Issued:
2016-03-08
Updated:
2016-03-14

RHSA-2016:0364 - Security Advisory

Synopsis

Important: openstack-nova security update

Type/Severity

Security Advisory: Important

Topic

Updated openstack-nova packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno)
for RHEL 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

[Updated March 14, 2016]
The original packages distributed with this advisory contained a bug that
could cause failures with non-disk image backends. We have updated all
packages to correct the bug.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

An information-exposure flaw was found in the OpenStack Compute (nova)
resize and migrate functionality. An authenticated user could write a
malicious qcow header to an ephemeral or root disk, referencing a block
device as a backing file. With a subsequent resize or migration, file
system content on the specified device would be leaked to the user. Only
setups using libvirt with raw storage and "use_cow_images = False" were
affected. (CVE-2016-2140)

This issue was discovered by Matthew Booth of Red Hat.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 6.0 x86_64

Fixes

  • BZ - 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration

CVEs

References

Red Hat OpenStack 6.0

SRPM
x86_64
openstack-nova-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 2ebf9fbba9d2adc677ab22eca4036346212287107d1cd390f4b46cc9370d54b4
openstack-nova-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 3c5924a0904ffc9d8468dfeba4f7f152a562fc3775b031e440413bf4e6035a0f
openstack-nova-api-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 45d4ae64468e40ce6bf3b792afec9465795c8b9cb66280c738774aa73e08e38f
openstack-nova-api-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 5f7449985759001677a84f2e5db5814ada037b0c8366749723722ca7a1a4cae7
openstack-nova-cells-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 640792261f0ac12b6327630235a5a8114ebbc6008a143667109b1b68f6622b7f
openstack-nova-cells-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 1ca5a4fbbe8b5d2bd3ecbaf2b7a794bad4aab0a93fcdae3ed9766da9ff0c5a3a
openstack-nova-cert-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 893212539fbc7224661a384563a876854d3009959909d28ed94af4200386080e
openstack-nova-cert-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: b7709fee975c48de2eec5ae2ab1948cdfa67311ecab419cdd4993808913032d9
openstack-nova-common-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 9ff2c6c2b5d4802c9395cd6975a1acf3b5c807a68e6eef2d577ced7e4c21cd3d
openstack-nova-common-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 6586254463862a35aa95b97136078ad316defd1f613ae9043d4f37e59e2cb5b8
openstack-nova-compute-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: bf6d3b938a9cae31f4a5bc1d453ae1b9150b18ae4c54b0eca64cf5327a563b30
openstack-nova-compute-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 6d2a86460380dc48f56b9c83e7ea4b6c2ed4fc5aeabddb9007f6e0a29b145789
openstack-nova-conductor-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 5d8f3692ff322474d37bc7c64da2bb484ad1f4d1b7ca6cfb1ecd81ccbf393a97
openstack-nova-conductor-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 871114fcb695564b28216e09a8411d55be2686559d2d101d4ebf182f7bb8a189
openstack-nova-console-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 0c561eb924750d608ead3474c9c37e084610bbff4da9b3ae16db42676839f3c7
openstack-nova-console-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: cf6c11d95b6924ed55185dad8dbf9ce311bf7b43a5b7e02f4d40d0467f04231c
openstack-nova-doc-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: d8e63da5991c70036ce6ca058c39624fa24df3aac4c87602cd2421dd78522ec2
openstack-nova-doc-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 05a3e5f37f0698977be46f9329fc84693956b4120f68615c91197c8071a8eeed
openstack-nova-network-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 6f36c6d289d1b65bc15852535b9731ab55190eb4d0d0a3cfa10c0081eea234fc
openstack-nova-network-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 64915f21f46fe01587ce9b78104d6dd7b6584cade079347979b36bf391676580
openstack-nova-novncproxy-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 3b0ec7436b53fa6f3fe44347af69a776e3ed6ef253129ad90ca2c05711d55b3c
openstack-nova-novncproxy-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: c71081e1542b6d24a53358fc2b3d73738617dd5e42ed89e641207b6d0abee890
openstack-nova-objectstore-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 6aeace72215398fbd01ab70fc906a44e9cddbb9f8dbf9d842323583950195638
openstack-nova-objectstore-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 7c2cf510eb82b6fce14ee7134c6602ea8c130f5ca290443a4f1a6a19604d1d85
openstack-nova-scheduler-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 81e66440380ec7be5a55dbec1207c5f71c32eef86f39f0b086cbe97f00ca79ff
openstack-nova-scheduler-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 1dc95dbd50e6c050d4449c450558c8528bff394d1a27616ac1eb42f951d4aa49
openstack-nova-serialproxy-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 0f81e293afe7a7545f9d9edeb1a7ba901c2fbce63b9d3d0c441724606bec15d3
openstack-nova-serialproxy-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: bc616bd508675b8f13cd1c223862c8eb4dc778cb4f1d79f847d616bb731fdcb0
python-nova-2014.2.3-54.1.el7ost.noarch.rpm SHA-256: 7bdfd74ce9bc1258bf600c490e51c88d985a393decba9618fd73e0ad798e2b33
python-nova-2014.2.3-54.2.el7ost.noarch.rpm SHA-256: 4315ef61eb9ff54681bbfcb6b03bb865141ceb2e4e33c2f876b7b5cecfced681

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.