Red Hat Product Errata RHSA-2017:2448 - Security Advisory

Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2448 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-neutron-9.3.1-2.1.el7ost.src.rpm	SHA-256: 223e8ba4be4190c4fc3fcfbed79837d0499d9dd8cd355f881be217e5ba1b5550
x86_64
openstack-neutron-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: be038eb8919b6392710ee7feb4c28fb63a1238b2ad23f046979436fe2effcfd1
openstack-neutron-common-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 9a3dc5c6e1537691a4b5cc3995f40e09c4a46d8a62625dda808c558984f19a77
openstack-neutron-linuxbridge-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: f7324e7fd4bedd7dafbd0ba12ea5fe134038c3d6c0b4c0ea8048f736b5f400ea
openstack-neutron-macvtap-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: a3b5260024877501c92c36da0493e0c6db0f8515318f4b1e876cab4c7fe02f1a
openstack-neutron-metering-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 6e9378460da8e4a6a7de1d0cb963be9a65354ce744ac815c337e1a0a26960bdb
openstack-neutron-ml2-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 9bfb89667b18d9a5d81de7fe53b4177c8b4548e24de26797015eee5e8f7cc6a2
openstack-neutron-openvswitch-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 29b1a24d1bcf75d9ad7acc3c7f3a22c26c44e35936390bc2ca5628dacfe21447
openstack-neutron-rpc-server-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 4dc12e52fcfb6c1fcca38efed72692b8d7c1dc9d9facf4ea9830aa98665e26f0
openstack-neutron-sriov-nic-agent-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: ffead032eaa9d0d8c8b397e5d7715a1889758e4080838aa27a35d9b1d07036ea
python-neutron-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: 06cd09f62adba31f39f3ea09c22255858e9326972e1d05b3b21060c0d63a738c
python-neutron-tests-9.3.1-2.1.el7ost.noarch.rpm	SHA-256: ebf44d7becaa0ad6bc94750c2701f24bab3635fac502be520b0de4c815c3e0c6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories