Issued:: 2018-10-02
Updated:: 2018-10-02

RHSA-2018:2855 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

This update fixes a race condition that could generate error messages and cause migration failures during nova live migrations.

Prior to this update, if a domain was already cleaned out by periodic tasks, undefining the domain source during a live migration sometimes generated a "Domain not found (Code=42)" error. (BZ#1614325)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 9 x86_64

Fixes

BZ - 1545330 - I/O latency of cinder volume after live migration increases
BZ - 1546937 - CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
BZ - 1569952 - preallocate_images = space is not honoured when using qcow2

CVEs

CVE-2017-18191

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 9

SRPM
openstack-nova-13.1.4-24.el7ost.src.rpm	SHA-256: f50883608cd3ebd021b4201ee5c8911e054660d74598c1442a03031bfe812431
x86_64
openstack-nova-13.1.4-24.el7ost.noarch.rpm	SHA-256: 9243f57b3f84b6018262c908e2bef843b9cc6c86fe814f6d263d4dbd5692305d
openstack-nova-api-13.1.4-24.el7ost.noarch.rpm	SHA-256: 1e5c5afe3d32050ac5909d33a2159096c476219bc2370daa9c26ff11249a09d1
openstack-nova-cells-13.1.4-24.el7ost.noarch.rpm	SHA-256: 84d9d3bf350542488729c94e01535fd88179ada9120b27d9fa20d3cb8cbb41ae
openstack-nova-cert-13.1.4-24.el7ost.noarch.rpm	SHA-256: 10d4dea3c8a70666e4e81629a85fa9b6e1ee3332fdbccb3415e2f0ca58e989b7
openstack-nova-common-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5af077928222820195df849c990b15eb725167f60dad3dfccd7888ccde7e0cf4
openstack-nova-compute-13.1.4-24.el7ost.noarch.rpm	SHA-256: 82e23b4d33d02a0ef2b39d05d18e8dc295b576c2fb7522727ba9281dbcb101b5
openstack-nova-conductor-13.1.4-24.el7ost.noarch.rpm	SHA-256: d04649e4aef24ecb9f686e8664dfd976e36b787b815e28ffb6d493ae530421e5
openstack-nova-console-13.1.4-24.el7ost.noarch.rpm	SHA-256: dd1ebf5e4a42f32edb71012c6fa4715973806ef8bc15f2fc2ccdb71e9da6602c
openstack-nova-migration-13.1.4-24.el7ost.noarch.rpm	SHA-256: b41ed7506a6d926ad37de6e155d1b83a3751b826e513e42916c768cb5216d285
openstack-nova-network-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5275566e9f4fe75a833c910471a28fdbae65276d5ed2030fb853b4099ed9e6cc
openstack-nova-novncproxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5eb06950858da06607cadfcf3642ed664875b0fbcb0073c4d01445dc7789beae
openstack-nova-scheduler-13.1.4-24.el7ost.noarch.rpm	SHA-256: 14fa2ab31aff4a74f9c0faf1f13f93043f9129f6b504ae691c7f60dafc791424
openstack-nova-serialproxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 270d20ed14271b95b7c67488871f2402d115c8589e2c2a46e773c3b7c7fc9699
openstack-nova-spicehtml5proxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 31e3acb41aa40c7743fd8626be7deef0b5f1add36235f59c625530f5545b76aa
python-nova-13.1.4-24.el7ost.noarch.rpm	SHA-256: aef2422fedfc33f6b7c9ab83dd10794ca2c24ae046acd6c7a30b77a4ecaad312
python-nova-tests-13.1.4-24.el7ost.noarch.rpm	SHA-256: 48d93bb72b5e9fade4804a2f4e5cb7f153692392e1dc8e8f5f9f4d529011164b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation