Red Hat Product Errata RHSA-2018:0314 - Security Advisory

Issued:: 2018-02-13
Updated:: 2018-02-13

RHSA-2018:0314 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openstack-nova is now available for Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). (CVE-2017-16239)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges George Shuklin (Servers.com) as the original reporter.

Bug Fix(es):

A recent update caused OpenStack Compute to ignore the disk cache mode configuration. This caused I/O performance degradation in instances. This fix corrects how OpenStack Compute configures disk caching. Instances no longer suffer performance degradation. (BZ#1508647)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 11 x86_64

Fixes

BZ - 1508539 - CVE-2017-16239 openstack-nova: Nova Filter Scheduler bypass through rebuild action
BZ - 1511153 - Rebase openstack-nova to fe8acf0
BZ - 1527643 - Unable to resize nova instance after upgrade to OSP 10
BZ - 1528453 - Rebase openstack-nova to bbfc423
BZ - 1530365 - dist-git not in sync with patches branch
BZ - 1533164 - migration with block migration fails as disk_available_least is negative
BZ - 1537045 - Bug in log output in hardware.py "Not enough available memory to schedule instance" prints full memory instead of available memory

CVEs

CVE-2017-16239

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 11

SRPM
openstack-nova-15.0.8-5.el7ost.src.rpm	SHA-256: 28154efe8a0f002e8a4299d05e914856fef4df42df788684cce02e5845a6ca94
x86_64
openstack-nova-15.0.8-5.el7ost.noarch.rpm	SHA-256: 1149250df09eea64333407e4073a5d598b8be10f47c503bf57b475ef73201da8
openstack-nova-api-15.0.8-5.el7ost.noarch.rpm	SHA-256: bfe7f5b7ed980f9e91254005523f62ed1e82038731fe0cbdb11f9d4ce5567fb0
openstack-nova-cells-15.0.8-5.el7ost.noarch.rpm	SHA-256: e778368c0b09b77a49a35dc3078d4d709e87e551179d3ef12da5023ffa01bfdd
openstack-nova-cert-15.0.8-5.el7ost.noarch.rpm	SHA-256: fde249e19eabe3f7bc27d6201291fbf48e573721116486a8a91d711f1f0f7f3d
openstack-nova-common-15.0.8-5.el7ost.noarch.rpm	SHA-256: 9f52e45382a369130c74b2bfb3c41efefd86f785f73b46af0d486e36f369684c
openstack-nova-compute-15.0.8-5.el7ost.noarch.rpm	SHA-256: e7281d58e3c5afe285a7256c6b5711a02d62f296efa69bb8fb838d1a92950eee
openstack-nova-conductor-15.0.8-5.el7ost.noarch.rpm	SHA-256: 08f65b916f51177465360e349753ebe3c471ea06bb3b59e68e034e2b70c93f6c
openstack-nova-console-15.0.8-5.el7ost.noarch.rpm	SHA-256: cc16fda808f8defe1590a7be151cc2b212ecf5f57b26bd09714c6a8a23bd3ed5
openstack-nova-migration-15.0.8-5.el7ost.noarch.rpm	SHA-256: dc19cbdc3f379ffd71969b3ac616be6ed8c9501757349a2c1f8d8af023d46fb0
openstack-nova-network-15.0.8-5.el7ost.noarch.rpm	SHA-256: 9ad82b440115fee3f2294b98fc6e7e1b08451e8e240f59183a74b9dbe353dbf4
openstack-nova-novncproxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: f243478e68dbfd2f2cb828e1bf0a18352bb621e07dd19ec5da075cf00c0bb894
openstack-nova-placement-api-15.0.8-5.el7ost.noarch.rpm	SHA-256: 528c4472fb3db09a9c1384d95664d6c688c802bdc43995840bf5be3954907e7c
openstack-nova-scheduler-15.0.8-5.el7ost.noarch.rpm	SHA-256: 577cb5c9448782a58eb53a2d9618ed1e0f034ce12c6e21ac8e1d5bcb6dac4c1f
openstack-nova-serialproxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: 4ea87b8458d5a0521f244e33a0c6e89f285d387415f450978dc05f04eea4a88f
openstack-nova-spicehtml5proxy-15.0.8-5.el7ost.noarch.rpm	SHA-256: e158038bfd03ea553b7c8e63b463d8ab17dd3c9aebe97eb3214245e3f59bab68
python-nova-15.0.8-5.el7ost.noarch.rpm	SHA-256: 698ec0669f3a0babc89b88337beb77a6deb30f1bf5e34eab51c94208ec5ef525
python-nova-tests-15.0.8-5.el7ost.noarch.rpm	SHA-256: 8ef1a6d1728183e48328837459f91fc2d186446fbf4a0dbee5f59a4ca2844133

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories