5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
74.1%
OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.
A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)
Additional bug fixes include:
Suspending an instance with a pre-created port that uses
binding:vnic_type=‘direct’ previously failed; this has been fixed
with an update to the API.(BZ#1196054)
When using multipath-backed volumes using Object Storage (cinder),
attach attempts failed without error. The handling of device
identifiers has been updated and volumes can now be attached.
(BZ#1206699)
Previously, OpenStack Compute did not conform to PEP8 conventions;
this has been fixed. (BZ#1278411)
With a faulty lun in a multipath device, Compute tried to use the
wrong device. Compute now uses the correct device, and instances
can boot normally. (BZ#1280359)
When using a FCoE adapter instead of a FC adapter, volumes
previously failed to attach to the VM. This issue has been fixed.
(BZ#1284033)
All openstack-nova users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements.