Issued:: 2019-04-30
Updated:: 2019-04-30

RHSA-2019:0916 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat Enterprise Linux OpenStack Platform security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-neutron, openstack-neutron-lbaas, and python-networking-bigswitch is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines.

The following packages have been upgraded to a later upstream version: openstack-neutron (9.4.1), openstack-neutron-lbaas (9.2.2), python-networking-bigswitch (9.42.14). (BZ#1684242)

Security Fix(es):

openstack-neutron: incorrect validation of port settings in iptables security group driver (CVE-2019-9735)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1578844 - Transient virtual interface creation failures in dynamic environment
BZ - 1637463 - Heat delete does not work if router has more than one subnet interface attached
BZ - 1656398 - Multiple VMs stuck at Powering-On state after restart of overcloud nodes
BZ - 1656443 - Supported migration path to migrate from "Openvswitch Firewall Driver"
BZ - 1665239 - [rhos-prio] StaleDataError: UPDATE statement on table 'standardattributes' expected to update 1 row(s); 0 were matched when creating a lot of security group rules through heat
BZ - 1666666 - [IPV6] tempest test fails - test_multi_prefix_dhcpv6_stateless
BZ - 1684242 - Request to upgrade BigSwitch related packages to 9.42.14-1 in OSP10
BZ - 1684533 - net.ipv6.conf.all.forwarding disabled in qrouter causing inter-tenant to fail when neutron router does not have a gateway
BZ - 1690387 - CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver (OSSA-2019-001) [openstack-10]
BZ - 1690745 - CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver

CVEs

CVE-2019-9735

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-neutron-9.4.1-40.el7ost.src.rpm	SHA-256: c698bc7ee16b8b7ba3ef46940bc0690a5bd3e5da2e710e6629a0ea6099b22938
openstack-neutron-lbaas-9.2.2-8.el7ost.src.rpm	SHA-256: 58bf63a636da960d959a328fed7f01178fc3759a96cba63f4d0483d05023a5fa
python-networking-bigswitch-9.42.14-1.el7ost.src.rpm	SHA-256: af1fdc1c865d1a843feac6ca6642bf9fb0800c900180902fb886d9fc86d1df03
x86_64
openstack-neutron-9.4.1-40.el7ost.noarch.rpm	SHA-256: b444892c2d4a25a1ea56622df7dcda724fe1dcae3c52bcd6fa31a90545890c5b
openstack-neutron-bigswitch-agent-9.42.14-1.el7ost.noarch.rpm	SHA-256: c42a49adc1a2802821b1ca642a963743c7b437b833f7a84a87b2abde1535bef0
openstack-neutron-bigswitch-lldp-9.42.14-1.el7ost.noarch.rpm	SHA-256: fe72081b0aece0140587376c85412c4640cc4d675bfb1cbade06dfb2aadea252
openstack-neutron-common-9.4.1-40.el7ost.noarch.rpm	SHA-256: f1ab691e34024d89e3efb971cee0bd8189209b746dabea3727f13a58ba756170
openstack-neutron-lbaas-9.2.2-8.el7ost.noarch.rpm	SHA-256: 3a4cdb759e5d877adebca029fd6f167324a4955fbc3a767c9873913b9d1b6f09
openstack-neutron-linuxbridge-9.4.1-40.el7ost.noarch.rpm	SHA-256: c5b1af7eead59126182efef330e41d5bf582f3d27884945e7bb0e5c0cf532a58
openstack-neutron-macvtap-agent-9.4.1-40.el7ost.noarch.rpm	SHA-256: fb87a5a55b2c0dafd02cd392ad4a26c836f5f7a5cd4937a23138550f36ce89aa
openstack-neutron-metering-agent-9.4.1-40.el7ost.noarch.rpm	SHA-256: 4e99db1bca68a5f7c74c30ab8e4af135fa513977980c4fbe09152e81ad954246
openstack-neutron-ml2-9.4.1-40.el7ost.noarch.rpm	SHA-256: 3add3bd8235f49e1f09b32f67c7721eec180e7ba26e6c81e8439e878b4a16dc8
openstack-neutron-openvswitch-9.4.1-40.el7ost.noarch.rpm	SHA-256: 9df6e35cdfbe8336a8717b01f6842c52363432cd525c156ceb628567520c17d5
openstack-neutron-rpc-server-9.4.1-40.el7ost.noarch.rpm	SHA-256: f7529e4e64f626218b1891e4919e1ec4a06d85e02c8e2574e5f5d9dade12057d
openstack-neutron-sriov-nic-agent-9.4.1-40.el7ost.noarch.rpm	SHA-256: eda3779a13d3bb107ed9c336d8f585c7372a93d5d2654c8400504f0f32433f80
python-networking-bigswitch-9.42.14-1.el7ost.noarch.rpm	SHA-256: d7fa4a27610d03fbc79f39764fab7c5e671efbaee7366ccdc18967467fa2077b
python-neutron-9.4.1-40.el7ost.noarch.rpm	SHA-256: ca95cd127bbfa93e73e5842d97b4abb282b1bd2af6b3944c5214cc0eecb62f23
python-neutron-lbaas-9.2.2-8.el7ost.noarch.rpm	SHA-256: 1200f006e2eff33628b52983aca2dd2804bb4d505748d66c8f3e31cc29685c20
python-neutron-lbaas-tests-9.2.2-8.el7ost.noarch.rpm	SHA-256: fd43afd2130868e58163daa05bc4659250d1f481a0b2f346539100d65ea0c717
python-neutron-tests-9.4.1-40.el7ost.noarch.rpm	SHA-256: 3893158fe574a87dd904a59ed847b837794aa358c95464aca3bf575b3928a66d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation