(RHSA-2016:0013) Moderate: openstack-nova security and bug fix advisory

ID RHSA-2016:0013
Type redhat
Reporter RedHat
Modified 2018-03-19T16:26:57


OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. (CVE-2015-7713)

Additional bug fixes include:

  • Suspending an instance with a pre-created port that uses binding:vnic_type='direct' previously failed; this has been fixed with an update to the API.(BZ#1196054)

  • When using multipath-backed volumes using Object Storage (cinder), attach attempts failed without error. The handling of device identifiers has been updated and volumes can now be attached. (BZ#1206699)

  • Previously, OpenStack Compute did not conform to PEP8 conventions; this has been fixed. (BZ#1278411)

  • With a faulty lun in a multipath device, Compute tried to use the wrong device. Compute now uses the correct device, and instances can boot normally. (BZ#1280359)

  • When using a FCoE adapter instead of a FC adapter, volumes previously failed to attach to the VM. This issue has been fixed. (BZ#1284033)

All openstack-nova users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.