Red Hat Product Errata RHSA-2015:2684 - Security Advisory

Issued:: 2015-12-21
Updated:: 2015-12-21

RHSA-2015:2684 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova secuity and bug fix advisory

Type/Severity

Security Advisory: Moderate

Topic

Updated OpenStack Compute packages that resolve one security issue
and a bug are now available for Red Hat Enterprise Linux OpenStack
Platform 5.0 for RHEL 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

Additional bug fixes include:

In some cases, Compute did not start instances when RHEL was
installed with a locale other than en_US. The update ensures that
logging an exception no longer causes Unicode issues. (BZ#1190837)

All openstack-nova users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.

Solution

Before applying this update, ensure all previously released errata
relevant to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat
Enterprise Linux 7.2.

The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes
contain the following:

An explanation of the way in which the provided components
interact to form a working cloud computing environment.
Technology Previews, Recommended Practices, and Known Issues.
The channels required for Red Hat Enterprise Linux OpenStack
Platform 5, including which channels need to be enabled and
disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1190837 - Nova may not start instances when OS is installed with locale not en_US
BZ - 1269119 - CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances

CVEs

CVE-2015-7713

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-nova-2014.1.5-9.el7ost.src.rpm	SHA-256: 59b82ffd4d4015ea7f53c09d439a7184188dcbb560af968eabddae766cc6a625
x86_64
openstack-nova-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 16d4ad31ffd3fe3fe631dd4f721e36d5e11293807e329a898aaf52d9711b9bfd
openstack-nova-api-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 945d6494ea1c0fd9a9188343a32df7b7ed1dcb22a9382bfd5e55317ef4d05f00
openstack-nova-cells-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 8130cbcd4b342c9d898d2e240b868d45f4fe06f40cd3726351c63668fd20e8ef
openstack-nova-cert-2014.1.5-9.el7ost.noarch.rpm	SHA-256: e61c360097510656f15eb664a21a6236bb05f0d90e06adddcee9b1f7ff86c90b
openstack-nova-common-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 978c21e7e7074618b6384917a030b5f4b300013b32f73614da8615722082367c
openstack-nova-compute-2014.1.5-9.el7ost.noarch.rpm	SHA-256: ed3e34834f2b5676d13e534cfdc4a5540de85075a0ad387fb58c18b31d0ff4a3
openstack-nova-conductor-2014.1.5-9.el7ost.noarch.rpm	SHA-256: f153621e7cae90b4e8bf9284e5b0ad794725b6bc033ed0413897bc2c08c7130f
openstack-nova-console-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 4042c77528f22f942518a8820dbfff89a76972a4320d46948eec698deb28647c
openstack-nova-doc-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 0e48d273e509682da43b61aa0bb739c0096304f26368b3fe130ad81fdb016266
openstack-nova-network-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 2ed54295863195039c2200ea2be99a8389dfbd3bd075bd9e62a77a21c7ce07fa
openstack-nova-novncproxy-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 946130262911fccfbdf6716bc56ff27dca471f29aa9eb4dff17ee7c7e8ed4242
openstack-nova-objectstore-2014.1.5-9.el7ost.noarch.rpm	SHA-256: e2fe88c7d4ac0ad150f5e55ac85e090e36e8fa7f448bd0e339417bc3aa810fa7
openstack-nova-scheduler-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 6e51b28a41fcb09deef671bf87c02c03c00d0c2bba299898bad8f8d0577acee7
openstack-nova-serialproxy-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 99486fe63b38e2711b250fa1508176d77d2280ec3d3006803d2b082ded57ee0b
python-nova-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 9afbe6d9d7f24701ed822b334b594d44b35e66b78d25e68de07f25c1c6ef215c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories