Red Hat Product Errata RHSA-2016:0013 - Security Advisory

Issued:: 2016-01-07
Updated:: 2016-01-07

RHSA-2016:0013 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix advisory

Type/Severity

Security Advisory: Moderate

Topic

Updated openstack-nova packages that fix one security issue and
various bugs are now available for Red Hat Enterprise Linux OpenStack
Platform 6.0.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

Additional bug fixes include:

Suspending an instance with a pre-created port that uses
binding:vnic_type='direct' previously failed; this has been fixed
with an update to the API.(BZ#1196054)
When using multipath-backed volumes using Object Storage (cinder),
attach attempts failed without error. The handling of device
identifiers has been updated and volumes can now be attached.
(BZ#1206699)
Previously, OpenStack Compute did not conform to PEP8 conventions;
this has been fixed. (BZ#1278411)
With a faulty lun in a multipath device, Compute tried to use the
wrong device. Compute now uses the correct device, and instances
can boot normally. (BZ#1280359)
When using a FCoE adapter instead of a FC adapter, volumes
previously failed to attach to the VM. This issue has been fixed.
(BZ#1284033)

All openstack-nova users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 6.0 x86_64

Fixes

BZ - 1196054 - Suspending an instance fails when using vnic_type=direct
BZ - 1206699 - FC volume fails to attach to instance on RHEL 7
BZ - 1269119 - CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances
BZ - 1278411 - RHOS 6 needs to be PEP8 valid
BZ - 1280359 - nova searches for wrong device unexpectedly when multipath device has faulty lun
BZ - 1284033 - When using a FCoE adapter instead of a FC adapter, volumes will fail to attach to the VM

CVEs

CVE-2015-7713

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 6.0

SRPM
openstack-nova-2014.2.3-42.el7ost.src.rpm	SHA-256: d20cc01061679e4f6cf9b91a8078abe773c7049d645fd2e5341e4a86c204fbc9
x86_64
openstack-nova-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 8c18d70b305cc2ab8dbdc5df87e6a2d7071ab26f452680c12a0231fd64f6fb6a
openstack-nova-api-2014.2.3-42.el7ost.noarch.rpm	SHA-256: a991023fa1a7236a033b248034b6507d9f7bdce8566a803dea1ae0414ac9726b
openstack-nova-cells-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 7fee9b89f18b425213f1ef1bee4e104a320761cf89eb066890b3e8aeb949ab23
openstack-nova-cert-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 3ae2febd4fb1617b7a1edef77a00f2b10d4ed08c722ad9996c17a7e587a62367
openstack-nova-common-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 36c11458e0000341b53c738ea18fa64371629de5f3acd47a69a4f9c7732c3da9
openstack-nova-compute-2014.2.3-42.el7ost.noarch.rpm	SHA-256: ead646b151da7acef5e84af7c9556eb098e1b341aa3859cd2e6696023687c15e
openstack-nova-conductor-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 5e870b61c5eac71d18b6af04a70e268311161c58238819a54eeb3e5b5ce6479d
openstack-nova-console-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b67d3fa1a31e53da01ae772820f01d4803d1ec5bdd769bd5764e5bd67a22abdb
openstack-nova-doc-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 1b768bd5a4a9bcb0cd31f93c2844dd5bb38d5787eefb2a71b799a81d21456acb
openstack-nova-network-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b30c1c0e56594b36558589b65ec080e047f3273359ddb34c9f6ddf81dbcdeabf
openstack-nova-novncproxy-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 5bd3ec1a70aa8bcce47e1cd2a7456201895e80c8b53efcbc03a02fa147d65ece
openstack-nova-objectstore-2014.2.3-42.el7ost.noarch.rpm	SHA-256: e9d1464f7a7c58b16cec279018a960aa342645c7930d2d567e35d6b30391c5a6
openstack-nova-scheduler-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 893a6e6911018d81c747e0f71cf344e0bc5aef1c3619f6252eabcb266db17f5b
openstack-nova-serialproxy-2014.2.3-42.el7ost.noarch.rpm	SHA-256: cc651f39207686805ab8abcca2c0171708164c4783de706af2c6a5e6703be52f
python-nova-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 3e027bc1a71e7d1b669c3e6968f4ea7f0108af6f587db363010ef5f04bf96e55

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories