Red Hat Product Errata RHSA-2017:2451 - Security Advisory

Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2451 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Topic

An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 (Liberty).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 8 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 8

SRPM
openstack-neutron-7.2.0-12.1.el7ost.src.rpm	SHA-256: 41a5a0a6fe241caf1589a35712914dc78c5653b331cf94a934e1620c420c9127
x86_64
openstack-neutron-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 0ae089320ec63527a40a3c76fe208091b14092232567760934df1b4f57b11233
openstack-neutron-bigswitch-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 7434ab3c779a8b04b460706833780d7dadce083d11013f0ebdab74bb8be692d2
openstack-neutron-brocade-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 8834db76f4aa3ade1f232a04890055b355c9a7c202d5c03e774a84db3d925b0d
openstack-neutron-cisco-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: e53b0e21310f336348577ccc904bc0d32fc5771459f8621b62c26b084ade4597
openstack-neutron-common-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 20918cb9d28d67adb91210d91105ffce88b88d373cf6086019e8c372e0b13266
openstack-neutron-dev-server-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 5ecc70e880e2646e2198f70dc955141bb9d937236e281729995e5c4ebe6cfc02
openstack-neutron-embrane-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 19605f8ca1c41712807f847e8d0e28bc3d03d1254c47b7584874718d36384b9a
openstack-neutron-linuxbridge-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: dd7c8ebeb724e38829c21ae2e93b3124d223193630353715eb30a5024df33294
openstack-neutron-mellanox-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: ac2017d39b7d408afb46974852ea3da673006ca207e2c26b9cb580de7c7b80d3
openstack-neutron-metering-agent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 7d4612126ad36a9522ee8f6d4832848a1af94fba0f0b29b15c3086697ea7b8ac
openstack-neutron-ml2-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: b88a74d2f1fc6382b79e458e919b12f12c153c19613b37099798bf538c951606
openstack-neutron-nuage-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 703e88d3b94bdb8bdd7de5173ad9c9d5dafe709bd256d37780f75cca574609e4
openstack-neutron-ofagent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 255dcef9ff54516ea37121d0348f088d40ceae010fbbdd9451c2ee565698e3d8
openstack-neutron-oneconvergence-nvsd-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 3741bec1398567b0ce684e017fe266546cdb6178697f91fb1a894f9ce3c4ba5e
openstack-neutron-opencontrail-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 07b7dcd134bda7d06512cfbaeef8a93ebe4f82c7bc3dbaef1548a6ff8bca2bbd
openstack-neutron-openvswitch-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 743589a41d122a88cda8e5d40e581c528460964d4ff094664bb6f15850cdb3bf
openstack-neutron-ovsvapp-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: d0a10e7e8b40cc2ee9858840624e0e86ef48938a57f911d1afaa8204cc8ee296
openstack-neutron-rpc-server-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 68c7fb4a4719e7cf95c0a6062be2d09211a87ca903ceb78934f869c13889eb62
openstack-neutron-sriov-nic-agent-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: a07d8f0f6b93733df69a7df97f4acb5823c931423dceacf1487f6d1c9a7afe54
python-neutron-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 3cd520beabb746500d7128e565a107a39948aed3ecfa5858f8c9349675335815
python-neutron-tests-7.2.0-12.1.el7ost.noarch.rpm	SHA-256: 9cba06c4896839b4bd62582713fdfb09e8e7e99cbe4a3d10b20b62becaf2cf24

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories