- Issued:
- 2017-08-08
- Updated:
- 2017-08-08
RHSA-2017:2450 - Security Advisory
Synopsis
Important: openstack-neutron security update
Type/Severity
Security Advisory: Important
Topic
An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.
Security Fix(es):
- A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)
This issue was discovered by Paul Needle (Red Hat).
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenStack 7 x86_64
Fixes
- BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat OpenStack 7
| SRPM | |
|---|---|
| openstack-neutron-2015.1.4-16.1.el7ost.src.rpm | SHA-256: 0faf1eff3c350573596864cbb2555b917e7223c1355fed6d000a77171bfefc8f |
| x86_64 | |
| openstack-neutron-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 2d6db6e00818bd70c9d27c603a72d5c974f46e7a707ee4acd3b1fa43c8711eeb |
| openstack-neutron-bigswitch-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 05b0570b9fa0363dccb816e2faf45862d734005e2c99245be73ec1533882757f |
| openstack-neutron-brocade-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 91087d3ddb653f431b410f711578b3477ba6caa52730bb76b587fb2b830eb29d |
| openstack-neutron-cisco-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 7ee091a07a58758d21bdc4254dd089f28f3d8032a0d570e82b03ee621372c24b |
| openstack-neutron-common-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 80d4c3d27b772786d7d252022aa878cdc8eed75a786930afe5f78caea063dcf6 |
| openstack-neutron-embrane-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: a0ecb6d302048bbcd699b54f8b9a0d2d471141f727dbfa40f4500b87867f1bbb |
| openstack-neutron-ibm-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 74f6fa935024ddee86ee2618c2eec3b2e7c0bfa2b26803714ffad37007e445e9 |
| openstack-neutron-linuxbridge-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 2655c7b93a5610177424130b9ab36236b4812301fc33704ce3a14364106c885e |
| openstack-neutron-mellanox-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 0c4f16a401eadf77e97c4baed3140cf5a410ecf27a311e0ba6679ec49c06b483 |
| openstack-neutron-metaplugin-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 31a3d4a71ea1565e85473258e6f1e8bdd0088055e9d094b3fcd40dfa09f1708b |
| openstack-neutron-metering-agent-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 08587f702b512e6a2c4219dfb67e775498c27504b0a7366701dd40bd6f566bc0 |
| openstack-neutron-midonet-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: f19c42c5bcd13a47efb7c73d625456414ff2cc4e63c7985950187492f78fa953 |
| openstack-neutron-ml2-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 7bf37363ba29bafc6fea0560cf8e13110f84a4f2ba4be893464cac31beaed318 |
| openstack-neutron-nec-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 00fedafaaf7fbf738365ea291d67423c8d0a8707bed39b20dba505b5a7a505dc |
| openstack-neutron-nuage-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: b04db7e68fe5307ea9ebe0fa73c35fdca0ca6345748131d9143df1972e267ea4 |
| openstack-neutron-ofagent-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: e7c1f8410bba8386967215345f6117bdf86ee37ad97901c29c16dc8404e6e926 |
| openstack-neutron-oneconvergence-nvsd-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: e7830cd9bb47bad2282a4bf9e1c11eff91a93e050343cc4ed606e814865a1662 |
| openstack-neutron-opencontrail-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 216dc84d2d4d71536ea154ba74c26defaf4088552d075d10f666c04a9262c169 |
| openstack-neutron-openvswitch-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 6122c40e5a49b86031da2a590caafdba2342e44e147888e80f291284df57a710 |
| openstack-neutron-ovsvapp-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 265d401f753eb5c44fc7c9dad39571a3ccedee7d2f8122732248726f55de480f |
| openstack-neutron-plumgrid-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 8c0a3cf6a0b18e29dbb476bd1361bf45f338babcc4aed25513f3563e3bed29ed |
| openstack-neutron-sriov-nic-agent-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: fe7305bba6f13f924500ca625acbf11c60693fd082d325c3a53ac8b9886ca05e |
| openstack-neutron-vmware-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 4ed7792bf716498af0caa5c3141c81c8fcb4933f34a0d37accfbb726ec65aeaf |
| python-neutron-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 4e84b434118a7038da26bba24d23c1029eb641cc3295cc81f68e3ae8a5a3283f |
| python-neutron-tests-2015.1.4-16.1.el7ost.noarch.rpm | SHA-256: 1158a2a3caba931a2f50c1f3afa31f29c6176a6f9a86184164bb99eab503c02b |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.