Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2016:2923 - Security Advisory
Issued:
2016-12-07
Updated:
2016-12-07

RHSA-2016:2923 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openstack-cinder and openstack-glance security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openstack-cinder and openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API.

OpenStack Image service (glance) provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

Security Fix(es):

  • A resource vulnerability in the Block Storage (cinder) and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 9 x86_64

Fixes

  • BZ - 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources
  • BZ - 1380842 - Creating Encrypted Volumes with Cinder(Ceph backend) gives false positive
  • BZ - 1381283 - cinder-api lost SSL in oslo.service wsgi move for Mitaka
  • BZ - 1381350 - qemu-img calls need to be restricted by ulimit
  • BZ - 1386253 - NetApp Cinder driver: cloning operations are unsuccessful

CVEs

  • CVE-2015-5162

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 9

SRPM
openstack-cinder-8.1.1-4.el7ost.src.rpm SHA-256: 5e8240753576510947b7b32845dff842dc972da7de3cf9e9f5014adaf85411b3
openstack-glance-12.0.0-2.el7ost.src.rpm SHA-256: 0ea62e96f9bef4c4084be82de7c48353a0f0339b8389f8e7eec58b6362a071ed
x86_64
openstack-cinder-8.1.1-4.el7ost.noarch.rpm SHA-256: 5c68a5b6b9973f9c78aae0481f0d9f5bddc7ec50b5bbea4749abc4a57ece29d7
openstack-glance-12.0.0-2.el7ost.noarch.rpm SHA-256: 94e80edeee317e2e13657439dc44c4a3fb0ffe328ad12e3d44386592da0ffabf
python-cinder-8.1.1-4.el7ost.noarch.rpm SHA-256: c1fdc956818dae43157d327d4a52c9887b6b4d72db61fa89928083fd129c2aa8
python-cinder-tests-8.1.1-4.el7ost.noarch.rpm SHA-256: ddde2cb588c8b751f2ea0093572ff5d5d3aabfd6e0d9aa072367790bd16259dc
python-glance-12.0.0-2.el7ost.noarch.rpm SHA-256: 2941942da54dee987ce597b7e6cdbf110238e36c2541e8641a68eae06c5761af
python-glance-tests-12.0.0-2.el7ost.noarch.rpm SHA-256: 962dfc0c4331725fe2e7f46bfeb033a01d17cc3c4933c7845d6dfb28f409d49e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility