Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

RedHat: RHSA-2020-3704-01 Critical OpenStack-Nova Soft Reboot Issue

Calendar Sep 10, 2020 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security update important malicious attack openstack-nova red hat openstack platform soft reboot
An update for openstack-nova is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: openstack-nova security update
Advisory ID:       RHSA-2020:3704-01
Product:           Red Hat OpenStack Platform
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:3704
Issue date:        2020-09-10
CVE Names:         CVE-2020-17376 
====================================================================
1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack
Platform 16 (Train).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.0 - noarch

3. Description:

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

Security Fix(es):

* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

6. Package List:

Red Hat OpenStack Platform 16.0:

Source:
openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.src.rpm

noarch:
openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-api-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-common-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-compute-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-conductor-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-console-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-migration-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-novncproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-scheduler-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-serialproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-spicehtml5proxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
python3-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX1m1OtzjgjWX9erEAQg3vw//dmnTYdpD+nDi/hWb3eQV12JsPb0opsHL
LIAIixmWSSYCH6MtQcbeYdkeX3LDL2d1D7mDbFF0qRjdH05J45uJkXv8C4UmMjc/
GbOYKmlGZBjoaESEF7EQUTqjNAGa+5CUFmm2j5CKSzBLXsujpuCl5Rk0gke7QK1J
BHNTMe7pksywd7R0bPcpnGoeeWGKVQ4VTSFtz8nmf0FgrIT71UCV01DuBhVEFRCx
Ywuy5tDSvb4YTA8C+MNmxhRmfV+5WKCOaq7Lb6boceD5z5RS0n2EXjHDXjpYBd1l
AOnCyECGI5hiXAhYaMboZ1NvoGlNE8ojhoU5SPwravnx0SN/5KR46IrImCeWiUk0
mNK3EsICb7jPvJ+P54BnInZuujNPUMoTox75XssM2EHKoEiVttPXB0lnUQOx4roG
tpnHAjSS4qIrambg5qcNwFzLaHCJZv02GbAJImI79xFkRaq9oylkWaJkqEaKIBd2
WKszo1/4ucRpKpEiIyW/6vc4X9tDpq0XwNX2M0lUoD+KjwlEnRpsRWwEt0LIt13S
o5y7OITcp60XXwyk33Vxe/6ljCGeHBlRZBK0n3O+BFHMgDV6LOCIr15IOxHCq+BY
VIkKqWp0qCmFgN6xSbXzJlGev7zA999mHZiDQiUKriwW9/Pc1Iy5BXTCSYzs6YoO
LlpIbZIM5EE=RQmt
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

RedHat: RHSA-2020-3704-01 Critical OpenStack-Nova Soft Reboot Issue

red hat
Calendar Grey September 10, 2020
Dist Redhat Esm H88
Ubuntu Cloud Infrastructure 20 has been released with significant enhancements for nova-compute, resolving key vulnerabilities.
An update for openstack-nova is now available for Red Hat OpenStack Platform 16 (Train)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Topics%20covered

Topics Covered

security advisory security update important malicious attack openstack-nova red hat openstack platform soft reboot

References

https://access.redhat.com/security/cve/CVE-2020-17376 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat OpenStack Platform 16.0:
Source: openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.src.rpm
noarch: openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-api-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-common-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-compute-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-conductor-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-console-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-migration-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-novncproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-scheduler-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-serialproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm python3-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:3704-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3704
Issue date: 2020-09-10

Topic

An update for openstack-nova is now available for Red Hat OpenStackPlatform 16 (Train).Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update important malicious attack openstack-nova red hat openstack platform soft reboot

Relevant Releases Architectures

Red Hat OpenStack Platform 16.0 - noarch

Bugs Fixed

1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here