Issued:: 2016-07-20
Updated:: 2016-07-20

RHSA-2016:1474 - Security Advisory

Overview
Updated Packages

Synopsis

Low: openstack-neutron security, bug fix, and enhancement update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

The following packages have been upgraded to a newer upstream version: openstack-neutron

Security Fix(es):

Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests. (CVE-2015-8914, CVE-2016-5362, CVE-2016-5363)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 7 x86_64

Fixes

BZ - 1311864 - Neutron L3 Agent shows duplicate ports
BZ - 1345889 - CVE-2016-5362 openstack-neutron: DHCP spoofing vulnerability
BZ - 1345891 - CVE-2016-5363 openstack-neutron: MAC source address spoofing vulnerability
BZ - 1345892 - CVE-2015-8914 openstack-neutron: ICMPv6 source address spoofing vulnerability
BZ - 1347428 - neutron-meter-agent - makes traffic between internal networks NATed
BZ - 1350400 - Rebase openstack-neutron to 2015.1.4

CVEs

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 7

SRPM
openstack-neutron-2015.1.4-2.el7ost.src.rpm	SHA-256: dd8607ab2800e66239a71d171f3668b66400926a051d4f214010e41bc02e4b94
x86_64
openstack-neutron-2015.1.4-2.el7ost.noarch.rpm	SHA-256: c044088592d4685eaefb59a8bdb52285b832e0afaf7312ef0b14958824cc8d60
openstack-neutron-bigswitch-2015.1.4-2.el7ost.noarch.rpm	SHA-256: abf252218aa1cf55b6b60a15ae90c4db2384ae77f53175abaa9f7e5610c256ae
openstack-neutron-brocade-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 0c130d0e7b6331ad5710a08a477a68d8deb9964f538a7d6c58986d2c5fb556b7
openstack-neutron-cisco-2015.1.4-2.el7ost.noarch.rpm	SHA-256: f9599e9775010deaeeb71404b913c54d8b3ba6db05a567ec794aa404993838ed
openstack-neutron-common-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 66ec8d2d744e0f1ef71e0c532f3ab3bc99b51645bef2cfcf34e481f684b2d0d1
openstack-neutron-embrane-2015.1.4-2.el7ost.noarch.rpm	SHA-256: e683a31670f15329ba5ed9022a3add5f43c3d184ab082429c4084ad38306944d
openstack-neutron-ibm-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 72c7b31fca4b62402e9076bba25183bb26ae129589d271784f81e664fd0c511f
openstack-neutron-linuxbridge-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 5ff811034f70fdca5f16e51afa1445625a9d0a1b161dbc7cd9ce31323fce8cc3
openstack-neutron-mellanox-2015.1.4-2.el7ost.noarch.rpm	SHA-256: fcb20ed45523650c1dc8a66235d965a4dfb9c63d0f2e8ba806d3099d6ca4f090
openstack-neutron-metaplugin-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 485d0ae288b8764cdbf7f6431754d9556211dddc1d343ecd9a80b5764bea9941
openstack-neutron-metering-agent-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 61262040b03b247db6302606be6230609ce099940d864ee8eeca0d4338fe79d3
openstack-neutron-midonet-2015.1.4-2.el7ost.noarch.rpm	SHA-256: b4b8fb761a6dbad78c78be148f1e304b9a8aec5f7a8e309d9823aaed7a118840
openstack-neutron-ml2-2015.1.4-2.el7ost.noarch.rpm	SHA-256: b61646fd256626d40f78f60ae899cc53c1ae1836f96bdc463d567c4770cd8107
openstack-neutron-nec-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 5bf0efa809a3e0ad5a505cb8927f18c24f61ddbc0f33a5982b4e1e96688bc882
openstack-neutron-nuage-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 6052b6f2b80db9066481b3370b8c3c152ab65138b70db85c44d43d25eca3e65f
openstack-neutron-ofagent-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 901fa368b2e401bcdbc3c77e455849ddb6b796a241376d0300945714d86c2898
openstack-neutron-oneconvergence-nvsd-2015.1.4-2.el7ost.noarch.rpm	SHA-256: de3eee0721684ceaff4058a57a23d7699548d34cef92332ec3d228d0d5f5549e
openstack-neutron-opencontrail-2015.1.4-2.el7ost.noarch.rpm	SHA-256: fe57b1a0cf01a70db7d7fb78eafe76b77f9ee4d6bbad140e262cde2b9f03e47d
openstack-neutron-openvswitch-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 6c662c7f69702a52c55e380aa62368dbd7e40c9d6c80fc4e7e25ef0b88122b95
openstack-neutron-ovsvapp-2015.1.4-2.el7ost.noarch.rpm	SHA-256: b741a3aa2a5ef7932d7f76ce8c30c4b61eda77475473ce159a6910e25467520f
openstack-neutron-plumgrid-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 7c4d3db796579119ebc1baa8b0f92ef2be847158fe9f6ad11668ce3201b3d786
openstack-neutron-sriov-nic-agent-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 2dd359a6ca489b3ef018d4f56c81177b85e3f6305f6d6a7b07f567017f599821
openstack-neutron-vmware-2015.1.4-2.el7ost.noarch.rpm	SHA-256: cdf698cdee2a6451309daf59d9bc470a45c97d0ef175a071e9e966dc25c83251
python-neutron-2015.1.4-2.el7ost.noarch.rpm	SHA-256: dceb26d257b1fa238a25256d037eb8a858cbe46c3d40220748c9cf1933dae3de
python-neutron-tests-2015.1.4-2.el7ost.noarch.rpm	SHA-256: 5495f8fd3f007191917888fc31a0b3fa458d761dafe1494ed87bb84b4462fab0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation