(RHSA-2018:0314) Moderate: openstack-nova security and bug fix update

OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects.

Security Fix(es):

• By rebuilding an instance using a new image, an authenticated user may be able to circumvent the Filter Scheduler, bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). (CVE-2017-16239)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges George Shuklin (Servers.com) as the original reporter.

Bug Fix(es):

• A recent update caused OpenStack Compute to ignore the disk cache mode configuration. This caused I/O performance degradation in instances. This fix corrects how OpenStack Compute configures disk caching. Instances no longer suffer performance degradation. (BZ#1508647)