CVE-2019-12855

Отчет

• This issue affects the version of calamari-server(embeds python-twisted) as shipped with Red Hat Ceph Storage 2 as it does not check for TLS certificate.
• This issue did not affect the versions of python-twisted-core as shipped with Red Hat Gluster Storage 3, Red Hat Ceph Storage 2 and 3 as it does not ship XMPP XML Stream bits. This issue affects the versions of python-twisted-words as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. Red Hat OpenStack Platform:
• This flaw depends on the use of the XMPP protocol, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions, Red Hat OpenStack Platform environments are not vulnerable. Because of this and the lower product impact, no fixes will be issued for any Red Hat OpenStack Platform version at this time.
• Because the flaw's impact is Low, it will not be fixed in Red Hat OpenStack Platform 9 which will retire shortly after the public date.