Lucene search

K
redhatRedHatRHSA-2016:0017
HistoryJan 10, 2016 - 11:07 p.m.

(RHSA-2016:0017) Important: openstack-nova security advisory

2016-01-1023:07:38
access.redhat.com
21
openstack compute
nova
security group updates
lvm
ceph
filesystem storage
cve-2015-7548
cve-2015-7713

EPSS

0.005

Percentile

77.2%

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

A flaw was discovered in the OpenStack Compute (nova) snapshot feature when
using the libvirt driver. A compute user could overwrite an attached
instance disk with a malicious header specifying a backing file, and then
request a snapshot, causing a file from the compute host to be leaked. This
flaw only affects LVM or Ceph setups, or setups using filesystem storage
with “use_cow_images = False”. (CVE-2015-7548)

A vulnerability was discovered in the way OpenStack Compute (nova)
networking handled security group updates; changes were not applied to
already running VM instances. A remote attacker could use this flaw to
access running VM instances. (CVE-2015-7713)

The CVE-2015-7548 issue was discovered by Matthew Booth of Red Hat
OpenStack Engineering.

All openstack-nova users are advised to upgrade to these updated packages,
which correct these issues.