RedHat: RHSA-2019-0916:01 Important: Red Hat Enterprise Linux OpenStack
Summary
OpenStack Networking (neutron) is a pluggable, scalable, and API-driven
system that provisions networking services to virtual machines. Its main
function is to manage connectivity to and from virtual machines.
The following packages have been upgraded to a later upstream version:
openstack-neutron (9.4.1), openstack-neutron-lbaas (9.2.2),
python-networking-bigswitch (9.42.14). (BZ#1684242)
Security Fix(es):
* openstack-neutron: incorrect validation of port settings in iptables
security group driver (CVE-2019-9735)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2019-9735 https://access.redhat.com/security/updates/classification/#important
Package List
Red Hat OpenStack Platform 10.0:
Source:
openstack-neutron-9.4.1-40.el7ost.src.rpm
openstack-neutron-lbaas-9.2.2-8.el7ost.src.rpm
python-networking-bigswitch-9.42.14-1.el7ost.src.rpm
noarch:
openstack-neutron-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-bigswitch-agent-9.42.14-1.el7ost.noarch.rpm
openstack-neutron-bigswitch-lldp-9.42.14-1.el7ost.noarch.rpm
openstack-neutron-common-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-lbaas-9.2.2-8.el7ost.noarch.rpm
openstack-neutron-linuxbridge-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-macvtap-agent-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-metering-agent-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-ml2-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-openvswitch-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-rpc-server-9.4.1-40.el7ost.noarch.rpm
openstack-neutron-sriov-nic-agent-9.4.1-40.el7ost.noarch.rpm
python-networking-bigswitch-9.42.14-1.el7ost.noarch.rpm
python-neutron-9.4.1-40.el7ost.noarch.rpm
python-neutron-lbaas-9.2.2-8.el7ost.noarch.rpm
python-neutron-lbaas-tests-9.2.2-8.el7ost.noarch.rpm
python-neutron-tests-9.4.1-40.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for openstack-neutron, openstack-neutron-lbaas, andpython-networking-bigswitch is now available for Red Hat OpenStack Platform10.0 (Newton).Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat OpenStack Platform 10.0 - noarch
Bugs Fixed
1578844 - Transient virtual interface creation failures in dynamic environment
1637463 - Heat delete does not work if router has more than one subnet interface attached
1656398 - Multiple VMs stuck at Powering-On state after restart of overcloud nodes
1656443 - Supported migration path to migrate from "Openvswitch Firewall Driver"
1665239 - [rhos-prio] StaleDataError: UPDATE statement on table 'standardattributes' expected to update 1 row(s); 0 were matched when creating a lot of security group rules through heat
1666666 - [IPV6] tempest test fails - test_multi_prefix_dhcpv6_stateless
1684242 - Request to upgrade BigSwitch related packages to 9.42.14-1 in OSP10
1684533 - net.ipv6.conf.all.forwarding disabled in qrouter causing inter-tenant to fail when neutron router does not have a gateway
1690387 - CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver (OSSA-2019-001) [openstack-10]
1690745 - CVE-2019-9735 openstack-neutron: incorrect validation of port settings in iptables security group driver