Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2452 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 6.0 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 6.0

SRPM
openstack-neutron-2014.2.3-42.el7ost.src.rpm	SHA-256: 248619b598d7d9230fc23c158f4e7cffc3b7392d890e88823062301730bfba82
x86_64
openstack-neutron-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 5f09f525652f5e3a97a8217d0c9c06faa045b4cfdfd4b10422057ff2390208a2
openstack-neutron-bigswitch-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b9d1e2f0460a52e2bf5c9b23156a761331d54f100fb33644b53544911c602c87
openstack-neutron-brocade-2014.2.3-42.el7ost.noarch.rpm	SHA-256: aebd157e2eb9746632da56f0fc1d8d54a607d2f01aaadf97723a908eb0047f3c
openstack-neutron-cisco-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 9502932d9fea6413569888be99d821d719f233abcd78a8edcfb8c8396e93712e
openstack-neutron-common-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 154207407a064877b4f1247faf2999426745256b93608f6a5f6fc6b64807cfb2
openstack-neutron-embrane-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 946239ec7c0329c88750b1eacada84e4b94047931b1cf6c578ee20df47640993
openstack-neutron-hyperv-2014.2.3-42.el7ost.noarch.rpm	SHA-256: c121983e69e3288e1472fe373495c964af33e729e8e93744a06e8293bd5360aa
openstack-neutron-ibm-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b6cbeca52cf515c8dbe78190a816b37b49cf85089ca53c5113041f129453a54b
openstack-neutron-linuxbridge-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 86703485b857245628291059c72c8539b902d0b9c2fe119286649d66340142fc
openstack-neutron-mellanox-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 37047be9b308639c1c69d38ac7c79c966800dccd699e424324420348f39db495
openstack-neutron-metaplugin-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 0bd4e871e8401abe88a296c26b3e423e9c658cb53e1c2485ba93f2b3dcc3c2d8
openstack-neutron-metering-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 22151389def54bbaa4332a8142e19503cdf6794fac1b76a387c0a97ac2700aef
openstack-neutron-midonet-2014.2.3-42.el7ost.noarch.rpm	SHA-256: df63db3465bad2679a0f7ca59626532f0d5112e37b16da255f18c8b64150d755
openstack-neutron-ml2-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 7394b444002d5ada45716687c97ea8167c73ba297f175f223ac179e02310cf96
openstack-neutron-nec-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 1d2b73375abf7c0b62c0db55cdb6a3e34db59c31f4968ec5b3ea791be20ddfc7
openstack-neutron-nuage-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 189453ff8aa74c1729a066624acd08f93bfe444613e15b6e336ef58983b7c3e4
openstack-neutron-ofagent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: fb17c4acb81f2551bf43d0e91da4d52df90672cafe36cac7b5d17a3ae48517a3
openstack-neutron-oneconvergence-nvsd-2014.2.3-42.el7ost.noarch.rpm	SHA-256: bf4ae612a6f26838b1af6d94ca6e77e244aa4e560d4d4c517502135b2028b3f7
openstack-neutron-opencontrail-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 6ed84bc4c72d3e6e4efe3bb7bf88d4accc9e226bd932ed70a20550da7126d8c7
openstack-neutron-openvswitch-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 2eceb8fd5c8bc3a502b66ddda403ca2e17b3fa87c802f6a486c83c512c13991a
openstack-neutron-plumgrid-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 307da6cfcaba188b09d3aacfdf31c7a171c4e83f1368f986aaf19c7c01db3794
openstack-neutron-ryu-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 66cb4c850fe528883077c8bc32156c33c95d5be696021522ddfd78addd5f55e8
openstack-neutron-sriov-nic-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: aad39c3b7ba6f2b03943ef9246cd3cc695b601322f8c132b9b9283669a8e1695
openstack-neutron-vmware-2014.2.3-42.el7ost.noarch.rpm	SHA-256: bb4c58e3f5dc34ae312483f5851939c647e8b938cbf78f0f26f76f25ef751fcc
openstack-neutron-vpn-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: dd8b5519fa0524079dc801c9fe63dd7269d88694a0c9797469855b24e6bfc0d8
python-neutron-2014.2.3-42.el7ost.noarch.rpm	SHA-256: d03f686515e65fc03d1008d739f14a1660516ac60990869ffd081110e7e6a5ff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation