Issued:: 2016-01-10
Updated:: 2016-01-10

RHSA-2016:0017 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-nova security advisory

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-nova packages that fix two security issues are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red
Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

A flaw was discovered in the OpenStack Compute (nova) snapshot feature when
using the libvirt driver. A compute user could overwrite an attached
instance disk with a malicious header specifying a backing file, and then
request a snapshot, causing a file from the compute host to be leaked. This
flaw only affects LVM or Ceph setups, or setups using filesystem storage
with "use_cow_images = False". (CVE-2015-7548)

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

The CVE-2015-7548 issue was discovered by Matthew Booth of Red Hat
OpenStack Engineering.

All openstack-nova users are advised to upgrade to these updated packages,
which correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 6 x86_64

Fixes

BZ - 1269119 - CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances
BZ - 1290511 - CVE-2015-7548 openstack-nova: Unprivileged API user can access host data using instance snapshot

CVEs

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 6

SRPM
openstack-nova-2014.1.5-16.el6ost.src.rpm	SHA-256: b65b66549a1705f81447e488e30363385472b0c28c41b53be7f7291a251cf985
x86_64
openstack-nova-2014.1.5-16.el6ost.noarch.rpm	SHA-256: bd79f7c2048208f9829cfe81a167ff0ecdeaacf346deddd62104b97a33a24ae0
openstack-nova-api-2014.1.5-16.el6ost.noarch.rpm	SHA-256: 3a47357fbe34c6ed24f3a08cdcaa77c87fc70fbe41e8b63c503fdd3f2c3f7cda
openstack-nova-cells-2014.1.5-16.el6ost.noarch.rpm	SHA-256: c54323bf9e3d8c1a8f3ea6cfa86c6db0a03170a1902ce714c76fc4cf180fd6c1
openstack-nova-cert-2014.1.5-16.el6ost.noarch.rpm	SHA-256: 39b1d469fb7df11042b3c73bf784c65d1348df6e8c25886c5f2be1c89abe4843
openstack-nova-common-2014.1.5-16.el6ost.noarch.rpm	SHA-256: b3e9a33f95fd837a46dd983f00c0286b10dcb0f4a44d7424c29d63ee60b03286
openstack-nova-compute-2014.1.5-16.el6ost.noarch.rpm	SHA-256: adbc8113d5d018f0f2b2472b17e39bd215dca49c5fa3e396c59746eeca603515
openstack-nova-conductor-2014.1.5-16.el6ost.noarch.rpm	SHA-256: 8c1966f3b75eebc379afbf583ec91f5900713300268a8fd697a31feb335a7baf
openstack-nova-console-2014.1.5-16.el6ost.noarch.rpm	SHA-256: f53cf174112dc06103a5b7aa8d82441ae6c12bc7ec1eb0812f54c9c556c44ba3
openstack-nova-doc-2014.1.5-16.el6ost.noarch.rpm	SHA-256: a965e37076c0ae2ce2464b711df360ff2c7c38e6e7b86deafbd92b72a0059cf3
openstack-nova-network-2014.1.5-16.el6ost.noarch.rpm	SHA-256: 1e18fdde186bd71ee1240014696e47f927a7bfb83388230fcd0b1afad79dc0c8
openstack-nova-novncproxy-2014.1.5-16.el6ost.noarch.rpm	SHA-256: be4515570319f4fe43773bd699d194f12cf7cc88fc37331520073a5a793362ae
openstack-nova-objectstore-2014.1.5-16.el6ost.noarch.rpm	SHA-256: b33b20072076dcb678d78049e9808896198abfd17c4328eb903c8808501de42b
openstack-nova-scheduler-2014.1.5-16.el6ost.noarch.rpm	SHA-256: bdf3916d6abd275bffa672079f052b939db27f80930beaa187df923f121cd6b1
openstack-nova-serialproxy-2014.1.5-16.el6ost.noarch.rpm	SHA-256: bf9dfc8c7c2cb69f893b2e5c7a5bd31d39c2a732bd1955c5e7d59653961276ac
python-nova-2014.1.5-16.el6ost.noarch.rpm	SHA-256: ec336d1a8dfc5581b2ba18a229f354a8495c6b71d580f481132ab32cea11030a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation