Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2015:2684 - Security Advisory
Issued:
2015-12-21
Updated:
2015-12-21

RHSA-2015:2684 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openstack-nova secuity and bug fix advisory

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated OpenStack Compute packages that resolve one security issue
and a bug are now available for Red Hat Enterprise Linux OpenStack
Platform 5.0 for RHEL 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

Additional bug fixes include:

  • In some cases, Compute did not start instances when RHEL was

installed with a locale other than en_US. The update ensures that
logging an exception no longer causes Unicode issues. (BZ#1190837)

All openstack-nova users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.

Solution

Before applying this update, ensure all previously released errata
relevant to your system have been applied.

Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat
Enterprise Linux 7.2.

The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes
contain the following:

  • An explanation of the way in which the provided components

interact to form a working cloud computing environment.

  • Technology Previews, Recommended Practices, and Known Issues.
  • The channels required for Red Hat Enterprise Linux OpenStack

Platform 5, including which channels need to be enabled and
disabled.

The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Release_Notes/index.html

This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

  • BZ - 1190837 - Nova may not start instances when OS is installed with locale not en_US
  • BZ - 1269119 - CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances

CVEs

  • CVE-2015-7713

References

  • http://www.redhat.com/security/updates/classification/#normal
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-nova-2014.1.5-9.el7ost.src.rpm SHA-256: 59b82ffd4d4015ea7f53c09d439a7184188dcbb560af968eabddae766cc6a625
x86_64
openstack-nova-2014.1.5-9.el7ost.noarch.rpm SHA-256: 16d4ad31ffd3fe3fe631dd4f721e36d5e11293807e329a898aaf52d9711b9bfd
openstack-nova-api-2014.1.5-9.el7ost.noarch.rpm SHA-256: 945d6494ea1c0fd9a9188343a32df7b7ed1dcb22a9382bfd5e55317ef4d05f00
openstack-nova-cells-2014.1.5-9.el7ost.noarch.rpm SHA-256: 8130cbcd4b342c9d898d2e240b868d45f4fe06f40cd3726351c63668fd20e8ef
openstack-nova-cert-2014.1.5-9.el7ost.noarch.rpm SHA-256: e61c360097510656f15eb664a21a6236bb05f0d90e06adddcee9b1f7ff86c90b
openstack-nova-common-2014.1.5-9.el7ost.noarch.rpm SHA-256: 978c21e7e7074618b6384917a030b5f4b300013b32f73614da8615722082367c
openstack-nova-compute-2014.1.5-9.el7ost.noarch.rpm SHA-256: ed3e34834f2b5676d13e534cfdc4a5540de85075a0ad387fb58c18b31d0ff4a3
openstack-nova-conductor-2014.1.5-9.el7ost.noarch.rpm SHA-256: f153621e7cae90b4e8bf9284e5b0ad794725b6bc033ed0413897bc2c08c7130f
openstack-nova-console-2014.1.5-9.el7ost.noarch.rpm SHA-256: 4042c77528f22f942518a8820dbfff89a76972a4320d46948eec698deb28647c
openstack-nova-doc-2014.1.5-9.el7ost.noarch.rpm SHA-256: 0e48d273e509682da43b61aa0bb739c0096304f26368b3fe130ad81fdb016266
openstack-nova-network-2014.1.5-9.el7ost.noarch.rpm SHA-256: 2ed54295863195039c2200ea2be99a8389dfbd3bd075bd9e62a77a21c7ce07fa
openstack-nova-novncproxy-2014.1.5-9.el7ost.noarch.rpm SHA-256: 946130262911fccfbdf6716bc56ff27dca471f29aa9eb4dff17ee7c7e8ed4242
openstack-nova-objectstore-2014.1.5-9.el7ost.noarch.rpm SHA-256: e2fe88c7d4ac0ad150f5e55ac85e090e36e8fa7f448bd0e339417bc3aa810fa7
openstack-nova-scheduler-2014.1.5-9.el7ost.noarch.rpm SHA-256: 6e51b28a41fcb09deef671bf87c02c03c00d0c2bba299898bad8f8d0577acee7
openstack-nova-serialproxy-2014.1.5-9.el7ost.noarch.rpm SHA-256: 99486fe63b38e2711b250fa1508176d77d2280ec3d3006803d2b082ded57ee0b
python-nova-2014.1.5-9.el7ost.noarch.rpm SHA-256: 9afbe6d9d7f24701ed822b334b594d44b35e66b78d25e68de07f25c1c6ef215c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter