RHSA-2017:0153 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-cinder security update

Type/Severity

Security Advisory: Moderate

Topic

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.

Security Fix(es):

A resource vulnerability in the Block Storage (cinder) service was found in its use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. (CVE-2015-5162)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 5.0 for RHEL 7 x86_64

Fixes

BZ - 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources

CVEs

CVE-2015-5162

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 5.0 for RHEL 7

SRPM
openstack-cinder-2014.1.5-9.el7ost.src.rpm	SHA-256: cb51b6dc22d421ed228965b5e54b80dbd6594e5503e23611369b948d81e9bdb2
x86_64
openstack-cinder-2014.1.5-9.el7ost.noarch.rpm	SHA-256: bb48d45b0acb9823dbce775c5aec1ef3302fd1757896b97c901f51c020a58336
openstack-cinder-doc-2014.1.5-9.el7ost.noarch.rpm	SHA-256: c53b92682a079d2bdb4f67de89c5d4ed00f2379ac2befed990e0a2dcddd80638
python-cinder-2014.1.5-9.el7ost.noarch.rpm	SHA-256: 1ad2fe4023a072fa8a5e44d5bbc65d01771047655ea7517b84b60eca93f428e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories