Issued:: 2016-03-08
Updated:: 2016-03-14

RHSA-2016:0366 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-nova security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-nova packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)
for RHEL 6.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

[Updated March 14, 2016]
The original packages distributed with this advisory contained a bug that
could cause failures with non-disk image backends. We have updated all
packages to correct the bug.

Description

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

An information-exposure flaw was found in the OpenStack Compute (nova)
resize and migrate functionality. An authenticated user could write a
malicious qcow header to an ephemeral or root disk, referencing a block
device as a backing file. With a subsequent resize or migration, file
system content on the specified device would be leaked to the user. Only
setups using libvirt with raw storage and "use_cow_images = False" were
affected. (CVE-2016-2140)

This issue was discovered by Matthew Booth of Red Hat.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 6 x86_64

Fixes

BZ - 1313454 - CVE-2016-2140 openstack-nova: Host data leak through resize/migration

CVEs

CVE-2016-2140

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 6

SRPM
openstack-nova-2014.1.5-28.el6ost.src.rpm	SHA-256: 708686df52ab4351d6f398f67d2216a340d3448491399890a7014541de9f7230
openstack-nova-2014.1.5-29.el6ost.src.rpm	SHA-256: 87174c2b809f8fb5c5ec3a7e04f52cd835b4278c26f4cac2bb32c18e28dadff9
x86_64
openstack-nova-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 4198f766acaf63d755589aea3ff888b731438efed727c60f0d5e56dd4b944ef6
openstack-nova-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 354d07033825e09baa182b1dd21232bee52293777e299fd2208f688e2258af2d
openstack-nova-api-2014.1.5-28.el6ost.noarch.rpm	SHA-256: b569e35f94bc10b3cd59b39d47fb256b86f89a2549f7fd2a85a8db06ac6e643b
openstack-nova-api-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 5dce3051fa9ef7268180ea26e0cd93493175b1bb6928ec446d278c018d682889
openstack-nova-cells-2014.1.5-28.el6ost.noarch.rpm	SHA-256: bf5a49771b4471b7247dbb60f97226d5e2d1bae625143cf136f09a17f32162cd
openstack-nova-cells-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 4359439ce5989c5828291f33a913f34eff8e43975e26786456428376dd9a418f
openstack-nova-cert-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 5c07be8c08d96215800105368476da1b9bd24dc71e02e0b283d7a6d524391c14
openstack-nova-cert-2014.1.5-29.el6ost.noarch.rpm	SHA-256: d59affb5f327d1970d1e38e073acfaf74b2f1bc6c908800da1a5de955d83f452
openstack-nova-common-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 3c76629bc1438ffaae0a99acd94f5eb6be8d75a2f7e6e232d2941d6da6e80235
openstack-nova-common-2014.1.5-29.el6ost.noarch.rpm	SHA-256: d008ca85c8bb53e99976ca68de83af618351f0b34a8312167221cf38f7a86c74
openstack-nova-compute-2014.1.5-28.el6ost.noarch.rpm	SHA-256: de4180fc7e46b19258d0880d5a345642f3833fe9f8cb76d59100a0e882f2cee6
openstack-nova-compute-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 0d6e07b04a7b332381a75a730028b92663ae69f97de920b685c7cbc4969d0395
openstack-nova-conductor-2014.1.5-28.el6ost.noarch.rpm	SHA-256: aa14b92b00877260e163c49702aba0a5a9bb0e45d44d015217750f9d70657e42
openstack-nova-conductor-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 3ffa0581748dc83a71fed8262b77fc7e5b304b7b9ab752219d9f49dfd3f017cd
openstack-nova-console-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 1b1c21382a11111fa502c2cb2c5091c59e50ef309bedf5bc4190d79f71936678
openstack-nova-console-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 83db09691f0f118c49efb82b0e635c02e9cd9b14390727394ce3273c87c2fa93
openstack-nova-doc-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 133e67057f4006a1936db5f0a90641f87e8856b095379858fc36332ea31b728b
openstack-nova-doc-2014.1.5-29.el6ost.noarch.rpm	SHA-256: fb5771c1b6e161a9a5a51ff1821141c7347de66884e9084031f4d4127efc61b2
openstack-nova-network-2014.1.5-28.el6ost.noarch.rpm	SHA-256: a8eaa5b9ccc1854cd970050c0d7324650125e3353237a23794a0d11192656794
openstack-nova-network-2014.1.5-29.el6ost.noarch.rpm	SHA-256: db7352f701d25ba2e6fb9bdc465d77b641c1f8c68fca110c39baf451a82abc12
openstack-nova-novncproxy-2014.1.5-28.el6ost.noarch.rpm	SHA-256: c30fcfe7e7369edd2a5605df06b019ec5ac2fa2c36fc058e3fa88100d7f00c16
openstack-nova-novncproxy-2014.1.5-29.el6ost.noarch.rpm	SHA-256: b1b140d6a810e782a56eaaa394d766d16d88cd5aa07897fcfa3af49cbce8ad82
openstack-nova-objectstore-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 2f976fcf988a59e5a2ae7605bfe5d854b260c1ae28ec813d1b92777b4ff55442
openstack-nova-objectstore-2014.1.5-29.el6ost.noarch.rpm	SHA-256: cf8add58012f9e623a69f226696cc628f21159360d3513523e89594ba12cf241
openstack-nova-scheduler-2014.1.5-28.el6ost.noarch.rpm	SHA-256: 55511ee46578ccab427c13f619bc6597beb711251348d760a7d46007f81b3e62
openstack-nova-scheduler-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 28b35bdca38339baccd7651f2d72eae593a40263450995b9179ac9e9d83fff57
openstack-nova-serialproxy-2014.1.5-28.el6ost.noarch.rpm	SHA-256: df262436ee89573787c469747348cd1dd24c4472a59c0bb7cbb87e9516122374
openstack-nova-serialproxy-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 5804272f5ff0513c465a2536191093e8b9304cfca71ad8263c1d00a6a170675b
python-nova-2014.1.5-28.el6ost.noarch.rpm	SHA-256: b3d76e96f93786ae38369c20dd6141ee37b8d75b2df256e728b78cb0ae4c64ae
python-nova-2014.1.5-29.el6ost.noarch.rpm	SHA-256: 382e83524d32d432ba48659d2846723e68b3e912a365e621f316a4a830105bc6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation