Red Hat OpenStack 4.0: RHSA-2014-1691 Important: PackStack Security Issue

PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations.
It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirt_vif_driver configuration option if the Open vSwitch (OVS) monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova configuration was manually modified after PackStack was started. (CVE-2014-3703)
This issue was discovered by Yair Fried of Red Hat.
This update also fixes the following bug:
* This update fixes a dependency issue between the openstack-cinder-api and openstack-cinder-backup services. The openstack-cinder-backup service is now guaranteed to be started during PackStack installation. (BZ#1075609)
In addition, this update adds the following enhancements:
* This update enables mysqld performance improvement if users add the following configuration options to the /etc/my.cnf file:
innodb_buffer_pool_size = (10-20% of available memory) innodb_flush_method = O_DIRECT innodb_file_per_table
These improvements are expected to be the default settings in the next release. (BZ#1078999)
* With this update, PackStack now consistently performs the installation of the sos, sos-plugins-openstack, and rhos-collector packages on all hosts. (BZ#1131619)
All openstack-packstack users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.