Red Hat Product Errata RHSA-2014:1786 - Security Advisory

Issued:: 2014-11-03
Updated:: 2014-11-03

RHSA-2014:1786 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-neutron security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

Updated openstack-neutron packages that fix one security issue, several
bugs, and add multiple enhancements are now available for Red Hat
Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines. As of Red
Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'
as the core component of OpenStack Networking.

It was discovered that unprivileged users could in some cases reset
admin-only network attributes to their default values. This could lead to
unexpected behavior or in some cases result in a denial of service.
(CVE-2014-6414)

The openstack-neutron packages have been upgraded to upstream version
2014.1.3, which provides a number of bug fixes and enhancements over the
previous version. (BZ#1149742)

All openstack-neutron users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - RHSA-2014:1786 - neutron-server is dead after enablement of the haproxy service provider in neutron.conf
BZ - RHSA-2014:1786 - [RFE][neutron]: Add the capability to sync neutron resources to the N1kv VSM
BZ - RHSA-2014:1786 - [RFE][python-neutronclient]: Add Repeatable add-tenant and remove-tenant option in cli
BZ - RHSA-2014:1786 - neutron-*-agent child processes can die unnoticed
BZ - RHSA-2014:1786 - Some plugin ini files are not included in setup.cfg and are not installed via 'setup.py install'
BZ - RHSA-2014:1786 - neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "ip6tables-restore v1.4.7: ip6tables-restore: unable to initialize table 'filter'\n\nError occurred at line: 2\n
BZ - RHSA-2014:1786 - Missing quota tables for Cisco N1KV monolithic plugin
BZ - RHSA-2014:1786 - update vsm credential correctly
BZ - RHSA-2014:1786 - CVE-2014-6414 openstack-neutron: Admin-only network attributes may be reset to defaults by non-privileged users
BZ - RHSA-2014:1786 - TTL never set on messages, causes messages to live forever
BZ - RHSA-2014:1786 - Neutron DHCP Failover behavior
BZ - RHSA-2014:1786 - Rebase openstack-neutron to 2014.1.3
BZ - RHSA-2014:1786 - Cisco N1kv: Remove unnecessary REST call to delete VM network on controller
BZ - RHSA-2014:1786 - Include support for neutron-scale script in neutron package
BZ - RHSA-2014:1786 - [RFE][neutron]: Config option to control visibility of cisco-policy-profile resources for tenants
BZ - RHSA-2014:1786 - [RFE][neutron]: Ability to assign cisco nw profile to multi-tenants in single request
BZ - RHSA-2014:1786 - l3-agent error : Executable not found: conntrack (filter match = conntrack)

CVEs

CVE-2014-6414

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-neutron-2014.1.3-7.el7ost.src.rpm	SHA-256: b16400fdac226bb897d58dff0e3bfd68d4d5b52cf45cd2ae255c8c17a36ded73
python-neutronclient-2.3.4-3.el7ost.src.rpm	SHA-256: 5b48df47cba2dc5c4364810b3b26d967e51641037576a311b8eec7c93b90ab82
x86_64
openstack-neutron-2014.1.3-7.el7ost.noarch.rpm	SHA-256: cc953c36bcce546329d75f9b24e89c5122944af8fceac1fd01b400747464316c
openstack-neutron-bigswitch-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 6e2db0b2190f977fec81faaeea5adf66755ff49967a784cf4604a518910225f8
openstack-neutron-brocade-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 1722a7e1c14e864d599a5e328623b8f62038bcb0403facbe482fd32a8b3b1451
openstack-neutron-cisco-2014.1.3-7.el7ost.noarch.rpm	SHA-256: a6521e5c0e3fd28e741bc90e99687e898f2865a5a9d3269c879928be2e2a6510
openstack-neutron-embrane-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 548437ae4a85f8cb2297d72262adacd0780411ee088cf843c7159ab2288d8b96
openstack-neutron-hyperv-2014.1.3-7.el7ost.noarch.rpm	SHA-256: ad1036b851a21f3f46626211098e35861c5e5140a21167377ca18c0a78218ac5
openstack-neutron-ibm-2014.1.3-7.el7ost.noarch.rpm	SHA-256: dd53e0a5ce7196c8cc8c82b3413a88e2256e71d2d7ebf15e1d436eea60fb0aa6
openstack-neutron-linuxbridge-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 65e6175de2b88cfd2f99366c7af475da220f1d5b3cfafc18260e58d507e3216c
openstack-neutron-mellanox-2014.1.3-7.el7ost.noarch.rpm	SHA-256: cd71593b1ccc1c248257ce44de77924b1ec17350b88e89c4dfce7bbb2f8dc801
openstack-neutron-metaplugin-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 78ef25d37a9af997c612270922bfa07a3df7271d11503856107869962b7f4c15
openstack-neutron-metering-agent-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 39c1e3d1cbb27d21b157e6e7b464a7a1e6253d2a463483027491e6d6816d0702
openstack-neutron-midonet-2014.1.3-7.el7ost.noarch.rpm	SHA-256: ddd336233ae4f43cb621c89b5ca398ce1f39235e34379ce550effd4fa31b3588
openstack-neutron-ml2-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 8ccd76bc2b7d31156d3bdf59c551eb717ca0e47bad03d164f8be1c101a61bba5
openstack-neutron-nec-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 3b69b179f2f3add01aeabdee1cc4049dd8568a547d3122f3e9b7ab4f8550c58f
openstack-neutron-nuage-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 0c64e248c3115d333eb31c425ee8b8ed11cd0104e99e6b48b9eeb9ded0496621
openstack-neutron-ofagent-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 5204d1e61cbda6b282806a33297a5dba16b31ca53b07e9833a0f5b8c546aec78
openstack-neutron-oneconvergence-nvsd-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 144341bbf605be8d4e68a3ff4393f968d1c8ea416bdf49a1ce2d1a0f787b35ca
openstack-neutron-openvswitch-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 4066c5e6033750aa9e5f95eb4b0c51c133ee3a57595ff674c5fb35a4c0df2939
openstack-neutron-plumgrid-2014.1.3-7.el7ost.noarch.rpm	SHA-256: cd792fb977b71cd9881482c24ad8f676714b7967096d2554cce1b12998dc1c7a
openstack-neutron-ryu-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 9e2c7401a132246ab48af60fa51da2d8b8434014301aa10a268c23b45032953b
openstack-neutron-vmware-2014.1.3-7.el7ost.noarch.rpm	SHA-256: eeea691df0655c9bd4aae057c92734a4158425d429cd0e7e0ae9afb4c4e3c767
openstack-neutron-vpn-agent-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 53ab9a8bca94e491f2a6a73fce08c560434d6b9bdcf8096f2ecc616dff8b95bd
python-neutron-2014.1.3-7.el7ost.noarch.rpm	SHA-256: 186a02d61539739aa70e8d56fcd38fec75ea12cf24ec07389a3a1dcc18cef674
python-neutronclient-2.3.4-3.el7ost.noarch.rpm	SHA-256: 8152f9dbfed515b0bb3dd437f8497f7c90c48efd63a78e397eede3577b46e81a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories