Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2016:2991 - Security Advisory
Issued:
2016-12-21
Updated:
2016-12-21

RHSA-2016:2991 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openstack-cinder, openstack-glance, and openstack-nova update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova, openstack-cinder, and openstack-glance is now available for Red Hat OpenStack Platform 8.0 (Liberty).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage's API.

OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

The following packages have been upgraded to a newer upstream version: openstack-nova (12.0.5), openstack-cinder (7.0.3), openstack-glance (11.0.1). (BZ#1381466, BZ#1396263)

Security Fix(es):

  • A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)

This issue was discovered by Richard W.M. Jones (Red Hat).

Bug Fix(es):

  • There is a known issue with Unicode string handling in the OSProfiler library. Consequently, the creation of a Block Storage (cinder) snapshot will fail if it uses non-ASCII characters. With this update, the OSProfiler library is not loaded unless it is specifically enabled in the cinder configuration. As a result, the Unicode handling issue in OSProfiler is still present, and will result in the same failure if OSProfiler is used, however it will be unlikely to occur in most cinder configurations. A more in-depth resolution for this issue is not currently in scope. (BZ#1383899)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 8 x86_64

Fixes

  • BZ - 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources
  • BZ - 1357461 - Incorrect host cpu is given to emulator threads when cpu_realtime_mask flag is set.
  • BZ - 1379385 - Floating IP shows as associated in Nova after deletion[rhos-8.0]
  • BZ - 1381466 - rebase to 12.0.5
  • BZ - 1381534 - Multi-Ephemeral instance Live Block Migration fails silently
  • BZ - 1381965 - [Backport] Block based migration doesn't work for instances that have a volume attached
  • BZ - 1383899 - Can not create cinder snapshot if the description contains non-ascii code
  • BZ - 1385486 - [8.0.z] After upgrading from RHOSP 6 to RHOSP 8 existing instances fail to start.
  • BZ - 1386263 - NetApp Cinder driver: cloning operations are unsuccessful
  • BZ - 1387467 - glance image-create owner option not working
  • BZ - 1387617 - Can't do image-create for suspended instance booted from volume [RHOS-8]
  • BZ - 1390109 - [tempest] test_delete_attached_volume fails in RHOS8
  • BZ - 1396263 - Rebase to 7.0.3

CVEs

  • CVE-2015-5162

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 8

SRPM
openstack-cinder-7.0.3-1.el7ost.src.rpm SHA-256: 31ee7d2ba815b247bf3c980826f0325662dc1c1837572d0c297a551fde9eab87
openstack-glance-11.0.1-6.el7ost.src.rpm SHA-256: eb804a8583ee21975430fa51d28781a332bc29a6ffec312b17913c024ccefddd
openstack-nova-12.0.5-9.el7ost.src.rpm SHA-256: 4415be61ffdcec90c8e9828a3134230ed44195370c05e7651faa3cd97bbb5e31
x86_64
openstack-cinder-7.0.3-1.el7ost.noarch.rpm SHA-256: 02c357f6a081271fa7d4f75b0948933aefba63f1579388d82d166144811a320a
openstack-glance-11.0.1-6.el7ost.noarch.rpm SHA-256: 9aa75fa2abb99545156c7d5f1666a5f125042ef25aeaf452d659ab7782eefc76
openstack-nova-12.0.5-9.el7ost.noarch.rpm SHA-256: 91d87d9875afb9fd7878ad293ba1614ad0701a44fa47739b7f855b33f3d9b250
openstack-nova-api-12.0.5-9.el7ost.noarch.rpm SHA-256: ff7585a096d7ee96e8341027be2e04512c04e38aecd3610093029a3b5c75468a
openstack-nova-cells-12.0.5-9.el7ost.noarch.rpm SHA-256: 050211ed9e24915ae00bd89b52952f28661319a920245c56732827632f8ec1cd
openstack-nova-cert-12.0.5-9.el7ost.noarch.rpm SHA-256: 7f96fa688938fe491b2bda034e7f788f7ac25eb2ba0bd0ff63f8de55ab8145f8
openstack-nova-common-12.0.5-9.el7ost.noarch.rpm SHA-256: e62224cc881df5f22cb9aa6cf7e8c84af906c2963e7d84b381e1b1c11f9555ea
openstack-nova-compute-12.0.5-9.el7ost.noarch.rpm SHA-256: bcea50c709c09d06dbd7bf77213ac5bdb4be8b992817f6251bea29a40957c4d8
openstack-nova-conductor-12.0.5-9.el7ost.noarch.rpm SHA-256: 02694e4089d7ca5b6c8858c8f70c043001f5b1c08d8f26632bc23ccc638df0b9
openstack-nova-console-12.0.5-9.el7ost.noarch.rpm SHA-256: b4358784ede0b0248c9904ea3557a9c56b414b1ba08373ce083eddce58dc7fbb
openstack-nova-network-12.0.5-9.el7ost.noarch.rpm SHA-256: 51ef9b6d909591acb4a900477588d9a9c6e97a8e678dd87c02b04ead6983636d
openstack-nova-novncproxy-12.0.5-9.el7ost.noarch.rpm SHA-256: 9ef217f1ad72fe37e3e5539682daca7c02402219547381af7080b90be236cf13
openstack-nova-objectstore-12.0.5-9.el7ost.noarch.rpm SHA-256: 041d0112569821e05a7f43e1253fc013da7f5993e3b2112c7f68c28242a919da
openstack-nova-scheduler-12.0.5-9.el7ost.noarch.rpm SHA-256: 38960f6289ce2250e1fe3b617ae8605ec3782fc25f2934e98b40ddb9a8f31008
openstack-nova-serialproxy-12.0.5-9.el7ost.noarch.rpm SHA-256: db9f8b03d8adfa4d0d15c2a702e0a7b6a9efbfc73e4e3ab160506d3e6cb3e549
openstack-nova-spicehtml5proxy-12.0.5-9.el7ost.noarch.rpm SHA-256: 15aae50c83fc1715f9e1a2919dc8c3ee1eab5006a99bd8d638579d3abe49a297
python-cinder-7.0.3-1.el7ost.noarch.rpm SHA-256: fe1ad7157fd300e2e1051ae7faacf7ee37c3920bc046b44e41124da73a5d162a
python-glance-11.0.1-6.el7ost.noarch.rpm SHA-256: d69a8659f5c0b88bf8dbd7a22f0b86ba065015be1f7c77b846add2211974681a
python-nova-12.0.5-9.el7ost.noarch.rpm SHA-256: 7490cfcdb2d50176b998c28d5f33d3e5f3cf2e5c5f7998fbe93fb3752fd74a9a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility