Issued:
2016-03-08
Updated:
2016-03-14

RHSA-2016:0365 - Security Advisory

Synopsis

Important: openstack-nova security update

Type/Severity

Security Advisory: Important

Topic

Updated openstack-nova packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

[Updated March 14, 2016]
The original packages distributed with this advisory contained a bug that
could cause failures with non-disk image backends. We have updated all
packages to correct the bug.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

An information-exposure flaw was found in the OpenStack Compute (nova)
resize and migrate functionality. An authenticated user could write a
malicious qcow header to an ephemeral or root disk, referencing a block
device as a backing file. With a subsequent resize or migration, file
system content on the specified device would be leaked to the user. Only
setups using libvirt with raw storage and "use_cow_images = False" were
affected. (CVE-2016-2140)

This issue was discovered by Matthew Booth of Red Hat.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

  • BZ - 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration

CVEs

References

Red Hat OpenStack 5.0 for RHEL 7

SRPM
x86_64
openstack-nova-2014.1.5-28.el7ost.noarch.rpm SHA-256: a2feb8d98cffbf8b82f5bea797346967f719b0855d4097ba0536e601eded6d36
openstack-nova-2014.1.5-29.el7ost.noarch.rpm SHA-256: 1ca9b3a23101f519ae9cb2efa89b376f7aebe3d7f8c94c2cb228a8769669b562
openstack-nova-api-2014.1.5-28.el7ost.noarch.rpm SHA-256: 1151f7e563ae49541845c0a0500f45c27f32556ce41de23573d3058293e8bd9f
openstack-nova-api-2014.1.5-29.el7ost.noarch.rpm SHA-256: 400fcc14567051369d9e14233d5b9d4f0451aacc98e098f4f693570b765edff4
openstack-nova-cells-2014.1.5-28.el7ost.noarch.rpm SHA-256: c0d9f450eb555c1b8c8b4ae56f6fad4beb44cab6719473d06aebed110e0bd4b8
openstack-nova-cells-2014.1.5-29.el7ost.noarch.rpm SHA-256: 4af19f5423616248d4c84fcb82c779c74c772946f19597c835f9faef353aa6cd
openstack-nova-cert-2014.1.5-28.el7ost.noarch.rpm SHA-256: 3947f7af990c57cc8561a5b0f191d1d5f4b0de9c6a8d309b93f626fb1e6950f0
openstack-nova-cert-2014.1.5-29.el7ost.noarch.rpm SHA-256: f36ee1900ecd398a7a3ab09692622183465c4073024728120a2ac233975759d7
openstack-nova-common-2014.1.5-28.el7ost.noarch.rpm SHA-256: 17e067276b183623e434e3ef0c70f821302f42e4c6ab43a6fac29e2b690824bd
openstack-nova-common-2014.1.5-29.el7ost.noarch.rpm SHA-256: 99f21821977c664404cbe2353f826c94d6c1c1c6a1f3430857d52332d3a69146
openstack-nova-compute-2014.1.5-28.el7ost.noarch.rpm SHA-256: 6167431223765eee0fc28727b204d120e8e597c4408a0354ca447d7a9122fc37
openstack-nova-compute-2014.1.5-29.el7ost.noarch.rpm SHA-256: 8d3a53f7925eef2831f6b1490d30d4e00b2d5a60f6fd36c18064478e885dc126
openstack-nova-conductor-2014.1.5-28.el7ost.noarch.rpm SHA-256: b99fc2d817789f69c2c4119199705627163c20413b64caa35f19f86348c90f42
openstack-nova-conductor-2014.1.5-29.el7ost.noarch.rpm SHA-256: e7257d8e5133ed6a967d2ca914ced8ff9bc2e0d75c38749a380314ae650384c3
openstack-nova-console-2014.1.5-28.el7ost.noarch.rpm SHA-256: f6e4afebffe9cb17b03a70a8317502716de7333edafc9163fc9019ecca5261aa
openstack-nova-console-2014.1.5-29.el7ost.noarch.rpm SHA-256: 0fd0d7b435ec98647e3fc0da84305adfbd9f3ac68d963378a6a13b881c365be1
openstack-nova-doc-2014.1.5-28.el7ost.noarch.rpm SHA-256: d0bdd0302d5f591b2a298f59d27ff7df6e98280167b10b98629694c682aa83ea
openstack-nova-doc-2014.1.5-29.el7ost.noarch.rpm SHA-256: bfe987b46dbed3db99b6ef8c8cc02f70d6f29b5454270c6c2c84bf7aabe4c4e6
openstack-nova-network-2014.1.5-28.el7ost.noarch.rpm SHA-256: b2ace84f440b245ecccea9b6756e14ea6b85627501014eee21a482d7f4ac79f7
openstack-nova-network-2014.1.5-29.el7ost.noarch.rpm SHA-256: ffe9b83ad6291db7f0dcbea57e089503fb69925147236b58c2d505caa21116d5
openstack-nova-novncproxy-2014.1.5-28.el7ost.noarch.rpm SHA-256: 35319015dae69cc1d5e15fc69fe6a3f03e472ea68aec345cfb8905dfb53919b0
openstack-nova-novncproxy-2014.1.5-29.el7ost.noarch.rpm SHA-256: d2b880b5e2d7d54fb243b081292fc65f5429bfd90d3c0452b0d07d78fadb6094
openstack-nova-objectstore-2014.1.5-28.el7ost.noarch.rpm SHA-256: 39b5cd0ee762f130ab1a466a6caa1a3a1ba7349b637b2819c98bf06080a4849d
openstack-nova-objectstore-2014.1.5-29.el7ost.noarch.rpm SHA-256: 3283063ca308475219608cbaf746d2ac32b2fab0bd889c9cb2916e97216f6b11
openstack-nova-scheduler-2014.1.5-28.el7ost.noarch.rpm SHA-256: 1d669b6c1980e4a31427c9c921468bcb8ac951cddcba67eab40a1915d2cde98a
openstack-nova-scheduler-2014.1.5-29.el7ost.noarch.rpm SHA-256: e6d8cb72c394d62406f81f131b12a30ebe4cff53141b460d0a25ebb3d2d1da95
openstack-nova-serialproxy-2014.1.5-28.el7ost.noarch.rpm SHA-256: 9e7ca94261bf8ddf8f070ff8858b7234638c5fb253e2a4ea6ad9fca60da61547
openstack-nova-serialproxy-2014.1.5-29.el7ost.noarch.rpm SHA-256: 1d41fc168db09b9f81babb50801c109392dcd183b7f6db4e2b840e22da514a35
python-nova-2014.1.5-28.el7ost.noarch.rpm SHA-256: 1f86b4f7f63af41d2e3bbe0570e802afaba56c18912c8309d14f6f2672c1797f
python-nova-2014.1.5-29.el7ost.noarch.rpm SHA-256: bcd437b1e262cad792d1cdd5652efbc340ca79442ebf14ea84622be931e0a319

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.