Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2451 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 (Liberty).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 8 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 8

SRPM
openstack-neutron-7.2.0-12.1.el7ost.src.rpm	SHA-256: 41a5a0a6fe241caf1589a35712914dc78c5653b331cf94a934e1620c420c9127
x86_64
openstack-neutron-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 0ae089320ec63527a40a3c76fe208091b14092232567760934df1b4f57b11233
openstack-neutron-bigswitch-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 7434ab3c779a8b04b460706833780d7dadce083d11013f0ebdab74bb8be692d2
openstack-neutron-brocade-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 8834db76f4aa3ade1f232a04890055b355c9a7c202d5c03e774a84db3d925b0d
openstack-neutron-cisco-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: e53b0e21310f336348577ccc904bc0d32fc5771459f8621b62c26b084ade4597
openstack-neutron-common-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 20918cb9d28d67adb91210d91105ffce88b88d373cf6086019e8c372e0b13266
openstack-neutron-dev-server-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 5ecc70e880e2646e2198f70dc955141bb9d937236e281729995e5c4ebe6cfc02
openstack-neutron-embrane-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 19605f8ca1c41712807f847e8d0e28bc3d03d1254c47b7584874718d36384b9a
openstack-neutron-linuxbridge-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: dd7c8ebeb724e38829c21ae2e93b3124d223193630353715eb30a5024df33294
openstack-neutron-mellanox-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: ac2017d39b7d408afb46974852ea3da673006ca207e2c26b9cb580de7c7b80d3
openstack-neutron-metering-agent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 7d4612126ad36a9522ee8f6d4832848a1af94fba0f0b29b15c3086697ea7b8ac
openstack-neutron-ml2-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: b88a74d2f1fc6382b79e458e919b12f12c153c19613b37099798bf538c951606
openstack-neutron-nuage-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 703e88d3b94bdb8bdd7de5173ad9c9d5dafe709bd256d37780f75cca574609e4
openstack-neutron-ofagent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 255dcef9ff54516ea37121d0348f088d40ceae010fbbdd9451c2ee565698e3d8
openstack-neutron-oneconvergence-nvsd-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 3741bec1398567b0ce684e017fe266546cdb6178697f91fb1a894f9ce3c4ba5e
openstack-neutron-opencontrail-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 07b7dcd134bda7d06512cfbaeef8a93ebe4f82c7bc3dbaef1548a6ff8bca2bbd
openstack-neutron-openvswitch-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 743589a41d122a88cda8e5d40e581c528460964d4ff094664bb6f15850cdb3bf
openstack-neutron-ovsvapp-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: d0a10e7e8b40cc2ee9858840624e0e86ef48938a57f911d1afaa8204cc8ee296
openstack-neutron-rpc-server-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 68c7fb4a4719e7cf95c0a6062be2d09211a87ca903ceb78934f869c13889eb62
openstack-neutron-sriov-nic-agent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: a07d8f0f6b93733df69a7df97f4acb5823c931423dceacf1487f6d1c9a7afe54
python-neutron-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 3cd520beabb746500d7128e565a107a39948aed3ecfa5858f8c9349675335815
python-neutron-tests-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 9cba06c4896839b4bd62582713fdfb09e8e7e99cbe4a3d10b20b62becaf2cf24

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation