Red Hat Product Errata RHSA-2017:2447 - Security Advisory

Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2447 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-arptables, net.bridge.bridge-nf-call-ip6tables, and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 9 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 9

SRPM
openstack-neutron-8.3.0-11.1.el7ost.src.rpm	SHA-256: 5bcdd790eec0c13f9e2a86323dd47b6a8de524fb056ed6c0c404100b865262fc
x86_64
openstack-neutron-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 0dd02d6c6bf120077429202fabb9431991e02212c0ec902356ecd49017f95323
openstack-neutron-bgp-dragent-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 019c1612b1ac0943911df3b98a0de6aad112891197d5aedf7be9e8f9735c81db
openstack-neutron-common-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 7c035d67bc4065cc0305277133bfce0c532c60ea75ad0b748729749537c2353f
openstack-neutron-linuxbridge-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 148c1fd619cbace4dd47f4c2fb8153662979c3b1b96a1bb3a8eb528731cb7a02
openstack-neutron-macvtap-agent-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 341afc7098a09d23ae61e24155a43923d133678964abc4fdc54054de3daea253
openstack-neutron-metering-agent-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: ff5fb5fe0eab8598117e895d3b00074cb55407190f95931c3a0eafd0b37d49c9
openstack-neutron-ml2-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: ddd7bd0a722c613fb5cd1e4784f5deba8258b25fed15cb6d6341ff6ccce1f683
openstack-neutron-openvswitch-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: f6e847337eb78ec7a0f41c939df40b1e3723fefe16b63d04dca5ca654e88404c
openstack-neutron-rpc-server-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 11ce8aa32f20f3a8c652f167b182ee6c7342f2186a5088c25abb49572ed3949b
openstack-neutron-sriov-nic-agent-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 0e5eb62b287adda9cc3c84d9af728cb20ca388e155faa04d11dc966ffb82ab83
python-neutron-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: cbbd34caf4edba4126cb02311814909b064f2da1d753afca7851eaef3e941ad7
python-neutron-tests-8.3.0-11.1.el7ost.noarch.rpm	SHA-256: 1273c8343d50171ac0060cf8bdae75cebb8726fc520c71c54ea366f05b623c70

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories