Red Hat Product Errata RHBA-2024:0637 - Bug Fix Advisory
Issued:
2024-02-01
Updated:
2024-02-01

RHBA-2024:0637 - Bug Fix Advisory

Synopsis

updated rhosp17/openstack-nova-libvirt container image

Type/Severity

Bug Fix Advisory

Topic

Updated rhosp17/openstack-nova-libvirt container image is now available for Red Hat OpenStack Platform 17.1.

Description

The rhosp17/openstack-nova-libvirt container image has been updated for Red Hat OpenStack Platform 17.1 to address the following security advisory: RHSA-2024:0562 (see References)

Users of rhosp17/openstack-nova-libvirt container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat OpenStack Platform 17.1 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenStack 17.1 for RHEL 8 x86_64

Fixes

  • BZ - 2154178 - CVE-2023-1192 kernel: use-after-free in smb2_is_status_io_timeout()
  • BZ - 2187773 - CVE-2023-2162 kernel: UAF during login when accessing the shost ipaddress
  • BZ - 2223949 - CVE-2022-40982 hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
  • BZ - 2224048 - CVE-2023-3812 kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
  • BZ - 2230042 - CVE-2023-38409 kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment
  • BZ - 2237757 - CVE-2023-4623 kernel: net/sched: sch_hfsc UAF
  • BZ - 2237760 - CVE-2023-4622 kernel: use after free in unix_stream_sendpage
  • BZ - 2239843 - CVE-2023-42753 kernel: netfilter: potential slab-out-of-bound access due to integer underflow
  • BZ - 2240249 - CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
  • BZ - 2244723 - CVE-2023-45871 kernel: IGB driver inadequate buffer size for frames larger than MTU
  • BZ - 2245514 - CVE-2023-4921 kernel: use-after-free in sch_qfq network scheduler

x86_64

rhosp-rhel8/openstack-nova-libvirt@sha256:d329bf4dab5bf5fe48047cd26265c3e7fd0be7d07d7d32d8797169d639b19ec1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.