what you don't know can hurt you

Red Hat Security Advisory 2018-2332-01

Red Hat Security Advisory 2018-2332-01
Posted Aug 20, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2332-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2017-18191
MD5 | 81dd32efbb86efb40a8ddfb65113d604

Red Hat Security Advisory 2018-2332-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: openstack-nova security, bug fix, and enhancement update
Advisory ID: RHSA-2018:2332-01
Product: Red Hat Enterprise Linux OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2332
Issue date: 2018-08-20
CVE Names: CVE-2017-18191
=====================================================================

1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack
Platform 12.0 (Pike).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 12.0 - noarch

3. Description:

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

The following packages have been upgraded to a later upstream version:
openstack-nova (16.1.4). (BZ#1591212)

Security Fix(es):

* openstack-nova: Swapping encrypted volumes can allow an attacker to
corrupt the LUKS header causing a denial of service in the host
(CVE-2017-18191)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

For more information about the bug fixes and enhancements included with
this update, see the "Technical Notes" section of the Release Notes
linked in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1516271 - [RHOS-12.0.z] Add RPM deps to require install of qemu-kvm-rhev, not qemu-kvm-rhel
1537047 - Bug in log output in hardware.py "Not enough available memory to schedule instance" prints full memory instead of available memory
1539703 - By rebuilding twice with the same "forbidden" image one can circumvent scheduler rebuild restrictions
1546937 - CVE-2017-18191 openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
1547578 - Nova assumes that a volume is fully detached from the compute if the volume is not defined in the instance's libvirt definition
1556851 - Instance hard reboots fail due to a TimeoutException being thrown waiting for vif-plugged events from Neutron
1557938 - [BACKPORT Request] Nova returns a traceback when it's unable to detach a volume still in use
1558706 - [OSP 12] nova get-password returns blank line
1569955 - preallocate_images = space is not honoured when using qcow2
1570314 - When creating a stack with not enough resource, volumes remain in attaching
1572836 - nova-compute should log messages about stale resource allocations at warning priority
1573799 - Fix setting tx_queue_size when rx_queue_size is not set
1575985 - Duplicate imports of oslo_config types
1579785 - On split-stack setups, left over node information prevents a node from rejoin the cloud
1590514 - Rebase openstack-nova to aa7714c
1591212 - Rebase openstack-nova to 16.1.4
1591296 - [RHOS-12][rebase] Lift the restriction on choices for `cpu_model_extra_flags` config attribute

6. Package List:

Red Hat OpenStack Platform 12.0:

Source:
openstack-nova-16.1.4-6.el7ost.src.rpm

noarch:
openstack-nova-16.1.4-6.el7ost.noarch.rpm
openstack-nova-api-16.1.4-6.el7ost.noarch.rpm
openstack-nova-cells-16.1.4-6.el7ost.noarch.rpm
openstack-nova-common-16.1.4-6.el7ost.noarch.rpm
openstack-nova-compute-16.1.4-6.el7ost.noarch.rpm
openstack-nova-conductor-16.1.4-6.el7ost.noarch.rpm
openstack-nova-console-16.1.4-6.el7ost.noarch.rpm
openstack-nova-migration-16.1.4-6.el7ost.noarch.rpm
openstack-nova-network-16.1.4-6.el7ost.noarch.rpm
openstack-nova-novncproxy-16.1.4-6.el7ost.noarch.rpm
openstack-nova-placement-api-16.1.4-6.el7ost.noarch.rpm
openstack-nova-scheduler-16.1.4-6.el7ost.noarch.rpm
openstack-nova-serialproxy-16.1.4-6.el7ost.noarch.rpm
openstack-nova-spicehtml5proxy-16.1.4-6.el7ost.noarch.rpm
python-nova-16.1.4-6.el7ost.noarch.rpm
python-nova-tests-16.1.4-6.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-18191
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/12/html/release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW3q6ntzjgjWX9erEAQijWg//cXtsrbGKFi/TZ7QQGLaYdD7keVNnNtfo
RoZvFtMZxJFYXPWvd0thq5ma2+LwjkC5SeEfxPzSI6soCgFnwVmnO1W6SacOToFz
EsEg5GTPi85qIpvoEH8BNg7L5wLIh3FPnkVlCaRlG6p6yzGoOu4v72CYq1Zuws9e
5qlh7O/aKUCyJOkk7sgAp3nnUzXzzc0yRIeTxW4C1xuS2OjuMCCJKH1mlLcnA4Tm
Dh5LSKuYkZpC5SO+V1wPrR4ubuPXNr7hjldRcpQzjowP95nHYBfYzu41OrphAaAZ
Q2BmzVdqT/8TGpU8aRCZmxY4SE/14jDaXhYKhbrLys3+WDsXMXmxBUvwRXFF35wt
tVsQr+rmSI9IBLnvxKA2LraCnvWNg/NZKKZPqBvSrxVkrvaymbpZrvo7KqAaREpk
A2Xr/bfCvD+Dhl8C01z3PsXhDafj6zIBwffjzJbDVlzxoq39mjxy0JZrkKHpJdZ4
bSL/cZ3+ldSwDkgYye5tMMUocY8l6mliGJA7/uVCjeOeMjSD++FlPH+zXAS21LOV
S5DyN+PPIYke8XZPpiu6ZMEHFVSZRc/XN27UJfaKnIB77PFewgUo/rNFTiGkE33A
7FwKtCcz3VIJXkspea93wtAzGawmrNU9Cx4slfm7boOVrtjSIOjC6WtBH+F6a9z3
l3UQ8NJTGss=
=LF1S
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close