Issued:: 2016-03-08
Updated:: 2016-03-14

RHSA-2016:0363 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-nova security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-nova packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo)
for RHEL 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

[Updated March 14, 2016]
The original packages distributed with this advisory contained a bug that
could cause failures with non-disk image backends. We have updated all
packages to correct the bug.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

An information-exposure flaw was found in the OpenStack Compute (nova)
resize and migrate functionality. An authenticated user could write a
malicious qcow header to an ephemeral or root disk, referencing a block
device as a backing file. With a subsequent resize or migration, file
system content on the specified device would be leaked to the user. Only
setups using libvirt with raw storage and "use_cow_images = False" were
affected. (CVE-2016-2140)

This issue was discovered by Matthew Booth of Red Hat.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 7 x86_64

Fixes

BZ - 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration

CVEs

CVE-2016-2140

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 7

SRPM
x86_64
openstack-nova-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 1b0c98d1886d9c8e50feaf384c469c70951a6b26557992c373fade11f0edab3f
openstack-nova-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: f8e0fb9b1d01d509d5ce044859d63822ab867b25db9901869dd2bc70ead0a20b
openstack-nova-api-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 588b80914e02fa6f1de89c77f3af7502d9d41edc44776d8378b8b9938be8ea3b
openstack-nova-api-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: b04db7611aa8df86402f261f55bf8ceffd91c33772705516f6b75f3db4c8a36c
openstack-nova-cells-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 93bdbc2b0a3c0ebbe4a63a4ad33da1f669147a171da57cf526c86f5eb82341ac
openstack-nova-cells-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: c8be219485f24d7dca3a7b8b8708aae47375b326a2cc6a4f1c037933f6950680
openstack-nova-cert-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 6a59311aaa82c956d3fcedfc36c984355ea196eef37f9596f967499d70b6b4ba
openstack-nova-cert-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 1dc69f84ca4507c41d6a34add8f887bfcedf56db73e9765bfbad8ecfc5b67cee
openstack-nova-common-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 4dd7fd59709318a277eb387deecc9ef649330ea92fddf9cf27571790e8362adb
openstack-nova-common-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: c1d3f52cb7d863161d01de51c8d226bbeeff3e57bdd2289ae3136def2927c917
openstack-nova-compute-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 183a30b71b495a2792bda7f973da22b488b2a879187b4bd424980289c474e085
openstack-nova-compute-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 1089021489d62e00eca639f8288aa1658f1e014cb5cab1e5b05382ef7141b119
openstack-nova-conductor-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 02fa814b4e2b96d3e732c677d702f8a7f40668f3f3aeba80b0359d707a3db1a8
openstack-nova-conductor-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: e90ec8782b4a291ffc7be265746f65211a8275f95419637a7a84e16945a28232
openstack-nova-console-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: a104418ba2bcc1da4b186fde8586045d96645b5db9848cc00b33750dab5a32e3
openstack-nova-console-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 0cdb931b7d3a4823e2946d0040670766310fba0a24e0682b4f4ef1f580d2d775
openstack-nova-doc-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 48c0d5041545f16ff95ee690f72024525d14fd9f0bbe3158bbcab468f550a5e8
openstack-nova-doc-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: e1a3bf9bf8864617e6d77aa64aefb55fae47ef5d5a6223379696a46fe3f79634
openstack-nova-network-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 69750fffc1da6a47c69fdb8b75f2ba9eff7c0e89aa8cfc25ca79f86e452b3ba2
openstack-nova-network-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: a4c33205c7a9496c3442b23ff5b0df23e927d66d1f6f083ed4482719c21d6d2d
openstack-nova-novncproxy-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 2fcababdc2516cd151e629182f51ba49e72d5511a5bb721eb3531fca541e84f1
openstack-nova-novncproxy-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 8a0ba3ba4457aa76d41a72042071df7ad77c2ea7f34070bce7b6c9b823f16fd0
openstack-nova-objectstore-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 70df470cf5f397549a5149907e4b8ef29a70c04097041790e65a35b9844ed12f
openstack-nova-objectstore-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: c4b776328b4f0600fb52f33cd4b75eb8c86900f3d634f703517e27d26be0b922
openstack-nova-scheduler-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 424b3d2eccee0a0ef1eb37da8dccd958fd1b868dc01d7cbfa26b84cf1b39b4de
openstack-nova-scheduler-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 78d172016af8663c6e84eaec83d1bf7c9b98b14592b45773c601b368f24ed6e8
openstack-nova-serialproxy-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: ad1fc9699221e5470a952d23e4a7ac0a22bf81137e007e8a6a3d40874e36c8ce
openstack-nova-serialproxy-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: 0f1b4504a5d090c577370c953e180530cfe59c49ba8b1f59edb4c25f16439b48
openstack-nova-spicehtml5proxy-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 261bd267f501b3efa9f091f61d2fdc88c06a12c8539de17fbd56ea3411eb1a32
openstack-nova-spicehtml5proxy-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: df1b3ac4aba67a03f4b6a5cc498e1dc300a4f9fe4bc477ce05ccf62e17716006
python-nova-2015.1.2-18.1.el7ost.noarch.rpm	SHA-256: 9cb73e9e8616c4390036466abc4958196c6d1d7a482789432bf6593fb4f332f2
python-nova-2015.1.2-18.2.el7ost.noarch.rpm	SHA-256: b377fcee3d0667f80eb253ea97e5717e1853f2cced5f0d492cf119e32d7a1703

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation