Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)
  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus
  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products

Quick links: redhat.com, Customer Portal, Red Hat's developer site, Red Hat's partner site.

  • You are here

    Red Hat

    Learn about our open source products, services, and company.

  • You are here

    Red Hat Customer Portal

    Get product support and knowledge from the open source experts.

  • You are here

    Red Hat Developer

    Read developer tutorials and download Red Hat software for cloud application development.

  • You are here

    Red Hat Partner Connect

    Get training, subscriptions, certifications, and more for partners to build, sell, and support customer solutions.

Products & tools

  • Ansible.com

    Learn about and try our IT automation product.
  • Red Hat Ecosystem Catalog

    Find hardware, software, and cloud providers―and download container images―certified to perform with Red Hat technologies.

Try, buy, & sell

  • Red Hat Hybrid Cloud Console

    Access technical how-tos, tutorials, and learning paths focused on Red Hat’s hybrid cloud managed services.
  • Red Hat Store

    Buy select Red Hat products and services online.
  • Red Hat Marketplace

    Try, buy, sell, and manage certified enterprise software for container-based environments.

Events

  • Red Hat Summit and AnsibleFest

    Register for and learn about our annual open source IT industry event.
Red Hat Product Errata RHSA-2022:0999 - Security Advisory
Issued:
2022-03-23
Updated:
2022-03-23

RHSA-2022:0999 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Compute (codename Nova) is open source software designed
to provision and manage large networks of virtual machines,creating a
redundant and scalable cloud computing platform. It gives you the software,
control panels, and APIs required to orchestrate a cloud, including running
instances, managing networks, and controlling access through users and
projects.OpenStack Compute strives to be both hardware and hypervisor
agnostic, currently supporting a variety of standard hardware
configurations and seven major hypervisors.

Security Fix(es):

  • novnc allows open redirection (CVE-2021-3654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Bug Fix(es):

  • Red Hat OpenStack Platform (RHOSP) does not support the use of a fully qualified domain name (FQDN) as the instance display name in a boot server request. The instance display name is passed from the boot server request to the `instance.hostname` field. Some customers use this unsupported naming in their workflows.

A recent update [1] now sanitizes the `instance.hostname` field. The sanitization steps include replacing periods with dashes, a replacement that makes it impossible to continue using the unsupported FQDN instance display names.

This update provides a temporary workaround for customers who use a fully qualified domain name (FQDN) as the instance display name in a boot server request. It limits the scope of the sanitization to cases where the instance display name ends with a period followed by one or more numeric digits.

If you use FQDN as the instance display name in a boot server request, modify your workflow before upgrading to RHOSP 17. (BZ#2036652)

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack for IBM Power 16.2 ppc64le
  • Red Hat OpenStack 16.2 x86_64

Fixes

  • BZ - 1729485 - [OSP16.2] "Invalid PCI devices Whitelist config error" configuring passthrough_whitelist with new 40Gb NICs due domain in PCI address is greater than FFFF
  • BZ - 1908405 - Nova is out of sync with ironic as hypervisor list in nova does not agree with ironic list after reboot of the nodes
  • BZ - 1915096 - [OSP16.2] NUMA instance spawn fails on get_best_cpu_topology when there is no 'threads' preference
  • BZ - 1961439 - CVE-2021-3654 openstack-nova: novnc allows open redirection
  • BZ - 1968735 - [OSP16.2][neutron]http_retries config option value not being used for calls to the port binding API
  • BZ - 1972706 - [OSP 16.2] After host reboot VM goes to error state due to nova-compute EmptyCatalog error
  • BZ - 1987225 - Compute service DOWN after FFU from RHOSP13 to 16.1 because service version is still 30.
  • BZ - 1992863 - [OSP 16.2] Avoid duplicate BDMs during reserve_block_device_name
  • BZ - 1998556 - [OSP 16.2] Attempting to start or hard reboot a users instance as an admin with encrypted rbd volumes leaves the instance unbootable
  • BZ - 1999583 - [OSP 16.2] Provide a workaround option and/or nova-manage command to force the refresh of connection_info during a hard reboot
  • BZ - 2036652 - [HOTFIX] [OSP 16.2] - option for disabling FIX on instance name sanity check
  • BZ - 2036690 - If an upper case mac address is used in a heat template, live migration won't work in nova

CVEs

  • CVE-2021-3654

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack for IBM Power 16.2

SRPM
openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.src.rpm SHA-256: ee31c0207b1dcfeb73d9826940131adcd80f55724e2cee6f3d0ea6acae1fd874
ppc64le
openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: d7da2cc615dcc22d7d3b0421cce04460da23c386a7b0fdd2a9e8d87981fa6d38
openstack-nova-api-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: f253fd0ac3be1d81737b96eac53834fee800fcf8985701ca5d2fd5d679061055
openstack-nova-common-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 225abdc9bee1cd04a51af53247bf6f445795613ba55f4253dd146e50fadc3ec3
openstack-nova-compute-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1d15a81a66a89f47c0b1887dff041d693cc00fdd91ef2e52b666bc5320b43d2c
openstack-nova-conductor-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1a475f8820a65975cc8977066621454eb1adedb493f0edf49df361a5d4d816c5
openstack-nova-console-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 60eba89607816fac656b6218d452fb94e330c7142d97e22b6c94149f5f622e0b
openstack-nova-migration-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 7399953eace53a5cb21f638f40a974ef3ffbc8a8b65827e78c225534255a8981
openstack-nova-novncproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: cce02968f2bd01b7bdedc742e111e0e61091df9afe05b6676d58b51f307cb273
openstack-nova-scheduler-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 77c3a1ba97b6166b0f174076f84be24776e9b7ca8fc6c02a69851c0200bd50ab
openstack-nova-serialproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1b5d64b690df294e4ae880fa9191650ccd0a2bdcfbff217a86b4e0ea20a93ffc
openstack-nova-spicehtml5proxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: f529d1790c6eb9805866f350e06f128ed5446ca7611535056e28a5fc3585b095
python3-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 04295d438af2b68b0029eead05a32a7c0f6f8653fd440a371acbcc4662966579

Red Hat OpenStack 16.2

SRPM
openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.src.rpm SHA-256: ee31c0207b1dcfeb73d9826940131adcd80f55724e2cee6f3d0ea6acae1fd874
x86_64
openstack-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: d7da2cc615dcc22d7d3b0421cce04460da23c386a7b0fdd2a9e8d87981fa6d38
openstack-nova-api-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: f253fd0ac3be1d81737b96eac53834fee800fcf8985701ca5d2fd5d679061055
openstack-nova-common-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 225abdc9bee1cd04a51af53247bf6f445795613ba55f4253dd146e50fadc3ec3
openstack-nova-compute-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1d15a81a66a89f47c0b1887dff041d693cc00fdd91ef2e52b666bc5320b43d2c
openstack-nova-conductor-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1a475f8820a65975cc8977066621454eb1adedb493f0edf49df361a5d4d816c5
openstack-nova-console-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 60eba89607816fac656b6218d452fb94e330c7142d97e22b6c94149f5f622e0b
openstack-nova-migration-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 7399953eace53a5cb21f638f40a974ef3ffbc8a8b65827e78c225534255a8981
openstack-nova-novncproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: cce02968f2bd01b7bdedc742e111e0e61091df9afe05b6676d58b51f307cb273
openstack-nova-scheduler-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 77c3a1ba97b6166b0f174076f84be24776e9b7ca8fc6c02a69851c0200bd50ab
openstack-nova-serialproxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 1b5d64b690df294e4ae880fa9191650ccd0a2bdcfbff217a86b4e0ea20a93ffc
openstack-nova-spicehtml5proxy-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: f529d1790c6eb9805866f350e06f128ed5446ca7611535056e28a5fc3585b095
python3-nova-20.6.2-2.20220112164912.8906554.el8ost.noarch.rpm SHA-256: 04295d438af2b68b0029eead05a32a7c0f6f8653fd440a371acbcc4662966579

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Diversity, equity, and inclusion
  • Cool Stuff Store
  • Red Hat Summit
© 2024 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility