-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 16.1 (openstack-nova) security update Advisory ID: RHSA-2022:0983-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0983 Issue date: 2022-03-24 CVE Names: CVE-2021-3654 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.1 - noarch 3. Description: OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Security Fix(es): * novnc allows open redirection (CVE-2021-3654) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1961439 - CVE-2021-3654 openstack-nova: novnc allows open redirection 1977667 - Compute service DOWN after FFU from RHOSP13 to 16.1 because service version is still 30. 1999588 - [OSP 16.1.8] Provide a workaround option and/or nova-manage command to force the refresh of connection_info during a hard reboot 2002773 - [OSP16.1] Nova is out of sync with ironic as hypervisor list in nova does not agree with ironic list after reboot of the nodes 2003258 - [OSP16.1] vm creation interrupted by cluster degradation results in required nova cell information being unpopulated. 2020313 - If an upper case mac address is used in a heat template, live migration won't work in nova 6. Package List: Red Hat OpenStack Platform 16.1: Source: openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.src.rpm noarch: openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-api-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-common-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-compute-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-conductor-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-console-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-migration-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-novncproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-scheduler-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-serialproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm python3-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3654 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYjyOj9zjgjWX9erEAQh9EQ//UjGfTELgcyBvPIg/+KGRhz5PI0IfcZz5 H81DndCxNZcR7uMy2sbv7I1N6gfknJVhcGVBnNbaPGv2M1UTe4a8tylnGeFytiJg B6dAxjvuWMr5eRzSWYJWi4mpcGodBVwcrwXM4LWVtoH3gL2iYEs1yI3yPjkB8SQJ N2IWUkwPdeGaYpLt4onyQ24bQPy060WNxgSNBEglgmzIg9H2XOWmT9ItQRoqKme1 2hto3VyA9q5SWnmb6VWnf7TZ922nuZVgDBICU0UvVbVExhe6530/kYb5frOIfEfa pRrAHnSUrV9/SUHwzml5OC3cSmBEojFLdUkFRf03p/gSFwDmhuJtiH+6MgMU1+BG AlhlXTrqFezts/KznBg86E9DBhl6T8oGxAVP1cXVRUrG+siPBYQi4/atXVEJLl/8 wvX44Xq7FLqy5YDSGN/OEN5ExmjQbBgF2krYgPJlEP2DK671YOc4s8cDzUw8QhAo T9gEYy8L6j0oUzNHDsDzkjtCHhTavUz2uv9s9dZSh7Mhp0Ew9Hu6yq/fM5+ORIIb 7mLz3bDSyH8oCT9n1tSnzdTJe64VMwxRoLljP7AXAW95Th3qcSCkRYc1Xdod/ocF SvkkYlGj2UaJSYv3wPFi1WMKJQoZ3TPRv9fvHKMu7ua0OhjQSN61P245Hn82RaJE m12fF1p1eJs=u4ed -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce