security fix included on this update:
openstack-barbican:
- CVE-2022-3100: Fixed an access policy bypass via query string injection
(bsc#1203873).
Update for openstack-barbican:
- Add patch for CVE-2022-3100 to address access policy bypass via query
string injection. (bsc#1203873, CVE-2022-3100)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-71=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2023-71=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2023-71=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
openstack-barbican-5.0.2~dev3-3.17.2
openstack-barbican-api-5.0.2~dev3-3.17.2
openstack-barbican-doc-5.0.2~dev3-3.17.2
openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2
openstack-barbican-retry-5.0.2~dev3-3.17.2
openstack-barbican-worker-5.0.2~dev3-3.17.2
python-barbican-5.0.2~dev3-3.17.2
- SUSE OpenStack Cloud 8 (noarch):
openstack-barbican-5.0.2~dev3-3.17.2
openstack-barbican-api-5.0.2~dev3-3.17.2
openstack-barbican-doc-5.0.2~dev3-3.17.2
openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2
openstack-barbican-retry-5.0.2~dev3-3.17.2
openstack-barbican-worker-5.0.2~dev3-3.17.2
python-barbican-5.0.2~dev3-3.17.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.43.2
- HPE Helion Openstack 8 (noarch):
openstack-barbican-5.0.2~dev3-3.17.2
openstack-barbican-api-5.0.2~dev3-3.17.2
openstack-barbican-doc-5.0.2~dev3-3.17.2
openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2
openstack-barbican-retry-5.0.2~dev3-3.17.2
openstack-barbican-worker-5.0.2~dev3-3.17.2
python-barbican-5.0.2~dev3-3.17.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.43.2
References:
https://www.suse.com/security/cve/CVE-2022-3100.html
https://bugzilla.suse.com/1203873
More information about the sle-security-updates
mailing list