(RHSA-2015:2684) Moderate: openstack-nova secuity and bug fix advisory

ID RHSA-2015:2684
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:44


OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. (CVE-2015-7713)

Additional bug fixes include:

  • In some cases, Compute did not start instances when RHEL was installed with a locale other than en_US. The update ensures that logging an exception no longer causes Unicode issues. (BZ#1190837)

All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.