{"id":"RHBA-2019:0448","summary":"Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 13.0 director Bug Fix Advisory","modified":"2026-02-21T10:02:33Z","published":"2024-09-13T15:08:01Z","upstream":["CVE-2018-16849"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0448"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/release_notes/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513956"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1520323"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565288"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1571592"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577976"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1594019"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597666"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1598146"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1600449"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1600865"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601673"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607536"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609333"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1611960"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1613576"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1613601"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1615763"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622182"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622655"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1623123"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1624335"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1624441"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1634390"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1636496"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1639203"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1639964"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643423"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1643992"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646907"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1648348"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1650576"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1651554"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1651697"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1652209"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1653970"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656065"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656069"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656540"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656617"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656690"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1657571"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658195"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659077"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1659596"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663495"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1664005"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1664429"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665156"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666675"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667450"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668157"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668500"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668774"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669597"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669603"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669622"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669623"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669625"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669637"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669638"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1669671"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670207"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670240"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670532"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672530"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1673713"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1674933"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1675069"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1676310"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1676563"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1676693"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677166"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1677515"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678235"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1682911"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1684663"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhba-2019_0448.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-16849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645334"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-16849"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16849"}],"affected":[{"package":{"name":"instack-undercloud","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/instack-undercloud"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.6-6.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-all","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-all"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-api","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-api"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-common","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-engine","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-event-engine","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-event-engine"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-mistral-executor","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-mistral-executor"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-common","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.6-16.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-common-container-base","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-common-container-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.6-16.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-common-containers","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-common-containers"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.6-16.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-common-devtools","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-common-devtools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.6.6-16.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-heat-templates","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-heat-templates"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.0-6.1.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-image-elements","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-image-elements"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.1-3.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-puppet-elements","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-puppet-elements"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.1-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-ui","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.2-3.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"openstack-tripleo-validations","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/openstack-tripleo-validations"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.4-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"os-net-config","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/os-net-config"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.3-6.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"os-refresh-config","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/os-refresh-config"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.1-0.20180918214345.4703b54.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-cinder","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-cinder"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.1-3.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-keystone","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.0-4.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-manila","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-manila"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.5.0-3.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-neutron","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-neutron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.1-4.ed05e01git.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-nova","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-nova"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.0-16.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-octavia","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-octavia"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.0-8.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-opendaylight","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-opendaylight"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.2-5.9126c8dgit.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-ovn","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-ovn"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.0-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-pacemaker","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-pacemaker"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.7.2-0.20180423212257.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-swift","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-swift"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:12.4.0-4.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"puppet-tripleo","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/puppet-tripleo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.3.6-15.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"python-mistral","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/python-mistral"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"python-mistral-tests","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/python-mistral-tests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.6-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"python-os-brick","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/python-os-brick"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.3.4-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"python-tripleoclient","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/python-tripleoclient"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:9.2.6-8.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}},{"package":{"name":"python2-os-brick","ecosystem":"Red Hat:openstack:13::el7","purl":"pkg:rpm/redhat/python2-os-brick"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.3.4-2.el7ost"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHBA-2019:0448.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}