Fuel for OpenStack

Vulnerable version OpenSSL 1.0.1e found (Cobbler)

Bug #1646772 reported by Adam Heczko
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
Low
Anton Chevychalov
Fuel for OpenStack 8.0-mu-4

Bug Description

Detailed bug description:

Steps to reproduce:
docker exec -it 9fc0eb1f2628 rpm -qa | grep openssl
openssl-1.0.1e-51.el7_2.5.x86_64
openssl-devel-1.0.1e-51.el7_2.5.x86_64
openssl-libs-1.0.1e-51.el7_2.5.x86_64

Expected results:
Update Cobbler Docker image with the most recent OpenSSL component.

Adam Heczko (aheczko-mirantis)
Changed in fuel:
assignee: nobody → MOS Maintenance (mos-maintenance)
Anton Chevychalov (achevychalov)
Changed in fuel:
assignee: MOS Maintenance (mos-maintenance) → Anton Chevychalov (achevychalov)
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to fuel-infra/jenkins-jobs (master)

Fix proposed to branch: master
Change author: Anton Chevychalov <email address hidden>
Review: https://review.fuel-infra.org/32745

Changed in fuel:
status: New → In Progress
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to fuel-infra/jenkins-jobs (master)

Reviewed: https://review.fuel-infra.org/32745
Submitter: Kirill Mashchenko <email address hidden>
Branch: master

Commit: af0efcd6a8941612606403e45e5e4a0865825a24
Author: Anton Chevychalov <email address hidden>
Date: Wed Apr 5 14:43:52 2017

Use fresh CentOS in docker

We have a number of security bugs that can be covered by
upgrading CentOS inside docker images.
That commit allows to use custom url to centos mirror.

Change-Id: Ic83832f419d799f6d2da4da8bb517890e8ca4c0f
Closes-Bug: #1646772

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-main (stable/8.0)

Fix proposed to branch: stable/8.0
Review: https://review.openstack.org/454110

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-main (stable/8.0)

Reviewed: https://review.openstack.org/454110
Committed: https://git.openstack.org/cgit/openstack/fuel-main/commit/?id=8df5bfb08c337daade19ba9baa92fd1aaf5332f6
Submitter: Jenkins
Branch: stable/8.0

commit 8df5bfb08c337daade19ba9baa92fd1aaf5332f6
Author: Anton Chevychalov <email address hidden>
Date: Thu Apr 6 14:19:11 2017 +0300

    Use fresh CentOS in docker

    We have a number of security bugs that can be covered by
    upgrading CentOS inside docker images.
    That commit removed preloaded centos images in favor to
    fresh one.

    Change-Id: Ic83832f419d799f6d2da4da8bb517890e8ca4c0f
    Closes-Bug: #1646772

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to fuel-main (stable/8.0)

Related fix proposed to branch: stable/8.0
Review: https://review.openstack.org/457699

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to fuel-infra/jenkins-jobs (master)

Related fix proposed to branch: master
Change author: Anton Chevychalov <email address hidden>
Review: https://review.fuel-infra.org/33238

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to fuel-main (stable/8.0)

Reviewed: https://review.openstack.org/457699
Committed: https://git.openstack.org/cgit/openstack/fuel-main/commit/?id=2ef4304931b62ead984bf003e1e8a7ecddc6f0c4
Submitter: Jenkins
Branch: stable/8.0

commit 2ef4304931b62ead984bf003e1e8a7ecddc6f0c4
Author: Anton Chevychalov <email address hidden>
Date: Tue Apr 18 18:45:47 2017 +0300

    Fix typo in make file

    There is a typo mistake in mirror logic.
    Related-Bug: #1646772

    Change-Id: I07e5f685f29ee7d6d240a5e4d6747374d0ec553b

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to fuel-infra/jenkins-jobs (master)

Related fix proposed to branch: master
Change author: Alexander Evseev <email address hidden>
Review: https://review.fuel-infra.org/33248

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix merged to fuel-infra/jenkins-jobs (master)

Reviewed: https://review.fuel-infra.org/33248
Submitter: Alexander Evseev <email address hidden>
Branch: master

Commit: af3138e5e5f7853cf686945ea35138cf09ba7454
Author: Alexander Evseev <email address hidden>
Date: Wed Apr 19 13:22:01 2017

[custom-ci] Use CentOS 7.3 for custom MOS 8.0 ISO

We have a number of security bugs that can be covered
by upgrading base CentOS

Change-Id: I3ca9f183b6a14ad7fbd9bdf06489548243c1ef6e
Related-Bug: #1646772

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix proposed to fuel-infra/jenkins-jobs (master)

Related fix proposed to branch: master
Change author: Alexander Evseev <email address hidden>
Review: https://review.fuel-infra.org/33272

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Related fix merged to fuel-infra/jenkins-jobs (master)

Reviewed: https://review.fuel-infra.org/33272
Submitter: Alexander Evseev <email address hidden>
Branch: master

Commit: ccc554431942c977d7b7aaca3f65a3b1f6e15a98
Author: Alexander Evseev <email address hidden>
Date: Wed Apr 19 13:55:10 2017

[custom-ci] Fix overriding CentOS version for MOS 8.0 ISO

Base job template contains incorrect parameters, so to properly override
CentOS version it's need to use a couple of parameters:

  -- CENTOS_VERSION=7.3.1611
  -- CENTOS_MIRROR_ID=latest

Also set MOS_CENTOS_ROOT because MOS 8.0 has `-fuel` in CentOS repo path.

Change-Id: I8cef083bf603a94ddbf3d85b2d8e9681bb1a14c5
Related-Bug: #1646772

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on fuel-infra/jenkins-jobs (master)

Change abandoned by Anton Chevychalov <email address hidden> on branch: master
Review: https://review.fuel-infra.org/33238
Reason: That job has been backported from mos9

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to fuel-main (stable/8.0)

Reviewed: https://review.openstack.org/458121
Committed: https://git.openstack.org/cgit/openstack/fuel-main/commit/?id=f633a0561ec3afaf2a927a4729b4a59c7baef759
Submitter: Jenkins
Branch: stable/8.0

commit f633a0561ec3afaf2a927a4729b4a59c7baef759
Author: Anton Chevychalov <email address hidden>
Date: Wed Apr 19 18:03:16 2017 +0300

    Add busybox to custom iso

    Fix regretion after Ic83832f419d799f6d2da4da8bb517890e8ca4c0f

    Change-Id: Ibe54de4111433343f8571ca4bbfe3e48d1fb6bd1
    Related-Bug: #1646772

Revision history for this message
Ekaterina Shutova (eshutova) wrote :

Verified for 8.0 mu4 updates.
Checked on custom iso fuel-8.0-custom-106-2017-04-20_09-11-41.iso.
Cobbler Docker image was updated with the most recent OpenSSL component.
[root@nailgun ~]# docker exec -it a34796bfd24e rpm -qa | grep openssl
openssl-libs-1.0.1e-60.el7_3.1.x86_64
openssl-1.0.1e-60.el7_3.1.x86_64
openssl-devel-1.0.1e-60.el7_3.1.x86_64

Changed in fuel:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.