(RHSA-2016:0366) Important: openstack-nova security update

2016-03-0800:00:00

access.redhat.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

OpenStack Compute (nova) launches and schedules large networks of
virtual machines, creating a redundant and scalable cloud computing
platform. Compute provides the software, control panels, and APIs
required to orchestrate a cloud, including running virtual machine
instances and controlling access through users and projects.

An information-exposure flaw was found in the OpenStack Compute (nova)
resize and migrate functionality. An authenticated user could write a
malicious qcow header to an ephemeral or root disk, referencing a block
device as a backing file. With a subsequent resize or migration, file
system content on the specified device would be leaked to the user. Only
setups using libvirt with raw storage and “use_cow_images = False” were
affected. (CVE-2016-2140)

This issue was discovered by Matthew Booth of Red Hat.

All openstack-nova users are advised to upgrade to these updated packages,
which correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchpython-nova< 2014.1.5-29.el6ostpython-nova-2014.1.5-29.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-api< 2014.1.5-29.el6ostopenstack-nova-api-2014.1.5-29.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-console< 2014.1.5-29.el6ostopenstack-nova-console-2014.1.5-29.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-conductor< 2014.1.5-28.el6ostopenstack-nova-conductor-2014.1.5-28.el6ost.noarch.rpm
RedHat6srcopenstack-nova< 2014.1.5-28.el6ostopenstack-nova-2014.1.5-28.el6ost.src.rpm
RedHat6noarchopenstack-nova-network< 2014.1.5-28.el6ostopenstack-nova-network-2014.1.5-28.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-objectstore< 2014.1.5-28.el6ostopenstack-nova-objectstore-2014.1.5-28.el6ost.noarch.rpm
RedHat6noarchpython-nova< 2014.1.5-28.el6ostpython-nova-2014.1.5-28.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-conductor< 2014.1.5-29.el6ostopenstack-nova-conductor-2014.1.5-29.el6ost.noarch.rpm
RedHat6noarchopenstack-nova-cert< 2014.1.5-28.el6ostopenstack-nova-cert-2014.1.5-28.el6ost.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	noarch	python-nova	< 2014.1.5-29.el6ost	python-nova-2014.1.5-29.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-api	< 2014.1.5-29.el6ost	openstack-nova-api-2014.1.5-29.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-console	< 2014.1.5-29.el6ost	openstack-nova-console-2014.1.5-29.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-conductor	< 2014.1.5-28.el6ost	openstack-nova-conductor-2014.1.5-28.el6ost.noarch.rpm
RedHat	6	src	openstack-nova	< 2014.1.5-28.el6ost	openstack-nova-2014.1.5-28.el6ost.src.rpm
RedHat	6	noarch	openstack-nova-network	< 2014.1.5-28.el6ost	openstack-nova-network-2014.1.5-28.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-objectstore	< 2014.1.5-28.el6ost	openstack-nova-objectstore-2014.1.5-28.el6ost.noarch.rpm
RedHat	6	noarch	python-nova	< 2014.1.5-28.el6ost	python-nova-2014.1.5-28.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-conductor	< 2014.1.5-29.el6ost	openstack-nova-conductor-2014.1.5-29.el6ost.noarch.rpm
RedHat	6	noarch	openstack-nova-cert	< 2014.1.5-28.el6ost	openstack-nova-cert-2014.1.5-28.el6ost.noarch.rpm