Red Hat Product Errata RHSA-2019:2631 - Security Advisory

Issued:: 2019-09-03
Updated:: 2019-09-03

RHSA-2019:2631 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openstack-nova security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for openstack-nova is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

openstack-nova: Nova server resource faults leak external exception details (CVE-2019-14433)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 10 x86_64

Fixes

BZ - 1669225 - [BACKPORT Request] Nova returns a traceback when it's unable to detach a volume still in use
BZ - 1697517 - [OSP10.z] Creating snapshot fails when image metadata has version field
BZ - 1711390 - Scheduler is dumping all instances on a compute host
BZ - 1721754 - nova-compute continuously records "Instance not resizing, skipping migration." for evacuated instances
BZ - 1735522 - CVE-2019-14433 openstack-nova: Nova server resource faults leak external exception details

CVEs

CVE-2019-14433

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 10

SRPM
openstack-nova-14.1.0-56.el7ost.src.rpm	SHA-256: d63ef19cdc0c29e9a739175d4a8baf299f8b1fdd6aef8460524229d6224d19ec
x86_64
openstack-nova-14.1.0-56.el7ost.noarch.rpm	SHA-256: 95da4280ce80f005eb3a0056a7455d10a90db88526d21bec85bcafb9117e72fe
openstack-nova-api-14.1.0-56.el7ost.noarch.rpm	SHA-256: 9db72af0e7dc99f501dee349b7de7ebdec04121507cbcfe0c373a95935e094a0
openstack-nova-cells-14.1.0-56.el7ost.noarch.rpm	SHA-256: 42946d2e8c02bbd3376de9b081fb475967222efa9f068bd684d180bc128dd98e
openstack-nova-cert-14.1.0-56.el7ost.noarch.rpm	SHA-256: 0b9ad710af87330251f2fa5a59abd431d26f697dcf894a951361e58d072666cc
openstack-nova-common-14.1.0-56.el7ost.noarch.rpm	SHA-256: 5c58dc53d52815551745c33e26161b00fb37dcb467c40ba6a7393eb441f18b26
openstack-nova-compute-14.1.0-56.el7ost.noarch.rpm	SHA-256: 5ece9faca69665064505b214e89c8100c70dff2ee276393ffe0d0418db5459ba
openstack-nova-conductor-14.1.0-56.el7ost.noarch.rpm	SHA-256: 2ceb3997627665d83b0f672bdbe0c5906e04e7f042f67782ee305520d56b5d19
openstack-nova-console-14.1.0-56.el7ost.noarch.rpm	SHA-256: a19bb667f25c8ac6773062b1c1905cb04a46aa387588211af6409e6836fbbe91
openstack-nova-migration-14.1.0-56.el7ost.noarch.rpm	SHA-256: 3a0d051b23814586e4ea8187482b0ea1ef51df17124a01580fde0f2b4b6511ad
openstack-nova-network-14.1.0-56.el7ost.noarch.rpm	SHA-256: f63ee869fe2747ce77577590d0f7b1639fa71266f0dce73264494c3aeafd9a4e
openstack-nova-novncproxy-14.1.0-56.el7ost.noarch.rpm	SHA-256: d714d80e0ed9d289811b1e60dba2e8f0312c04d760720de061e7331c728ef474
openstack-nova-placement-api-14.1.0-56.el7ost.noarch.rpm	SHA-256: 6a8ef322d47648c3368e9758476d704b7d8e925887c7c3c6db3c74f68729a6b2
openstack-nova-scheduler-14.1.0-56.el7ost.noarch.rpm	SHA-256: 6a35db816ab06b7ed557f70dde23b17a9f511546fa9c2f8c14b918dc6020c1e4
openstack-nova-serialproxy-14.1.0-56.el7ost.noarch.rpm	SHA-256: bce9aa6235c8d7b451537e7f4921ec869efa7ff8969e409ebea36bc97114a458
openstack-nova-spicehtml5proxy-14.1.0-56.el7ost.noarch.rpm	SHA-256: d94863138fac96a567f5e14011b104c3a36ebbf1468b5226e40e09ce89bb5abd
python-nova-14.1.0-56.el7ost.noarch.rpm	SHA-256: 122b13e04a717d93c2edde4d2e73d08f967c6e951e226ba87a8809c22ee502aa
python-nova-tests-14.1.0-56.el7ost.noarch.rpm	SHA-256: 683f52138678fabc795584974a80c1b399fcea51278e945e419e9ae1c0dc44c3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories