Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2448 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-neutron-9.3.1-2.1.el7ost.src.rpm	SHA-256: 223e8ba4be4190c4fc3fcfbed79837d0499d9dd8cd355f881be217e5ba1b5550
x86_64
openstack-neutron-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: be038eb8919b6392710ee7feb4c28fb63a1238b2ad23f046979436fe2effcfd1
openstack-neutron-common-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 9a3dc5c6e1537691a4b5cc3995f40e09c4a46d8a62625dda808c558984f19a77
openstack-neutron-linuxbridge-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: f7324e7fd4bedd7dafbd0ba12ea5fe134038c3d6c0b4c0ea8048f736b5f400ea
openstack-neutron-macvtap-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: a3b5260024877501c92c36da0493e0c6db0f8515318f4b1e876cab4c7fe02f1a
openstack-neutron-metering-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 6e9378460da8e4a6a7de1d0cb963be9a65354ce744ac815c337e1a0a26960bdb
openstack-neutron-ml2-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 9bfb89667b18d9a5d81de7fe53b4177c8b4548e24de26797015eee5e8f7cc6a2
openstack-neutron-openvswitch-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 29b1a24d1bcf75d9ad7acc3c7f3a22c26c44e35936390bc2ca5628dacfe21447
openstack-neutron-rpc-server-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 4dc12e52fcfb6c1fcca38efed72692b8d7c1dc9d9facf4ea9830aa98665e26f0
openstack-neutron-sriov-nic-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: ffead032eaa9d0d8c8b397e5d7715a1889758e4080838aa27a35d9b1d07036ea
python-neutron-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 06cd09f62adba31f39f3ea09c22255858e9326972e1d05b3b21060c0d63a738c
python-neutron-tests-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: ebf44d7becaa0ad6bc94750c2701f24bab3635fac502be520b0de4c815c3e0c6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation