RHBA-2015:1763 - Bug Fix Advisory

Topic

Updated mariadb-galera and python-eventlet packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6.

Description

Red Hat Enterprise Linux OpenStack Platform provides the facilities for
building a private or public infrastructure-as-a-service (IaaS) cloud
running on commonly available physical hardware.

This update addresses the following issues:

• Previously, a call to the "sed" command within mysqld_safe.sh which was used to certain command line arguments failed to accommodate arguments which included a slash, such as the paths to the SSL key and certificate files to pass through this function. As a consequence, the mysqld_safe.sh script produced warnings of the form "unknown option to `s'". The script continued to work correctly otherwise as these arguments are not actually needed in this specific context. With this update, the call to sed has been corrected such that the SSL arguments which include slashes are properly interpreted. As a result, the warnings regarding sed are now resolved. (BZ#1214904)
• Prior to this update, eventlet behaved incorrectly around SSL retries. As a consequence, sporadic connection failures (for example, of API calls) occurred. To fix this problem, a patch has been added in which SSL retries use the same data buffer. As a result, SSL retries now work correctly. (BZ#1220864)
• Previously, when a large number of requests to expire objects were created at the same time, they were all handled by a single container. As a consequence, timeouts occurred on the container listing, which caused the expirer daemon to fail. With this update, the expiring tracker objects are spread across multiple containers, which resolves the aforementioned problem. (BZ#1229435)
• With this release, mariadb-galera is rebased to version 5.5.42, fixing an issue where "duplicate key" errors would occur during INSERT statements, when performed during the period of time when database connectivity was moving to another Galera node, and when the first Galera node was entering a non-available state. (BZ#1240329)
• Previously, there was a hot loop in the Send function if the connection was lost. As a consequence, the process consumed 100% CPU and hung indefinitely. To fix this problem, an upstream patch for the greenio module has been added, which allows the loop to exit if this condition happens. As a result, the process no longer consumes 100% CPU in a hot loop, and it does not hang. (BZ#1259842)

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 for Red Hat Enterprise Linux 6 runs on Red Hat Enterprise Linux 6.7.

The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes (see the References section) contain the following:

• An explanation of the way in which the provided components interact to form a working cloud computing environment.
• Technology Previews, Recommended Practices, and Known Issues.
• The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for Red Hat Enterprise Linux 6, including which channels need to be enabled and disabled.

This update is available through the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

• Red Hat OpenStack 5.0 for RHEL 6 x86_64

Fixes

• BZ - 1214904 - mysqld_safe generates errors on sed
• BZ - 1220864 - Make sure SSL retries are done using the exact same data buffer

CVEs

• CVE-2015-0433
• CVE-2015-0441
• CVE-2015-2568
• CVE-2015-2573

References

• http://www.redhat.com/security/updates/classification/#normal