Red Hat Product Errata RHSA-2015:0790 - Security Advisory

Issued:: 2015-04-07
Updated:: 2015-04-07

RHSA-2015:0790 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-nova security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

Updated openstack-nova packages that fix one security issue, several bugs,
and add various enhancements are now available for Red Hat Enterprise Linux
OpenStack Platform 6.0.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

It was discovered that the OpenStack Compute (nova) console websocket did
not correctly verify the origin header. An attacker could use this flaw to
conduct a cross-site websocket hijack attack. Note that only Compute setups
with VNC or SPICE enabled were affected by this flaw. (CVE-2015-0259)

Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Brian Manifold of Cisco, and Paul McMillan of Nebula
as the original reporters.

In addition to the above issue, this update also addresses bugs and
enhancements which are documented in the Red Hat Enterprise Linux OpenStack
Platform Technical Notes, linked to in the References section.

All openstack-nova users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 6.0 x86_64

Fixes

BZ - 1017288 - [Blocked] Snapshots on GlusterFS w/ libgfapi enabled
BZ - 1100535 - [RFE][nova]: Add a virt driver for Ironic
BZ - 1104926 - [RFE][nova]: I/O (PCIe) Based NUMA Scheduling
BZ - 1171454 - Launching an instance with muliple interfaces attached to same network by using --net-id fails
BZ - 1190112 - CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking
BZ - 1190719 - when using dedicated cpus, the emulator thread should be affined as well
BZ - 1191174 - Cinder volume fails to attach when multipathing in Nova and Storwize CHAPS are enabled
BZ - 1203182 - Launching an instance fails when using a port with vnic_type=direct

CVEs

CVE-2015-0259

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 6.0

SRPM
x86_64
openstack-nova-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 3b3f7639ca49ba8cb34630e385f0a459740865609e59b79951af5f1605fc2c64
openstack-nova-api-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 9de2dfa7cf4ae07a7a102992defd8cd7288b7cb40a0033601554469bf83ebd69
openstack-nova-cells-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 12e6e7e7f75d57a64ec6e295b480c07f71a04e96be0e6512228cb3697e279e7c
openstack-nova-cert-2014.2.2-19.el7ost.noarch.rpm	SHA-256: d22cba1889f0377c6a42531d08378a6cefee60b404dae3cdb294aab800ffa9dc
openstack-nova-common-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 7f94ad158a7200064979544f2e0b74ee254ac9f50ee9916115526c3adb1ff405
openstack-nova-compute-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 412f4f97d8488b36c0163ea6df54cbe954234fa9c4fc38ad08b5b479197b0d84
openstack-nova-conductor-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 4f02835be4ce0805e37d66a8f883ff71fa9a08a72190c3e613429fb8cf1715b7
openstack-nova-console-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 9c1a8b2da733b92c7d567bfaf1e1c30f1c770eb566652a9b589cd2a497ea22a0
openstack-nova-doc-2014.2.2-19.el7ost.noarch.rpm	SHA-256: d5a36390e44a730158513ce34bc1e7b4907bcf0101ff38041a7e9b61a6b76c2b
openstack-nova-network-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 82efe6b39c4a1ce3e84ee6595d024c92baa753e2c3525fe8b533011859bd4db3
openstack-nova-novncproxy-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 34db8157456edaa6420ccb03ec28a953bceecd81042421cefb4d4be97ba71397
openstack-nova-objectstore-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 7f4bbe072bf7a6d098ab3f40da73d2602022afff377253ce5544af34fdf7d9c0
openstack-nova-scheduler-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 7e541df860c515f613c2d9688bb15d7d67d3d45ca33d424326a9b67629bea143
openstack-nova-serialproxy-2014.2.2-19.el7ost.noarch.rpm	SHA-256: cc1139eef7f8a5095dff953574e5e5850a92ad0112141961e7a3632493259d8c
python-nova-2014.2.2-19.el7ost.noarch.rpm	SHA-256: 820f8a92f45e5ace09ebb0b50ca79a1b878de3e9cf634ebe408ab1edbac68741

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories