Bug 1831544 (CVE-2020-10731) - CVE-2020-10731 openstack-tripleo-heat-templates: No sVirt protection for OSP16 VMs due to disabled SELinux
Summary: CVE-2020-10731 openstack-tripleo-heat-templates: No sVirt protection for OSP1...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-10731
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1831827 1850811 1851117 1861403
Blocks: 1822260
TreeView+ depends on / blocked
 
Reported: 2020-05-05 08:26 UTC by Dhananjay Arunesh
Modified: 2021-02-16 20:07 UTC (History)
34 users (show)

Fixed In Version: openstack-tripleo-heat-templates 11.3.2, openstack-tripleo-heat-templates 10.6.3
Clone Of:
Environment:
Last Closed: 2020-07-29 07:27:47 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3199 0 None None None 2020-07-29 07:18:14 UTC
Red Hat Product Errata RHSA-2020:3406 0 None None None 2020-08-11 13:21:24 UTC
Red Hat Product Errata RHSA-2020:3410 0 None None None 2020-08-11 13:22:49 UTC

Description Dhananjay Arunesh 2020-05-05 08:26:09 UTC 
The OSP16 'nova_libvirt' container that Red Hat ships has SELinux disabled.  This is the container where the libvirt daemon (`libvirtd`) runs; which in turn means, all OSP-16 VMs will have _no_ sVirt protection.
Comment 2 Dhananjay Arunesh 2020-05-05 08:42:01 UTC 
Acknowledgments:

Name: Lukas Bezdicka (Red Hat), Daniel Berrangé (Red Hat)
Comment 9 Nick Tait 2020-05-28 18:22:12 UTC 
External References:

https://bugs.launchpad.net/tripleo/+bug/1880947
Comment 29 Nick Tait 2020-07-28 14:19:39 UTC 
Created openstack-tripleo-heat-templates tracking bugs for this issue:

Affects: openstack-rdo [bug 1861403]
Comment 30 errata-xmlrpc 2020-07-29 07:18:11 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2020:3199 https://access.redhat.com/errata/RHSA-2020:3199
Comment 31 Product Security DevOps Team 2020-07-29 07:27:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-10731
Comment 35 errata-xmlrpc 2020-08-11 13:21:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.0 (Train)

Via RHSA-2020:3406 https://access.redhat.com/errata/RHSA-2020:3406
Comment 36 errata-xmlrpc 2020-08-11 13:22:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 15.0 (Stein)

Via RHSA-2020:3410 https://access.redhat.com/errata/RHSA-2020:3410
Note You need to log in before you can comment on or make changes to this bug.