(RHSA-2018:2714) Moderate: openstack-nova security and bug fix update

OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.

Security Fix(es):

• openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section.

Bug Fix(es):

• Previously, the MTU of TAP devices was not configured. As a result, the network could be configured with a different MTU than a guest TAP device.

With this update, you can configure libvirt when you create the TAP device for the guest. Nova passes the correct parameter to libvirt, and the TAP device now has the same configuration as the network. (BZ#1553839)

• Previously, the MTU of TAP devices was not configured. As a result, the network could be configured with a different MTU than a guest TAP device.

With this update, you can configure libvirt when you create the TAP device for the guest. Nova passes the correct parameter to libvirt, and the TAP device now has the same configuration as the network. (BZ#1553559)

• Previously, the ‘[vnc] keymap’ option was ‘en-us’ by default, and it was not possible to unset this configuration. As a result of this, non-US locales experienced ineffective key mappings.

With this update, users can unset the ‘[vnc] keymap’ value. In this case, the VNC client configures the locale and non-US users attain more effective key mappings. (BZ#1441962)