Issued:: 2014-10-22
Updated:: 2014-10-22

RHSA-2014:1686 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-neutron security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-neutron packages that fix one security issue and several
bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines. As of Red
Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'
as the core component of OpenStack Networking.

It was discovered that unprivileged users could in some cases reset
admin-only network attributes to their default values. This could lead to
unexpected behavior or in some cases result in a denial of service.
(CVE-2014-6414)

These updated packages also fix various bugs. Documentation for these bug
fixes is available in the Technical Notes document linked to in the
References section.

All openstack-neutron users are advised to upgrade to these updated
packages, which correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 4.0 x86_64

Fixes

BZ - 1090421 - neutron-agent-watch fails when deleting failed resource
BZ - 1102910 - TTL never set on messages, causes messages to live forever
BZ - 1113104 - Use simplejson instead of json to improve performance
BZ - 1120146 - neutron-dhcp-agent and neutron-lbaas-agent fail to start
BZ - 1128295 - Using soft or hard reboot can cause loss of network connectivity
BZ - 1142012 - CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
BZ - 1146091 - Rebase openstack-neutron to 2013.2.4

CVEs

CVE-2014-6414

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 4.0

SRPM
openstack-neutron-2013.2.4-5.el6ost.src.rpm	SHA-256: dc0c654aa0de0f27524c2843b73e35cd3c206eaef74baee867453f1ee05e5f7e
x86_64
openstack-neutron-2013.2.4-5.el6ost.noarch.rpm	SHA-256: b829fa84908b96b6061d521e3312df03b9ad960a05e0377a8d4322176faa1ae5
openstack-neutron-bigswitch-2013.2.4-5.el6ost.noarch.rpm	SHA-256: d7897cffca40e3365391a308d13c59e06e6fef6c2f2c4f978263abceb78db841
openstack-neutron-brocade-2013.2.4-5.el6ost.noarch.rpm	SHA-256: c224ffb7f6df0ebad1470e239945c7379e3da531e147249cb111880b9b89d414
openstack-neutron-cisco-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 070ef71840d37c8715489d586c1a08e5f765221925c8bdb9baee2b6147cdb76c
openstack-neutron-hyperv-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 6596720f0819ca224ee82146a34e7008f6e92caa7cee57d2a351d91dc5aed549
openstack-neutron-linuxbridge-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 60c46e16fcb383d7f18a84333ccb89c81067e17429b75a44b08bf70f64cbc575
openstack-neutron-mellanox-2013.2.4-5.el6ost.noarch.rpm	SHA-256: fc8b3b22a89dc8da9851caedbcf0039a8397561d07c912713124451373e0b0a2
openstack-neutron-metaplugin-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 602eff84993ef69d09651323e7b155a612b61f78382d59f76740c44265a7dc49
openstack-neutron-metering-agent-2013.2.4-5.el6ost.noarch.rpm	SHA-256: f19edb331c8935979f29b1443558ac461a080547204ac680b6a449d4151954c4
openstack-neutron-midonet-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 8f0044e60cc36df29e9e75bd33ade4a077150a9d622328d8da05a01297547c02
openstack-neutron-ml2-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 964e389d1381d68fe95e2627727c1564225b459f18bfd610c1b62c3997ca7919
openstack-neutron-nec-2013.2.4-5.el6ost.noarch.rpm	SHA-256: edcb968e45da3918985ec9dfe1e510a4a57cc30cd7df899934ccbdec46993135
openstack-neutron-nicira-2013.2.4-5.el6ost.noarch.rpm	SHA-256: f0bc881aa5ba6684494c8e9a0baa61c482e05532a12c24927d704b2c349b729d
openstack-neutron-openvswitch-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 07d1c574452aef65a6534846d8496f8af216268235e5b4f3ed5e9348b344604e
openstack-neutron-plumgrid-2013.2.4-5.el6ost.noarch.rpm	SHA-256: c510ccb2f72ee67281d6eead99fa20d348b2b7bec43121200d8d65de4ca6c0b8
openstack-neutron-ryu-2013.2.4-5.el6ost.noarch.rpm	SHA-256: 35afaff27d53a11b2e41113e1ae9b0912bb2e35ee4ce13da7cc3b9598205f340
openstack-neutron-vpn-agent-2013.2.4-5.el6ost.noarch.rpm	SHA-256: dcfc54c2faeffbd91ba937b7cfb92886e97c8593dceee7d2dfa34a2bb2265b80
python-neutron-2013.2.4-5.el6ost.noarch.rpm	SHA-256: ad294b2a8fe8e50ad1c79da7107eea5716b5757f3495cec63656fca08c19b82c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation