Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2018:2714 - Security Advisory
Issued:
2018-09-17
Updated:
2018-09-17

RHSA-2018:2714 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack
Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

Security Fix(es):

  • openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.

Bug Fix(es):

  • Previously, the MTU of TAP devices was not configured. As a result, the network could be configured with a different MTU than a guest TAP device.

With this update, you can configure libvirt when you create the TAP device for the guest. Nova passes the correct parameter to libvirt, and the TAP device now has the same configuration as the network. (BZ#1553839)

  • Previously, the MTU of TAP devices was not configured. As a result, the network could be configured with a different MTU than a guest TAP device.

With this update, you can configure libvirt when you create the TAP device for the guest. Nova passes the correct parameter to libvirt, and the TAP device now has the same configuration as the network. (BZ#1553559)

  • Previously, the '[vnc] keymap' option was 'en-us' by default, and it was not possible to unset this configuration. As a result of this, non-US locales experienced ineffective key mappings.

With this update, users can unset the '[vnc] keymap' value. In this case, the VNC client configures the locale and non-US users attain more effective key mappings. (BZ#1441962)

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 10 x86_64

Fixes

  • BZ - 1441962 - Remove default option for keymap in code and config files
  • BZ - 1546937 - CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
  • BZ - 1546965 - Launching Instance fails when image property hw_disk_bus=scsi is set
  • BZ - 1553559 - Configured jumbo frames and tap device is still being created with the MTU 1500
  • BZ - 1553839 - if ovs_hybrid_plug=false for a VM instance neutron port, the MTU is not always set correctly
  • BZ - 1569953 - preallocate_images = space is not honoured when using qcow2
  • BZ - 1575989 - Duplicate imports of oslo_config types

CVEs

  • CVE-2017-18191

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-nova-14.1.0-26.el7ost.src.rpm SHA-256: 007f5cfde241a02b4493f90abefcce0ad9293e9b659c5cba7f1e5079194f7401
x86_64
openstack-nova-14.1.0-26.el7ost.noarch.rpm SHA-256: 8286d4204abd89d228629b4bf0adeda5ced337dc8d89ccddca6772fb8ea43667
openstack-nova-api-14.1.0-26.el7ost.noarch.rpm SHA-256: faeb87e3c6205ec24cda021810fffa2d129a1deb2557d74c45bd87c66b004c1c
openstack-nova-cells-14.1.0-26.el7ost.noarch.rpm SHA-256: fb02efa97d113f1c0e114ee267069e6c2fd16e585107a0555d275b4ab7d64284
openstack-nova-cert-14.1.0-26.el7ost.noarch.rpm SHA-256: 2b3c26789863e6fe6536b9cf9f4ebd8462dc28fc3b5841fbd183da7501abb94a
openstack-nova-common-14.1.0-26.el7ost.noarch.rpm SHA-256: b17fed079b74960dd36d5213c78d309ecd50bfee327a03b122aa8acf1b2c6add
openstack-nova-compute-14.1.0-26.el7ost.noarch.rpm SHA-256: 5479713b523d0b3db6793dd2b10f15d897db30541a89145dc3afcddb2de6e400
openstack-nova-conductor-14.1.0-26.el7ost.noarch.rpm SHA-256: 9ebfe0c26b3fcda3a947f5314c56fef183e6b2a3cd89e324eb97db74acfc2c1e
openstack-nova-console-14.1.0-26.el7ost.noarch.rpm SHA-256: de28c822d29bdc89bb63eeeb42aac496fd79b991644c2fd66425b51e3a9aae5f
openstack-nova-migration-14.1.0-26.el7ost.noarch.rpm SHA-256: 52ca1199894c9d6c2649d5f921b5fe2abbd1262e9ef7577680526f73d2e07d8d
openstack-nova-network-14.1.0-26.el7ost.noarch.rpm SHA-256: 65c43d85052e24f5b145fff948ce60cdbd02669a6db5d7a3cea2524822d0e8d5
openstack-nova-novncproxy-14.1.0-26.el7ost.noarch.rpm SHA-256: 4b01a3bdf96309e6ddc9e7f8b2cad737b50203659e5f4dfe2c6d308b770220fb
openstack-nova-placement-api-14.1.0-26.el7ost.noarch.rpm SHA-256: 07b9a85a29c2c615b82d0c01c8b14ce9d77eec8440a873a4933d3184c37108bb
openstack-nova-scheduler-14.1.0-26.el7ost.noarch.rpm SHA-256: d479b72f88f4da46f8a3a81bb6355244444c50ee2d9e4afedcfca80d5aa18cec
openstack-nova-serialproxy-14.1.0-26.el7ost.noarch.rpm SHA-256: 2345311432199cac84e31407ca6512d755a17f70f9b78061a0260908d5c7e09c
openstack-nova-spicehtml5proxy-14.1.0-26.el7ost.noarch.rpm SHA-256: 5f1c82fae39d27560de62188a85e402718cf66b8562c16d796de348d4a803031
python-nova-14.1.0-26.el7ost.noarch.rpm SHA-256: 9f01fdf9939033b97d58c2f47b2a980df31b7386ae928b011484d9f16642f6d7
python-nova-tests-14.1.0-26.el7ost.noarch.rpm SHA-256: 88c440fa9b15d39550c51c6596bcb06238b27bc894bc80c80ad79304a6d5f3d0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility