Red Hat Product Errata RHSA-2018:2855 - Security Advisory

Issued:: 2018-10-02
Updated:: 2018-10-02

RHSA-2018:2855 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 (Mitaka).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

This update fixes a race condition that could generate error messages and cause migration failures during nova live migrations.

Prior to this update, if a domain was already cleaned out by periodic tasks, undefining the domain source during a live migration sometimes generated a "Domain not found (Code=42)" error. (BZ#1614325)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 9 x86_64

Fixes

BZ - 1545330 - I/O latency of cinder volume after live migration increases
BZ - 1546937 - CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
BZ - 1569952 - preallocate_images = space is not honoured when using qcow2

CVEs

CVE-2017-18191

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 9

SRPM
openstack-nova-13.1.4-24.el7ost.src.rpm	SHA-256: f50883608cd3ebd021b4201ee5c8911e054660d74598c1442a03031bfe812431
x86_64
openstack-nova-13.1.4-24.el7ost.noarch.rpm	SHA-256: 9243f57b3f84b6018262c908e2bef843b9cc6c86fe814f6d263d4dbd5692305d
openstack-nova-api-13.1.4-24.el7ost.noarch.rpm	SHA-256: 1e5c5afe3d32050ac5909d33a2159096c476219bc2370daa9c26ff11249a09d1
openstack-nova-cells-13.1.4-24.el7ost.noarch.rpm	SHA-256: 84d9d3bf350542488729c94e01535fd88179ada9120b27d9fa20d3cb8cbb41ae
openstack-nova-cert-13.1.4-24.el7ost.noarch.rpm	SHA-256: 10d4dea3c8a70666e4e81629a85fa9b6e1ee3332fdbccb3415e2f0ca58e989b7
openstack-nova-common-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5af077928222820195df849c990b15eb725167f60dad3dfccd7888ccde7e0cf4
openstack-nova-compute-13.1.4-24.el7ost.noarch.rpm	SHA-256: 82e23b4d33d02a0ef2b39d05d18e8dc295b576c2fb7522727ba9281dbcb101b5
openstack-nova-conductor-13.1.4-24.el7ost.noarch.rpm	SHA-256: d04649e4aef24ecb9f686e8664dfd976e36b787b815e28ffb6d493ae530421e5
openstack-nova-console-13.1.4-24.el7ost.noarch.rpm	SHA-256: dd1ebf5e4a42f32edb71012c6fa4715973806ef8bc15f2fc2ccdb71e9da6602c
openstack-nova-migration-13.1.4-24.el7ost.noarch.rpm	SHA-256: b41ed7506a6d926ad37de6e155d1b83a3751b826e513e42916c768cb5216d285
openstack-nova-network-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5275566e9f4fe75a833c910471a28fdbae65276d5ed2030fb853b4099ed9e6cc
openstack-nova-novncproxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 5eb06950858da06607cadfcf3642ed664875b0fbcb0073c4d01445dc7789beae
openstack-nova-scheduler-13.1.4-24.el7ost.noarch.rpm	SHA-256: 14fa2ab31aff4a74f9c0faf1f13f93043f9129f6b504ae691c7f60dafc791424
openstack-nova-serialproxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 270d20ed14271b95b7c67488871f2402d115c8589e2c2a46e773c3b7c7fc9699
openstack-nova-spicehtml5proxy-13.1.4-24.el7ost.noarch.rpm	SHA-256: 31e3acb41aa40c7743fd8626be7deef0b5f1add36235f59c625530f5545b76aa
python-nova-13.1.4-24.el7ost.noarch.rpm	SHA-256: aef2422fedfc33f6b7c9ab83dd10794ca2c24ae046acd6c7a30b77a4ecaad312
python-nova-tests-13.1.4-24.el7ost.noarch.rpm	SHA-256: 48d93bb72b5e9fade4804a2f4e5cb7f153692392e1dc8e8f5f9f4d529011164b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories