RedHatRHSA-2022:0999(RHSA-2022:0999) Moderate: Red Hat OpenStack Platform 16.2 (openstack-nova) security update
0.926 High
EPSS
Percentile
99.0%
OpenStack Compute (codename Nova) is open source software designed
to provision and manage large networks of virtual machines,creating a
redundant and scalable cloud computing platform. It gives you the software,
control panels, and APIs required to orchestrate a cloud, including running
instances, managing networks, and controlling access through users and
projects.OpenStack Compute strives to be both hardware and hypervisor
agnostic, currently supporting a variety of standard hardware
configurations and seven major hypervisors.
Security Fix(es):
- novnc allows open redirection (CVE-2021-3654)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Bug Fix(es):
- Red Hat OpenStack Platform (RHOSP) does not support the use of a fully qualified domain name (FQDN) as the instance display name in a boot server request. The instance display name is passed from the boot server request to the
instance.hostnamefield. Some customers use this unsupported naming in their workflows.
A recent update [1] now sanitizes the instance.hostname field. The sanitization steps include replacing periods with dashes, a replacement that makes it impossible to continue using the unsupported FQDN instance display names.
This update provides a temporary workaround for customers who use a fully qualified domain name (FQDN) as the instance display name in a boot server request. It limits the scope of the sanitization to cases where the instance display name ends with a period followed by one or more numeric digits.
If you use FQDN as the instance display name in a boot server request, modify your workflow before upgrading to RHOSP 17. (BZ#2036652)
Related
