RedHat: RHSA-2015-2684:01 Moderate: openstack-nova secuity and bug fix
Summary
OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.
A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)
Additional bug fixes include:
* In some cases, Compute did not start instances when RHEL was
installed with a locale other than en_US. The update ensures that
logging an exception no longer causes Unicode issues. (BZ#1190837)
All openstack-nova users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.
Summary
Solution
Before applying this update, ensure all previously released errata
relevant to your system have been applied.
Red Hat Enterprise Linux OpenStack Platform 5 runs on Red Hat
Enterprise Linux 7.2.
The Red Hat Enterprise Linux OpenStack Platform 5 Release Notes
contain the following:
* An explanation of the way in which the provided components
interact to form a working cloud computing environment.
* Technology Previews, Recommended Practices, and Known Issues.
* The channels required for Red Hat Enterprise Linux OpenStack
Platform 5, including which channels need to be enabled and
disabled.
The Release Notes are available at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
_OpenStack_Platform/5/html/Release_Notes/index.html
This update is available through the Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
References
https://access.redhat.com/security/cve/CVE-2015-7713 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7:
Source:
openstack-nova-2014.1.5-9.el7ost.src.rpm
noarch:
openstack-nova-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-api-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-cells-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-cert-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-common-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-compute-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-conductor-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-console-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-doc-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-network-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-novncproxy-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-objectstore-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-scheduler-2014.1.5-9.el7ost.noarch.rpm
openstack-nova-serialproxy-2014.1.5-9.el7ost.noarch.rpm
python-nova-2014.1.5-9.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
Updated OpenStack Compute packages that resolve one security issueand a bug are now available for Red Hat Enterprise Linux OpenStackPlatform 5.0 for RHEL 7.Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch
Bugs Fixed
1190837 - Nova may not start instances when OS is installed with locale not en_US
1269119 - CVE-2015-7713 openstack-nova: network security group changes are not applied to running instances