Red Hat Product Errata RHSA-2017:2452 - Security Advisory

Issued:: 2017-08-08
Updated:: 2017-08-08

RHSA-2017:2452 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openstack-neutron security update

Type/Severity

Security Advisory: Important

Topic

An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

Security Fix(es):

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

This issue was discovered by Paul Needle (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 6.0 x86_64

Fixes

BZ - 1473792 - CVE-2017-7543 openstack-neutron: iptables not active after update

CVEs

CVE-2017-7543

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 6.0

SRPM
openstack-neutron-2014.2.3-42.el7ost.src.rpm	SHA-256: 248619b598d7d9230fc23c158f4e7cffc3b7392d890e88823062301730bfba82
x86_64
openstack-neutron-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 5f09f525652f5e3a97a8217d0c9c06faa045b4cfdfd4b10422057ff2390208a2
openstack-neutron-bigswitch-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b9d1e2f0460a52e2bf5c9b23156a761331d54f100fb33644b53544911c602c87
openstack-neutron-brocade-2014.2.3-42.el7ost.noarch.rpm	SHA-256: aebd157e2eb9746632da56f0fc1d8d54a607d2f01aaadf97723a908eb0047f3c
openstack-neutron-cisco-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 9502932d9fea6413569888be99d821d719f233abcd78a8edcfb8c8396e93712e
openstack-neutron-common-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 154207407a064877b4f1247faf2999426745256b93608f6a5f6fc6b64807cfb2
openstack-neutron-embrane-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 946239ec7c0329c88750b1eacada84e4b94047931b1cf6c578ee20df47640993
openstack-neutron-hyperv-2014.2.3-42.el7ost.noarch.rpm	SHA-256: c121983e69e3288e1472fe373495c964af33e729e8e93744a06e8293bd5360aa
openstack-neutron-ibm-2014.2.3-42.el7ost.noarch.rpm	SHA-256: b6cbeca52cf515c8dbe78190a816b37b49cf85089ca53c5113041f129453a54b
openstack-neutron-linuxbridge-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 86703485b857245628291059c72c8539b902d0b9c2fe119286649d66340142fc
openstack-neutron-mellanox-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 37047be9b308639c1c69d38ac7c79c966800dccd699e424324420348f39db495
openstack-neutron-metaplugin-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 0bd4e871e8401abe88a296c26b3e423e9c658cb53e1c2485ba93f2b3dcc3c2d8
openstack-neutron-metering-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 22151389def54bbaa4332a8142e19503cdf6794fac1b76a387c0a97ac2700aef
openstack-neutron-midonet-2014.2.3-42.el7ost.noarch.rpm	SHA-256: df63db3465bad2679a0f7ca59626532f0d5112e37b16da255f18c8b64150d755
openstack-neutron-ml2-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 7394b444002d5ada45716687c97ea8167c73ba297f175f223ac179e02310cf96
openstack-neutron-nec-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 1d2b73375abf7c0b62c0db55cdb6a3e34db59c31f4968ec5b3ea791be20ddfc7
openstack-neutron-nuage-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 189453ff8aa74c1729a066624acd08f93bfe444613e15b6e336ef58983b7c3e4
openstack-neutron-ofagent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: fb17c4acb81f2551bf43d0e91da4d52df90672cafe36cac7b5d17a3ae48517a3
openstack-neutron-oneconvergence-nvsd-2014.2.3-42.el7ost.noarch.rpm	SHA-256: bf4ae612a6f26838b1af6d94ca6e77e244aa4e560d4d4c517502135b2028b3f7
openstack-neutron-opencontrail-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 6ed84bc4c72d3e6e4efe3bb7bf88d4accc9e226bd932ed70a20550da7126d8c7
openstack-neutron-openvswitch-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 2eceb8fd5c8bc3a502b66ddda403ca2e17b3fa87c802f6a486c83c512c13991a
openstack-neutron-plumgrid-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 307da6cfcaba188b09d3aacfdf31c7a171c4e83f1368f986aaf19c7c01db3794
openstack-neutron-ryu-2014.2.3-42.el7ost.noarch.rpm	SHA-256: 66cb4c850fe528883077c8bc32156c33c95d5be696021522ddfd78addd5f55e8
openstack-neutron-sriov-nic-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: aad39c3b7ba6f2b03943ef9246cd3cc695b601322f8c132b9b9283669a8e1695
openstack-neutron-vmware-2014.2.3-42.el7ost.noarch.rpm	SHA-256: bb4c58e3f5dc34ae312483f5851939c647e8b938cbf78f0f26f76f25ef751fcc
openstack-neutron-vpn-agent-2014.2.3-42.el7ost.noarch.rpm	SHA-256: dd8b5519fa0524079dc801c9fe63dd7269d88694a0c9797469855b24e6bfc0d8
python-neutron-2014.2.3-42.el7ost.noarch.rpm	SHA-256: d03f686515e65fc03d1008d739f14a1660516ac60990869ffd081110e7e6a5ff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories