Red Hat Product Errata RHSA-2014:1942 - Security Advisory

Issued:: 2014-12-02
Updated:: 2014-12-02

RHSA-2014:1942 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-neutron security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

Updated openstack-neutron packages that fix one security issue and several
bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines. As of Red
Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum'
as the core component of OpenStack Networking.

A denial of service flaw was found in the way neutron handled the
'dns_nameservers' parameter. By providing specially crafted
'dns_nameservers' values, an authenticated user could use this flaw to
crash the neutron service. (CVE-2014-7821)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Henry Yamauchi, Charles Neill, and Michael Xin
(Rackspace) as the original reporters.

This update also fixes the following bugs:

Prior to this update, the network name and UUID were not sent to N1KV
during the subnet creation process. Consequently, N1KV was unable to
properly associate the network and subnet in its local configuration.
This update addresses this issue by sending the required network name and
UUID during subnet creation, with the result that they are now properly
associated on the N1KV. (BZ#1118508)
Previously, a rollback did not result in all entries being cleared from
the N1KV-specific database tables, resulting in the presence of stale
entries. This update addresses the issue by performing a proper cleanup of
all N1KV tables. Consequently, stale entries are no longer left in the N1KV
tables. (BZ#1124991)
Previously, the N1KV OpenStack Networking (neutron) plug-in did not sent
the subtype for overlay networks during the network segment pool creation
process. This update addresses this issue by sending the required details
during the creation process. (BZ#1130336)

All openstack-neutron users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - RHSA-2014:1942 - Clear entries in Cisco N1KV specific tables on rollback
BZ - RHSA-2014:1942 - Neutron refuses to delete instance associated with multiple floating addresses
BZ - RHSA-2014:1942 - Unable to delete 'active' namespaces via cleanup utility with "force" attribute
BZ - RHSA-2014:1942 - CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers
BZ - RHSA-2014:1942 - dhcp assignments aren't updated on neutron-dhcp-agent restart

CVEs

CVE-2014-7821

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-neutron-2014.1.3-11.el7ost.src.rpm	SHA-256: c206e47dd16b79579b54d3c9f32cb3e622b19f6b5aed32f69719a57e59ef21b9
x86_64
openstack-neutron-2014.1.3-11.el7ost.noarch.rpm	SHA-256: e14fffdae8382a23199d5542c095e9eda956ab2aa793e92ed3958bc3470d0b0d
openstack-neutron-bigswitch-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 46d1621a4e14637e4d18455c3ed692907cbd4d0dbe152d8e26f8de1adde097b0
openstack-neutron-brocade-2014.1.3-11.el7ost.noarch.rpm	SHA-256: c47c438c8c8de08233c561e6db4283ba2359014f6545bc622b639581842ee9ec
openstack-neutron-cisco-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 9d6c22f2fee5b6f44264940003253fc3c8919cbc66c3792379e5cf42b41cce0c
openstack-neutron-embrane-2014.1.3-11.el7ost.noarch.rpm	SHA-256: a1749beefedf01a6925056ef3e5f8c9bb0f10732ed579bdcc0f8b3926e133b8a
openstack-neutron-hyperv-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 4f35bdb4b724316022c654410d30dca14ee9f8e0d895505cf1b52e31728f7ca5
openstack-neutron-ibm-2014.1.3-11.el7ost.noarch.rpm	SHA-256: d6efeffadd5e33f3e115ba5f1267d2745d8833cdf829bba73d2bc99071d58170
openstack-neutron-linuxbridge-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 60afd7ad0ee2d3c373d987fb21da19a968112d7f95310d2c7d52206e2f1d9569
openstack-neutron-mellanox-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 6373f573a24b6622dbaa44e6f2192d428679e263479323bb8b51482840e60d89
openstack-neutron-metaplugin-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 468db3fcb229bbd726fa6cdc4cfe28b5a747fedd796e14baf5981c537ea7a32d
openstack-neutron-metering-agent-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 2e646ffa7d988c9d8a3e35b139fa95bfccc908ace18ab017f24082eee24c9f2b
openstack-neutron-midonet-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 3ccbca545fd5c009effb40ed2c54967c0b59e6e62a9dc598c9b65f5026e570ad
openstack-neutron-ml2-2014.1.3-11.el7ost.noarch.rpm	SHA-256: f9525bae628b5368d17f233d7caec5720bb4a0ae23158bba40d8522b01e8ac41
openstack-neutron-nec-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 514263b10558b9b1a1d35f7ac806785ec6c76d9f28e744db69256df023215a2a
openstack-neutron-nuage-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 5b8e4a63f60e78d465edd825b4e941f113cb6407ae618ab7e28221c11dd4e044
openstack-neutron-ofagent-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 75175faf81819d6832e64ed4fe322e771038d67f1a4c758f9433b8a1523cf2c5
openstack-neutron-oneconvergence-nvsd-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 139396523386dfb0cd9c5acf387b0df6fd9c5f858013c9b4a6ea5c4446bc8e2d
openstack-neutron-openvswitch-2014.1.3-11.el7ost.noarch.rpm	SHA-256: e3b4bac844cadf9904453030367f8946932218de7e6e40ad94cbce06fcb89cbe
openstack-neutron-plumgrid-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 8588f89bcbe07db88e30cdfbd98d240e7e523615c126f91ceb28f2c68555255d
openstack-neutron-ryu-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 4432a51cfb1e87aca8e08ba59561c15555f46131f927c99c97b860ac38c97bb8
openstack-neutron-vmware-2014.1.3-11.el7ost.noarch.rpm	SHA-256: ab0793de65a1b73c91aa2fb7d286a0fbe05a92a4f9f06b4ea58fae1c124cba11
openstack-neutron-vpn-agent-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 994daaf50e891762e6fe68803d331e157c463ce74c7439df94856f94086f4d3f
python-neutron-2014.1.3-11.el7ost.noarch.rpm	SHA-256: 090c80d6b2fa330048fa9d51c85f30b5125fd64a420ad8dfe40df577c51cfc69

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories