Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2017:0282 - Security Advisory
Issued:
2017-02-15
Updated:
2017-02-15

RHSA-2017:0282 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openstack-cinder, openstack-glance, and openstack-nova security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Oslo concurrency library has utilities for safely running multi-thread, multi-process applications using locking mechanisms, and for running external processes.

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images. The service provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services.

OpenStack Block Storage (cinder) manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programmatic management is available via Block Storage's API.

Security Fix(es):

  • A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances.

oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw. (CVE-2015-5162)

This issue was discovered by Richard W.M. Jones (Red Hat).

Bug Fix(es):

  • qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits ('prlimit'), which is needed to fix the CVE-2015-5162 security vulnerability. (BZ#1383415)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 7 x86_64

Fixes

  • BZ - 1268303 - CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources
  • BZ - 1316791 - Instance was deleted successfully without detaching its volume, if nova-compute was killed during running "nova delete"
  • BZ - 1349005 - cinder volume backup throws UnicodeDecodeError: 'ascii' and access denied
  • BZ - 1365899 - Missing dependency of python-oslo-log and python-oslo-policy in openstack-cinder
  • BZ - 1370598 - multipathd segfault during volume attach
  • BZ - 1378906 - nova-scheduler fails to start because of the too big nova database
  • BZ - 1380289 - [Backport] Block based migration doesn't work for instances that have a volume attached
  • BZ - 1381533 - Multi-Ephemeral instance Live Block Migration fails silently
  • BZ - 1383415 - [CVE-2015-5162] oslo.concurrency: Backport support for 'prlimit' parameter [OSP-7]
  • BZ - 1386268 - NetApp Cinder driver: cloning operations are unsuccessful
  • BZ - 1391970 - [tempest] test_delete_attached_volume fails in RHOS7
  • BZ - 1394964 - Live migration with config-drive fails with InvalidSharedStorage error
  • BZ - 1399760 - rbd snapshot delete fails if backend is missing file
  • BZ - 1409820 - Creating Encrypted Volumes with Cinder(Ceph backend) gives false positive
  • BZ - 1410046 - Multiple attempts made to delete iSCSI multipath path devices
  • BZ - 1416884 - [7.0.z] nova creates an invalid ethernet/bridge interface definition in virsh xml
  • BZ - 1420451 - revert Use stashed volume connector in _local_cleanup_bdm_volumes from openstack-nova-2015.1.4-28.el7ost

CVEs

  • CVE-2015-5162

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 7

SRPM
openstack-cinder-2015.1.3-12.el7ost.src.rpm SHA-256: 1671f2aec1a2ab9e5b79b7d07bb30880ec5053990907d717ef9837cadf51e66b
openstack-glance-2015.1.2-3.el7ost.src.rpm SHA-256: 1c77574b9d6d093531f4d8af6788f697fe498696febfbc7c6e0bd465eb26a63c
openstack-nova-2015.1.4-32.el7ost.src.rpm SHA-256: cc0aec2048fc61e514299b2c56c9c250898b090353a1b290185933281cdc9431
python-oslo-concurrency-1.8.2-2.el7ost.src.rpm SHA-256: 4d9dd95ae7a9b45e5c5ad4faaad7e7433e19b88ef9fa8de2f5488bfc09cd192e
x86_64
openstack-cinder-2015.1.3-12.el7ost.noarch.rpm SHA-256: e35f32dd13775a5520e1f7b6477c9be71dac7a6b230b5d64cff430b8b7427c9b
openstack-cinder-doc-2015.1.3-12.el7ost.noarch.rpm SHA-256: 6e0d0016c0192f94a30b9a2cff83f0e6ccabf7cddd95110ee311404c909d5cdd
openstack-glance-2015.1.2-3.el7ost.noarch.rpm SHA-256: 1cd6c7f9efc4ef3869d6c4857dc8484bbd7a37107ac241a5fee852cbbef76dd2
openstack-glance-doc-2015.1.2-3.el7ost.noarch.rpm SHA-256: 0f039b168e3d5278e2441b9e228687d1ed8df5dfcb3ab9d3d7a69d6d3ab1c508
openstack-nova-2015.1.4-32.el7ost.noarch.rpm SHA-256: 1d835e43d589d7220568e0d0a3b5dce1f5a9061789aa32223ebb882200902d62
openstack-nova-api-2015.1.4-32.el7ost.noarch.rpm SHA-256: c89df4052fbfe3ce3cd375f082df5b5f23f3d69c0fe3a6251c1755abb808665b
openstack-nova-cells-2015.1.4-32.el7ost.noarch.rpm SHA-256: bc7f7e36bf9600b9d85cc0c977e80e55bf061c8a57414c1919d2da577d4ae5e1
openstack-nova-cert-2015.1.4-32.el7ost.noarch.rpm SHA-256: dfbff3e35b81ed0406fd319a063ef3a6188bafcbc5bcb344d569f09f4291106b
openstack-nova-common-2015.1.4-32.el7ost.noarch.rpm SHA-256: ac58e06e8f8c6f90a84600302976ed4f9616116591bd2af43935bc30f0f29b66
openstack-nova-compute-2015.1.4-32.el7ost.noarch.rpm SHA-256: 054a7100c2e7a287f427e0196fbf16cc2f7e863cf249e315c24e51bfadd882de
openstack-nova-conductor-2015.1.4-32.el7ost.noarch.rpm SHA-256: e6fa9310a2c07ae3cd0388bad1c1b645b4860f2cd45a3d434659198f4fdbd0b0
openstack-nova-console-2015.1.4-32.el7ost.noarch.rpm SHA-256: 3f4c5d35b947f0b24c3c47ed5310c9a5878c15bbfb0f5ba0dd3197cf44f057d0
openstack-nova-doc-2015.1.4-32.el7ost.noarch.rpm SHA-256: 2dbaf14271f8bda27a5cdfd3f390020f61c171c5155f2e7b18403c80df847ef3
openstack-nova-network-2015.1.4-32.el7ost.noarch.rpm SHA-256: e0648971bb03bfd3217d6ab476ff6d22a41a6135fb73bbb4dcce09cc0c22bfe2
openstack-nova-novncproxy-2015.1.4-32.el7ost.noarch.rpm SHA-256: 658cf09b30a503d2ae171036296b6be8c35b3e25fb6f76e3beae758added3c57
openstack-nova-objectstore-2015.1.4-32.el7ost.noarch.rpm SHA-256: 767c43e8d1c4ebc8ca7784ceb8f95f74e4a98005d2b6886f736de69f2d377eb7
openstack-nova-scheduler-2015.1.4-32.el7ost.noarch.rpm SHA-256: 7ed5f973058aa667eed5a634f7965ef8649bcb1026949fdb90d01d3b06084761
openstack-nova-serialproxy-2015.1.4-32.el7ost.noarch.rpm SHA-256: bf25089e949bbb440c6a4110043b00f9bbaf27f66a9845e10b4a38807973ad05
openstack-nova-spicehtml5proxy-2015.1.4-32.el7ost.noarch.rpm SHA-256: b0db3952a3b845bda380c342585b7fed2f451a3a5cf4f37e5f9f7ad0550def23
python-cinder-2015.1.3-12.el7ost.noarch.rpm SHA-256: 0fce2e265697038d1ac81a2f202bcce231685dae19d09114a470fa1c446256aa
python-glance-2015.1.2-3.el7ost.noarch.rpm SHA-256: 352dd2bfe618266c759bb372a28ddcd843d17b4eaa1aeba21300f0105589e79d
python-nova-2015.1.4-32.el7ost.noarch.rpm SHA-256: 286479999eea4a29ca9770f6a570ec10dd3de0431f831ff16687ec13972dbe00
python-oslo-concurrency-1.8.2-2.el7ost.noarch.rpm SHA-256: 01a3cfac552d832d1f3063663ce4ab50e1f91eaa9c18d5122e6ecb2105bc97af
python-oslo-concurrency-doc-1.8.2-2.el7ost.noarch.rpm SHA-256: a30975fd3d79ff7cbf3cb6d2bce2935cf60874ba8d4650b4c45d8f6566699491

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter