Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4391:01 Moderate: openstack-cinder security update

    Date 28 Oct 2020
    261
    Posted By LinuxSecurity Advisories
    An update for OpenStack Block Storage (cinder) is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: openstack-cinder security update
    Advisory ID:       RHSA-2020:4391-01
    Product:           Red Hat OpenStack Platform
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4391
    Issue date:        2020-10-28
    CVE Names:         CVE-2020-10755 
    =====================================================================
    
    1. Summary:
    
    An update for OpenStack Block Storage (cinder) is now available for Red Hat
    OpenStack Platform 13 (Queens).
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat OpenStack Platform 13.0 - noarch
    Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch
    
    3. Description:
    
    OpenStack Block Storage (cinder) manages block storage mounting and the
    presentation of such mounted block storage to instances. The backend
    physical storage can consist of local disks, or Fiber Channel, iSCSI, and
    NFS mounts attached to Compute nodes. In addition, Block Storage supports
    volume backups, and snapshots for temporary save and restore operations.
    Programmatic management is available via Block Storage's API.
    
    Security Fix(es):
    
    * Improper handling of ScaleIO backend credentials (CVE-2020-10755)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, and other related information, refer to the CVE page(s) listed in
    the References section.
    
    Bug Fix(es):
    
    * Before this update, FC live migration was failing. With this update, the
    correct device information is now sent to os-brick for FC for the
    corresponding host. Also, the device is now removed from the correct
    masking view when the live migration process has failed on the Compute
    node. (BZ#1841157)
    
    * Before this update, the 3PAR driver did not look at the `_name_id` field
    for a possible volume ID, which caused volumes to be unusable after a live
    migration. With this update, the driver is now aware of the `_name_id`
    field as an alternative location for the volume ID, and live migrated
    volumes now work as expected. (BZ#1841866)
    
    * Before this update, the internal temporary snapshot, created during async
    migration when creating a volume from a snapshot, was not being deleted
    from the VNX storage.
    
    For example, if we create a new volume, V2, from snapshot S1, which we
    created from volume V1, an internal temporary snapshot, S2, is created from
    copying S1. V1 now has two snapshots, S1 and S2. Although we delete V1, V2
    and S1 from OpenStack Block Storage (cinder), S2 is not deleted. This
    causes both V1 and S2 to remain on the VNX storage.
    
    With this update, the temporary snapshot, S2, is deleted, and V1 can be
    successfully deleted. (BZ#1843196)
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1741730 - Concurrent cloning of the same volume fails with cinder NFS driver when using cinder backed glance images
    1812988 - Partial cleanup after failed image to volume conversions
    1841157 - Dell EMC PowerMax Cinder driver fixes for backward compatibility and FC LIve Migration.
    1842748 - CVE-2020-10755 openstack-cinder:  Improper handling of ScaleIO backend credentials
    1843088 - Creating image-volume cache on NFS backend fails
    1843196 - [Backport][OSP13] VNX: delete the LUN from VNX backend
    1870569 - Rebase openstack-cinder to 8641eed
    
    6. Package List:
    
    Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
    
    Source:
    openstack-cinder-12.0.10-19.el7ost.src.rpm
    
    noarch:
    openstack-cinder-12.0.10-19.el7ost.noarch.rpm
    python-cinder-12.0.10-19.el7ost.noarch.rpm
    
    Red Hat OpenStack Platform 13.0:
    
    Source:
    openstack-cinder-12.0.10-19.el7ost.src.rpm
    
    noarch:
    openstack-cinder-12.0.10-19.el7ost.noarch.rpm
    python-cinder-12.0.10-19.el7ost.noarch.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2020-10755
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX5m7i9zjgjWX9erEAQgStw//Xd8To5V8I2G2HpHDlzuLntu0Wtiugyxb
    Jvx0v4MnkC2WdRbeBWhxN9aLvbv9ewNAJTnO7fGTcqlKKflAQt2Dg8kTakiKeJhU
    HHkwUIPrHvOw+VjdDyRzx8siPhKLxZFXVo3caX24QOwmKOpbiey4cDnOfZmXZFlW
    +usfmGtxMdsST+usmA+XI9Lx07VvOyDqxSF1pjhptAtLflkcSiB0b/vBMOsxY6K1
    8rQuKmjFgeE2apaIMA57tw+APM9J9j3I9ABB6z4bQOaMMSLBFlMCWOAY7eJiSv9Q
    jRpZHoyH3FQ9fhVForkZecxvz9ovEyUKvCnypYkv+sskzrMPJuOcvXOCdXf8y7sF
    LGGgbi9ejhVBeuxAPp+0jZ1O0PKTVUj/pbxny4DeLE9BkCJaD6+KQARxEGWvpZ7L
    7CuOaZB6o/G3O2GQ0/lAXiuJrHlobsvAC4qSWY6IUgGEBoiKHQZg0qr8xxuD/9qi
    lqKsD1o4HTHE1QF3f12y1eLVELpSAQ8t/JOwvLooz2ny+L6whjDOgiXG6nGSq92r
    lt4LPVu1Ro/ceavAtw6Fx4/YLPfsGawq4CcPFFoTXB2TaWgYEKby7mRePjX0/jSl
    eRauhxtTl/rq/GHYh0Oeljaye1kuZj89hJGyPX4qqO9kquapekhn5a1nkvHtwO2f
    Q//Rf0IvAlc=
    =TVX4
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.