Red Hat Product Errata RHSA-2016:0018 - Security Advisory

Issued:: 2016-01-11
Updated:: 2016-01-11

RHSA-2016:0018 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-nova security update

Type/Severity

Security Advisory: Important

Topic

Updated openstack-nova packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0,
and 7.0 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

A flaw was discovered in the OpenStack Compute (nova) snapshot feature when
using the libvirt driver. A compute user could overwrite an attached
instance disk with a malicious header specifying a backing file, and then
request a snapshot, causing a file from the compute host to be leaked. This
flaw only affects LVM or Ceph setups, or setups using filesystem storage
with "use_cow_images = False". (CVE-2015-7548)

This issue was discovered by Matthew Booth of Red Hat OpenStack
Engineering.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 7 x86_64
Red Hat OpenStack 6.0 x86_64
Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1290511 - CVE-2015-7548 openstack-nova: Unprivileged API user can access host data using instance snapshot

CVEs

CVE-2015-7548

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 7

SRPM
openstack-nova-2015.1.2-13.el7ost.src.rpm	SHA-256: ff0d4aec134968d47dec8707e0a5219f13ba6bec4e46e171eb0b267632280815
x86_64
openstack-nova-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 2394aadac36728e4cdadd0982856275f6e51cc5ceccf058070475c2046bfea7a
openstack-nova-api-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 2e99a193d12f98370124f94d98c438a3a771f421b2583809b9db6eefbd85f336
openstack-nova-cells-2015.1.2-13.el7ost.noarch.rpm	SHA-256: a4a4bc407a762ffb197bf4c6a3a95e2fe82643981c94813a35de26912dd61ddd
openstack-nova-cert-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 4983b47a6357323913de6f188b5bb051b054e8ad857fed17400996390a2799bd
openstack-nova-common-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 397ad5502845fcb944647150c64bf08785f4e07fd1c8cda20d5771989c017c2c
openstack-nova-compute-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 2888ef33e794de2c6b7848be6b53f3499366ead6cbdca66812670ce7b0272f4f
openstack-nova-conductor-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 92c586a3323b0f995be0e68868b3850ff7018d2895c645b0dc4cc97fce4928ad
openstack-nova-console-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 929cfbdddb666f3af40e63cd87c13a3fe085dc87e0bf20e4c7d8e6e5709b4c17
openstack-nova-doc-2015.1.2-13.el7ost.noarch.rpm	SHA-256: f11c56b3964aef48434f2f53c9462e2a881060a68781d6f2f30cdf8751cdf0a1
openstack-nova-network-2015.1.2-13.el7ost.noarch.rpm	SHA-256: f7541b76eb86b12bdd46e5064d7e3626209a3f63d38d6d0489935c2cd9a625ec
openstack-nova-novncproxy-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 6c7be513c9fd61374099a35729ba57dc2c4f847d9ddd95793e034f53dd29ba71
openstack-nova-objectstore-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 8f29c3634c3733bf48348b3eaa10edbd755006436f45f9ad721460fe447df04d
openstack-nova-scheduler-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 4dc178092b21991c024e33496ce4f44eb6df63f6376af7712fc462a0043dbab9
openstack-nova-serialproxy-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 79d3e75b30703f280eb740b5820459d45f7f53f63f485f8fb69164b6f224a7ff
openstack-nova-spicehtml5proxy-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 8ccebe5c259333b9783bc577fd5118e41476401959be0166e2b0e7c1defea64e
python-nova-2015.1.2-13.el7ost.noarch.rpm	SHA-256: 8120c8f8896f282aa0c802ce5e1286c4174ab55a0d6373f843e1b5760d548edb

Red Hat OpenStack 6.0

SRPM
openstack-nova-2014.2.3-48.el7ost.src.rpm	SHA-256: 56631b14c8841de0a20f5bc6ac144b9d8e098ccbc8b5e24c22b7c5c9ca86b578
x86_64
openstack-nova-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 180bba6cd3a404e5a5b8ed036ac88e20b4d9213fa890c660e403c5399e3e89af
openstack-nova-api-2014.2.3-48.el7ost.noarch.rpm	SHA-256: d79ffe3a11f4d643eddfc10cca521e9f6c2243027ece5cb9ea4cf875329240f9
openstack-nova-cells-2014.2.3-48.el7ost.noarch.rpm	SHA-256: c89a39bc56e1653c3b5ebfd1a61a95aeb7c33b198551e550498429cc917f85a1
openstack-nova-cert-2014.2.3-48.el7ost.noarch.rpm	SHA-256: b27bd658869cdd246d095dc41be014f4e17631412b2542bf2f42e4a862948322
openstack-nova-common-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 032ee7cea6f5bd0e3b05e54dd02f14b95fa2f400890746b49f4f2d85e7b54f4d
openstack-nova-compute-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 6d009332f26d03e04cf559d92bc9ec361817414061be43aee5a3d6fd353aef7e
openstack-nova-conductor-2014.2.3-48.el7ost.noarch.rpm	SHA-256: f86bc8170f5db62d788f170e6a928676bb44e45d3639951ae97a99eab1c71961
openstack-nova-console-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 827ebdd8555b773d0828ca97c21d615a22de0148348703c275fa7d1b28d73a0c
openstack-nova-doc-2014.2.3-48.el7ost.noarch.rpm	SHA-256: a3d379a23ec527fe69f931daa7a53300058fa6ba5913a97a71d8f413e217165b
openstack-nova-network-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 7f733d83bcb4833f7782b69d10fb33022480c9ea1af9af6c21e61155c483e843
openstack-nova-novncproxy-2014.2.3-48.el7ost.noarch.rpm	SHA-256: e6df84a1b6d517187245ceeb3924e82991312ff1a84e8054e51dbb1b56feec11
openstack-nova-objectstore-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 600a562c8b880a273405260df1d1946b3d84bd11dbc470f36e20de79c48b9d65
openstack-nova-scheduler-2014.2.3-48.el7ost.noarch.rpm	SHA-256: c32e53619b47c3511d3fc8753f38257f212afe53d61ba8f835ac1fc96158fa91
openstack-nova-serialproxy-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 320cf54090236280bdc36d970b14e868bff21937980fea0f1dc23d7a2a38d13f
python-nova-2014.2.3-48.el7ost.noarch.rpm	SHA-256: 3e68ec94b42e66415a0eaf1ce39169cb9e38f46f8d455c0b354e3c896bb1933d

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-nova-2014.1.5-15.el7ost.src.rpm	SHA-256: f46268f65046824c59be91819ac0e3e6a6965dbdf2925f9ab27ee5e0531a581d
x86_64
openstack-nova-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 01b777163e1898097c8bff90f37d045fd8234b90c65a828776c69747085e8c9d
openstack-nova-api-2014.1.5-15.el7ost.noarch.rpm	SHA-256: ba9515f822ad99dc0733fbac0879d40dd45851de664184b806af1daf41fbcc03
openstack-nova-cells-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 58245df10c7dd0edaf47b2996667e9f2d6738fdd3780839165a33125457ef347
openstack-nova-cert-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 1a96a812c749faa4879257c45890444aac5cad565cfdede83da7046247366ea9
openstack-nova-common-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 0ba123d44921b415438ec0821fe7482b9213a649bd986a2652e287a9845e101d
openstack-nova-compute-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 097cb78e4072a7f59fa8db2baf02ee211354f483c0a94e09006ea795307eecf5
openstack-nova-conductor-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 2a77621dab45648a23fe01ff7776e10fb821148da433b0a29d611fd42213471d
openstack-nova-console-2014.1.5-15.el7ost.noarch.rpm	SHA-256: a786ab3117dd59f53f464b6ee414199c3fa2d84633a5653ee8648155db3fc2e3
openstack-nova-doc-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 69c74361ff09ef1aa12ad19f75edb18ece295ac57d8328961357ee6ceb94d494
openstack-nova-network-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 32e0781ddffad7312ef655e4551f4c82ffb10380c8ab325aa1f614beb745c19e
openstack-nova-novncproxy-2014.1.5-15.el7ost.noarch.rpm	SHA-256: a4284e53e00e1fdb44cf65cfc9d37a24063fee4328e27e3293d145e918f19bca
openstack-nova-objectstore-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 6f12d467f1d6177a0b0506e52bd7e009c953efafa803768373c7aa2795fc6cce
openstack-nova-scheduler-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 50ad53912b4721dbb8ba74d7613fc27834c9d1a699e3e9d590a8dc9ce34e2bd9
openstack-nova-serialproxy-2014.1.5-15.el7ost.noarch.rpm	SHA-256: d8ee6706fac8d62faa424f77015c6c6cc4bcf8123061cd1894ae5a4a4bfb9500
python-nova-2014.1.5-15.el7ost.noarch.rpm	SHA-256: 5803fedb6eb0d352c0dfd75fc3b32076a16411c8bf8723747b1161cdb9cd7012

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories