Red Hat Product Errata RHSA-2017:2449 - Security Advisory

Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2449 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 11 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 11

SRPM
openstack-neutron-10.0.2-1.1.el7ost.src.rpm	SHA-256: 30f8822eff78c5ff9d9b87fee3126255ffb3049104a050e4c729436095b8d72b
x86_64
openstack-neutron-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: bd7f0b83b67b4acd5a6282f577dc8173db1abc2ceccbabac97599a284408d5e7
openstack-neutron-common-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: f8a74f0ac3635c57af6a80b83ee632c22f780ad1ddb37dc2fe18c7f1560b5e3f
openstack-neutron-linuxbridge-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: be6daa9e15f0181f7f737e869b80d9857ac1d5328bd5137f6abd8045cf041d12
openstack-neutron-macvtap-agent-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: b3ba21042e7883d7fdef8efbd9c9dc8559d30a1f35841491d5869d3bacb89d6c
openstack-neutron-metering-agent-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: 720cbddf7fe383f5590ccfa98756585474f63f8068ea311fe621113e6cdecfc4
openstack-neutron-ml2-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: 833448b5f885525f6a054f1fcd640c4d9dc0dbd866825104a862486ecc054b5e
openstack-neutron-openvswitch-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: d1da5d455bdf9ee02ade24b9cfe0cafc9b8556fe7ce027a6fe45afd8a7895edc
openstack-neutron-rpc-server-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: a5b84212ad0654f6891e646f6c75f09e77e75b121db15fec572fce91fb67c039
openstack-neutron-sriov-nic-agent-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: 5e99405577e76ce0771c34e1bafe82e021e05bcf2710c2e9b1095abb6f8036b6
python-neutron-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: 75a310d912ffe9e14ac867764648b2f1925d7a293fc043f94e21b23f4a7c22e3
python-neutron-tests-10.0.2-1.1.el7ost.noarch.rpm	SHA-256: 5ab9a1c33ce4ab41c49d9f8ca23dd7392a971b9053b383ef2be56401cd9021df

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories