Issued:: 2018-02-13
Updated:: 2018-02-13

RHSA-2018:0314 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). (CVE-2017-16239)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges George Shuklin (Servers.com) as the original reporter.

Bug Fix(es):

A recent update caused OpenStack Compute to ignore the disk cache mode configuration. This caused I/O performance degradation in instances. This fix corrects how OpenStack Compute configures disk caching. Instances no longer suffer performance degradation. (BZ#1508647)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 11 x86_64

Fixes

BZ - 1508539 - CVE-2017-16239 openstack-nova: Nova Filter Scheduler bypass through rebuild action
BZ - 1511153 - Rebase openstack-nova to fe8acf0
BZ - 1527643 - Unable to resize nova instance after upgrade to OSP 10
BZ - 1528453 - Rebase openstack-nova to bbfc423
BZ - 1530365 - dist-git not in sync with patches branch
BZ - 1533164 - migration with block migration fails as disk_available_least is negative
BZ - 1537045 - Bug in log output in hardware.py "Not enough available memory to schedule instance" prints full memory instead of available memory

CVEs

CVE-2017-16239

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 11

SRPM
openstack-nova-15.0.8-5.el7ost.src.rpm	SHA-256: 28154efe8a0f002e8a4299d05e914856fef4df42df788684cce02e5845a6ca94
x86_64
openstack-nova-15.0.8-5.el7ost.noarch.rpm	SHA-256: 1149250df09eea64333407e4073a5d598b8be10f47c503bf57b475ef73201da8
openstack-nova-api-15.0.8-5.el7ost.noarch.rpm	SHA-256: bfe7f5b7ed980f9e91254005523f62ed1e82038731fe0cbdb11f9d4ce5567fb0
openstack-nova-cells-15.0.8-5.el7ost.noarch.rpm	SHA-256: e778368c0b09b77a49a35dc3078d4d709e87e551179d3ef12da5023ffa01bfdd
openstack-nova-cert-15.0.8-5.el7ost.noarch.rpm	SHA-256: fde249e19eabe3f7bc27d6201291fbf48e573721116486a8a91d711f1f0f7f3d
openstack-nova-common-15.0.8-5.el7ost.noarch.rpm	SHA-256: 9f52e45382a369130c74b2bfb3c41efefd86f785f73b46af0d486e36f369684c
openstack-nova-compute-15.0.8-5.el7ost.noarch.rpm	SHA-256: e7281d58e3c5afe285a7256c6b5711a02d62f296efa69bb8fb838d1a92950eee
openstack-nova-conductor-15.0.8-5.el7ost.noarch.rpm	SHA-256: 08f65b916f51177465360e349753ebe3c471ea06bb3b59e68e034e2b70c93f6c
openstack-nova-console-15.0.8-5.el7ost.noarch.rpm	SHA-256: cc16fda808f8defe1590a7be151cc2b212ecf5f57b26bd09714c6a8a23bd3ed5
openstack-nova-migration-15.0.8-5.el7ost.noarch.rpm	SHA-256: dc19cbdc3f379ffd71969b3ac616be6ed8c9501757349a2c1f8d8af023d46fb0
openstack-nova-network-15.0.8-5.el7ost.noarch.rpm	SHA-256: 9ad82b440115fee3f2294b98fc6e7e1b08451e8e240f59183a74b9dbe353dbf4
openstack-nova-novncproxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: f243478e68dbfd2f2cb828e1bf0a18352bb621e07dd19ec5da075cf00c0bb894
openstack-nova-placement-api-15.0.8-5.el7ost.noarch.rpm	SHA-256: 528c4472fb3db09a9c1384d95664d6c688c802bdc43995840bf5be3954907e7c
openstack-nova-scheduler-15.0.8-5.el7ost.noarch.rpm	SHA-256: 577cb5c9448782a58eb53a2d9618ed1e0f034ce12c6e21ac8e1d5bcb6dac4c1f
openstack-nova-serialproxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: 4ea87b8458d5a0521f244e33a0c6e89f285d387415f450978dc05f04eea4a88f
openstack-nova-spicehtml5proxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: e158038bfd03ea553b7c8e63b463d8ab17dd3c9aebe97eb3214245e3f59bab68
python-nova-15.0.8-5.el7ost.noarch.rpm	SHA-256: 698ec0669f3a0babc89b88337beb77a6deb30f1bf5e34eab51c94208ec5ef525
python-nova-tests-15.0.8-5.el7ost.noarch.rpm	SHA-256: 8ef1a6d1728183e48328837459f91fc2d186446fbf4a0dbee5f59a4ca2844133

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation