Headline

RHSA-2023:1948: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-37394: An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

1 year ago

Red Hat Security Data

Open in Source

#vulnerability #web #mac #linux #red_hat #dos #nodejs #js #java #kubernetes #aws #auth #ibm

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
Red Hat CodeReady Workspaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2023-04-26

Updated:

2023-04-26

RHSA-2023:1948 - Security Advisory

Overview
Updated Packages

Synopsis

Low: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Compute (codename Nova) is open source software designed
to provision and manage large networks of virtual machines,creating a
redundant and scalable cloud computing platform. It gives you the software,
control panels, and APIs required to orchestrate a cloud, including running
instances, managing networks, and controlling access through users and
projects.OpenStack Compute strives to be both hardware and hypervisor
agnostic, currently supporting a variety of standard hardware
configurations and seven major hypervisors.

Security Fix(es):

Compute service fails to restart if the vnic_type of a bound port changed

from direct to macvtap (CVE-2022-37394)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

Red Hat OpenStack for IBM Power 16.2 ppc64le
Red Hat OpenStack 16.2 x86_64

Fixes

BZ - 2051631 - Fresh deployment - nova api calls timing out
BZ - 2075467 - Ensure that at startup nova-compute cleans up unavailable PCI devices from the DB that are not reported from the hypervisor
BZ - 2084239 - nova host-evacuation returns erroneous pci addresses and an error: Unable to correlate PCI slot
BZ - 2088676 - [OSP16.2] while live-migrating many instances concurrently, libvirt sometimes return internal error: migration was active, but no RAM info was set
BZ - 2117333 - CVE-2022-37394 openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap
BZ - 2138381 - [OSP 16.2] Unacceptable CPU info: CPU doesn’t have compatibility
BZ - 2140992 - 16.2 - Update instance host and task state when post live migration fails
BZ - 2151410 - [OSP16.2] Invalid bdm record is left when cinder api call to delete a volume attachment times out
BZ - 2158181 - nova-compute container won’t start when specifying x86_Icelake-Server CPU model
BZ - 2164970 - Backport “Improving logging at '_allocate_mdevs’.” to 16.2

Red Hat OpenStack for IBM Power 16.2

SRPM

openstack-nova-20.6.2-2.20230308185148.fc01371.el8ost.src.rpm

SHA-256: e7382977e9353ea2ec52ec6ae5e65facc368131c078e22a17a84acdfd34d3814

ppc64le

openstack-nova-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 14fe9c3c74a56dccd5f2f360b6e90642bbbc73b1169accc543c9a2451bb4dc9b

openstack-nova-api-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: df28d869f158ecc71396164b6063621e9f6facbf669b1993ccca536dd2d4aed9

openstack-nova-common-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 84b45695ca5a544d6655ccb0a8a65c21085fcbb5a8c6a4c4ef9b6eedd1c7e0fd

openstack-nova-compute-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 1cb04af92a1a4bdf0109a6c264124efc5ff0ca4b50acb02c9058cd65867ac9d9

openstack-nova-conductor-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 5c2000a6117cb705635572047f1f75ca1ab1b3650616236939884024ae3cff1d

openstack-nova-console-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 5e6e5ef3af7ef9ccd2d83f729f24a0f24902e1cfbca3847ea3a8948d4d58ccba

openstack-nova-migration-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: d0adacd4b25b687048ddbe446854a1c5335db2cc7e64faf76a6e176d94ef0514

openstack-nova-novncproxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 5ad9f0dee1a70b7aee26c97cf91dfd6b69db4dd32c4b3aaba086606f55c2e683

openstack-nova-scheduler-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: e7a44a06746f3dc9fb48a96b1b591677a3c6d669c04ad8362cdce7e272140bc7

openstack-nova-serialproxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 2cc993fa6ce3aa3f0387972222aec51c6bd25d2bac14fd4c0ddbedf066ee02f5

openstack-nova-spicehtml5proxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: bb18350853e07f6322bd9c0868d36152457f57ec39f44408b8224f15eeb71398

python3-nova-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm

SHA-256: 910321ccb16b6cdacd6e29dd4d620c3d767b14ba017409244692dd0f62d7bb11

Red Hat OpenStack 16.2

SRPM

openstack-nova-20.6.2-2.20230308185148.fc01371.el8ost.src.rpm

SHA-256: e7382977e9353ea2ec52ec6ae5e65facc368131c078e22a17a84acdfd34d3814

x86_64