Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3119
openstack-nova security update
10 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openstack-nova
Publisher: Red Hat
Operating System: Red Hat
Linux variants
Impact/Access: Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-17376
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:3702
https://access.redhat.com/errata/RHSA-2020:3704
https://access.redhat.com/errata/RHSA-2020:3706
https://access.redhat.com/errata/RHSA-2020:3711
https://access.redhat.com/errata/RHSA-2020:3708
Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running openstack-nova check for an updated version of the software
for their operating system.
This bulletin contains five (5) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openstack-nova security update
Advisory ID: RHSA-2020:3702-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3702
Issue date: 2020-09-10
CVE Names: CVE-2020-17376
=====================================================================
1. Summary:
An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.1 (Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 16.1 - noarch
3. Description:
OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
6. Package List:
Red Hat OpenStack Platform 16.1:
Source:
openstack-nova-20.3.1-0.20200626213436.38ee1f3.el8ost.src.rpm
noarch:
openstack-nova-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-api-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-common-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-compute-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-conductor-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-console-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-migration-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-novncproxy-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-scheduler-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-serialproxy-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
openstack-nova-spicehtml5proxy-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
python3-nova-20.3.1-0.20200626213436.38ee1f3.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1mwxtzjgjWX9erEAQhbjA//cHRWD8Y82/BNo0+lyuHQWngmoMuZ35gQ
YpxCSbT42nzrfzXZnhY+/ZedM0ANoLfmwaht4+xzozA54DBj0haiEHvIhsv7Hq1+
K4tNcUAO9x/7+wGAYflftKbADqRH/3djqVMf+LcZVtOKA9SHQqb7rPlweg4wpDbA
KBUiJ9uCUzxloiY4PrumU/JnUgObbh8k196d+s6lUNGELoqd7qAAkCKRqsdf78C2
QG1sdCtFr65cZ6u4+2/lwdexWzu8PXTzEDoz+mnFXsZ+Dm+19LEIV/OHSvdjupom
lJnFIRFWHRksnECF7uiVhYeI7o7zwQbB3h2h7Zkw9zEEuX7LW0hxaJSxcSXUKdiJ
cx0/NYPK0/ytTr7LUFXOZecjL4PWc8aFBG0OiLcJ95VfOQytL10bxq+A4fwu5i/p
ikB3QmycuIv6phAB/tBoFnPLmSGvKL1d0Isx58jiT5yEfBgdkL4/0K4yX0S5Me2D
pMR4RlBZmO7YC9MEwa10ZNhnx894TRN3wnngj7uy8kmWpurK+jI5VueINBNb/sC9
9AdKzXLlaz4YzodWpk7i/4p30XBAXfWJHE9magbUW4uYSk+9nnCjZtOyvJqNJ737
/C5VjPGgPRd2AQLNeXQ9CU660OKp0qTUTWmoXaVJ3QOF5avxjRxu7g4C4Lkz2aET
mUCq0rAELUw=
=aknR
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openstack-nova security update
Advisory ID: RHSA-2020:3704-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3704
Issue date: 2020-09-10
CVE Names: CVE-2020-17376
=====================================================================
1. Summary:
An update for openstack-nova is now available for Red Hat OpenStack
Platform 16 (Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 16.0 - noarch
3. Description:
OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
6. Package List:
Red Hat OpenStack Platform 16.0:
Source:
openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.src.rpm
noarch:
openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-api-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-common-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-compute-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-conductor-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-console-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-migration-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-novncproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-scheduler-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-serialproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
openstack-nova-spicehtml5proxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
python3-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1m1OtzjgjWX9erEAQg3vw//dmnTYdpD+nDi/hWb3eQV12JsPb0opsHL
LIAIixmWSSYCH6MtQcbeYdkeX3LDL2d1D7mDbFF0qRjdH05J45uJkXv8C4UmMjc/
GbOYKmlGZBjoaESEF7EQUTqjNAGa+5CUFmm2j5CKSzBLXsujpuCl5Rk0gke7QK1J
BHNTMe7pksywd7R0bPcpnGoeeWGKVQ4VTSFtz8nmf0FgrIT71UCV01DuBhVEFRCx
Ywuy5tDSvb4YTA8C+MNmxhRmfV+5WKCOaq7Lb6boceD5z5RS0n2EXjHDXjpYBd1l
AOnCyECGI5hiXAhYaMboZ1NvoGlNE8ojhoU5SPwravnx0SN/5KR46IrImCeWiUk0
mNK3EsICb7jPvJ+P54BnInZuujNPUMoTox75XssM2EHKoEiVttPXB0lnUQOx4roG
tpnHAjSS4qIrambg5qcNwFzLaHCJZv02GbAJImI79xFkRaq9oylkWaJkqEaKIBd2
WKszo1/4ucRpKpEiIyW/6vc4X9tDpq0XwNX2M0lUoD+KjwlEnRpsRWwEt0LIt13S
o5y7OITcp60XXwyk33Vxe/6ljCGeHBlRZBK0n3O+BFHMgDV6LOCIr15IOxHCq+BY
VIkKqWp0qCmFgN6xSbXzJlGev7zA999mHZiDQiUKriwW9/Pc1Iy5BXTCSYzs6YoO
LlpIbZIM5EE=
=RQmt
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openstack-nova security update
Advisory ID: RHSA-2020:3706-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3706
Issue date: 2020-09-10
CVE Names: CVE-2020-17376
=====================================================================
1. Summary:
An update for openstack-nova is now available for Red Hat OpenStack
Platform 15 (Stein).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 15.0 - noarch
3. Description:
OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
6. Package List:
Red Hat OpenStack Platform 15.0:
Source:
openstack-nova-19.1.0-0.20200207070459.bf9d9e5.el8ost.src.rpm
noarch:
openstack-nova-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-api-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-cells-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-common-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-compute-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-conductor-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-console-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-migration-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-novncproxy-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-placement-api-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-scheduler-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-serialproxy-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
openstack-nova-spicehtml5proxy-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
python3-nova-19.1.0-0.20200207070459.bf9d9e5.el8ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1nMMtzjgjWX9erEAQgBrxAAlkcQE4dY9SiGA86aJAKpF6Rx19L4yhM0
yqFkV3TZZ+n9CDzHe2QQXw49Uar2fUvz7DHQeylsrBd/MdiwPsQRN1M8HnY4bBer
gPAkHkOgiOJT/O18tm8ObAhGxtiDeMHHQiGlBTnYy2jbl6vWld962mUNChw4iqMj
SByL6DXFz4Q9zqSEv+hyUUEZS9WCWu4IYYMRlfFbZY0rhhHV4dzGuYrfYCoTPJM8
hV+UzJ5Yxeig9Gf5WwnhESHhke8XLDoDp9KDd1GSzBdsi+2V0avB7KQ1J5zWYxdW
rvaa8OHDoB/ksPE6hGgwrYH5QK+WOuCgBJEBZ7XDaHKPQAjze8LBGiqFWBjhjT/p
XRKZJr0jMhEFzhaHquRwgatwvMY92Uh+rVAnx5nn5Db+H7eVhfKNF95oBKimEdXZ
1G933h36DyAi4GzKta5Ym3hkVFp10y3FJ2Q3LRHLH/nurc1JuLmMHdJj74CvqGuK
HCyfWiEPktn7Os+lfxCUBsf32ytIo1ZMnGl1NdInToPwvHfIzt8T90FLmoUS0rnY
kdIKXOU6H/gFsCbaNMpwpdk1WHKrWi0lHa3VHhm9bpzmvMaatxrtY7zA5bGb0+hd
vRSvnU8pr+mOsFwobPIPnnN66Mczug8r3vYuOPFPmRrpzM86aUbYUtPy86QpMAwW
vxrlCSXcb7M=
=Kevx
- -----END PGP SIGNATURE-----
- ------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openstack-nova security update
Advisory ID: RHSA-2020:3708-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3708
Issue date: 2020-09-10
CVE Names: CVE-2020-17376
=====================================================================
1. Summary:
An update for openstack-nova is now available for Red Hat OpenStack
Platform 13 (Queens).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 13.0 - noarch
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch
3. Description:
OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
6. Package List:
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:
Source:
openstack-nova-17.0.13-24.el7ost.src.rpm
noarch:
openstack-nova-17.0.13-24.el7ost.noarch.rpm
openstack-nova-api-17.0.13-24.el7ost.noarch.rpm
openstack-nova-cells-17.0.13-24.el7ost.noarch.rpm
openstack-nova-common-17.0.13-24.el7ost.noarch.rpm
openstack-nova-compute-17.0.13-24.el7ost.noarch.rpm
openstack-nova-conductor-17.0.13-24.el7ost.noarch.rpm
openstack-nova-console-17.0.13-24.el7ost.noarch.rpm
openstack-nova-migration-17.0.13-24.el7ost.noarch.rpm
openstack-nova-network-17.0.13-24.el7ost.noarch.rpm
openstack-nova-novncproxy-17.0.13-24.el7ost.noarch.rpm
openstack-nova-placement-api-17.0.13-24.el7ost.noarch.rpm
openstack-nova-scheduler-17.0.13-24.el7ost.noarch.rpm
openstack-nova-serialproxy-17.0.13-24.el7ost.noarch.rpm
openstack-nova-spicehtml5proxy-17.0.13-24.el7ost.noarch.rpm
python-nova-17.0.13-24.el7ost.noarch.rpm
python-nova-tests-17.0.13-24.el7ost.noarch.rpm
Red Hat OpenStack Platform 13.0:
Source:
openstack-nova-17.0.13-24.el7ost.src.rpm
noarch:
openstack-nova-17.0.13-24.el7ost.noarch.rpm
openstack-nova-api-17.0.13-24.el7ost.noarch.rpm
openstack-nova-cells-17.0.13-24.el7ost.noarch.rpm
openstack-nova-common-17.0.13-24.el7ost.noarch.rpm
openstack-nova-compute-17.0.13-24.el7ost.noarch.rpm
openstack-nova-conductor-17.0.13-24.el7ost.noarch.rpm
openstack-nova-console-17.0.13-24.el7ost.noarch.rpm
openstack-nova-migration-17.0.13-24.el7ost.noarch.rpm
openstack-nova-network-17.0.13-24.el7ost.noarch.rpm
openstack-nova-novncproxy-17.0.13-24.el7ost.noarch.rpm
openstack-nova-placement-api-17.0.13-24.el7ost.noarch.rpm
openstack-nova-scheduler-17.0.13-24.el7ost.noarch.rpm
openstack-nova-serialproxy-17.0.13-24.el7ost.noarch.rpm
openstack-nova-spicehtml5proxy-17.0.13-24.el7ost.noarch.rpm
python-nova-17.0.13-24.el7ost.noarch.rpm
python-nova-tests-17.0.13-24.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1nWCtzjgjWX9erEAQgYHQ/+KVJROuN2vosZ2AoOOJ+lDaKSfl04ivl4
APJ7wElgwenLhH7KacUpoDuVQiTicXjcYG9MOlMW8/8iYDBO59UKSGu4IvIol9sS
qGWQ/jcU2yk/iidPlVMh5e1OgJWWN7hCQgaHTCL1OMS3mvRXwI3Kc9SwExlI+MVu
gPkwpzYgdcFWn/IM5WyHFgmxItUC94l32LlwEtqWLnzR2Nwgkzs0s506Wsce5tOQ
vCPP2gO9efTtVmajDV4lhimvfV2rOl6jvYKCRSZCe//oZ35RlJif4dHVXf4VbvPV
CcSu8fYkh2fR4JcBn+2k4ZThcPeCC9qXeV/ANkopkOm+nlmhDiyjpUSMZZGeaMUL
d0a267F36O255PxvWUzT3KSE54Bjiom2i3kInJb8V6XxHcxNjSE1oufFFNBm0vrd
vwMMEbSRUoP0RFxiGoXtjXZPFRi3SlfNV20pGQnKlIGz5xUlsn2/k0uiZCJ5Yw4Q
mE567OtWMFoSjBb4OstLqRERTiMY0DxEdJ7ozXTAV40CVrxdEycTwMMfA78KUe0F
r8BQjZ73QONJtsQrQNgXbJntZpo6CFpPNF+j53txpjt6SsXBWvIJpeaEN3cBka4Y
9m21u0FEUC+dmMLGfwbOOUFUYiBJ6pk3/UGBSNV+T6W4gieGzWdi8vRtaJufJddp
TqODW5aYbp4=
=lIEQ
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openstack-nova security update
Advisory ID: RHSA-2020:3711-01
Product: Red Hat OpenStack Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3711
Issue date: 2020-09-10
CVE Names: CVE-2020-17376
=====================================================================
1. Summary:
An update for openstack-nova is now available for Red Hat OpenStack
Platform 10 (Newton).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenStack Platform 10.0 - noarch
3. Description:
OpenStack Compute (nova) launches and schedules large networks of virtual
machines, creating a redundant and scalable cloud computing platform.
Compute provides the software, control panels, and APIs required to
orchestrate a cloud, including running virtual machine instances and
controlling access through users and projects.
Security Fix(es):
* Soft reboot after live-migration reverts instance to original source
domain XML (CVE-2020-17376)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
6. Package List:
Red Hat OpenStack Platform 10.0:
Source:
openstack-nova-14.1.0-65.el7ost.src.rpm
noarch:
openstack-nova-14.1.0-65.el7ost.noarch.rpm
openstack-nova-api-14.1.0-65.el7ost.noarch.rpm
openstack-nova-cells-14.1.0-65.el7ost.noarch.rpm
openstack-nova-cert-14.1.0-65.el7ost.noarch.rpm
openstack-nova-common-14.1.0-65.el7ost.noarch.rpm
openstack-nova-compute-14.1.0-65.el7ost.noarch.rpm
openstack-nova-conductor-14.1.0-65.el7ost.noarch.rpm
openstack-nova-console-14.1.0-65.el7ost.noarch.rpm
openstack-nova-migration-14.1.0-65.el7ost.noarch.rpm
openstack-nova-network-14.1.0-65.el7ost.noarch.rpm
openstack-nova-novncproxy-14.1.0-65.el7ost.noarch.rpm
openstack-nova-placement-api-14.1.0-65.el7ost.noarch.rpm
openstack-nova-scheduler-14.1.0-65.el7ost.noarch.rpm
openstack-nova-serialproxy-14.1.0-65.el7ost.noarch.rpm
openstack-nova-spicehtml5proxy-14.1.0-65.el7ost.noarch.rpm
python-nova-14.1.0-65.el7ost.noarch.rpm
python-nova-tests-14.1.0-65.el7ost.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-17376
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX1nfptzjgjWX9erEAQggOQ/+NSiKBJagFxkbCmFCFMAFdkdPhDmaK7WO
8F5yhng9OSqcJIHmGyYDQg4KGz4c/wD9NNkF665iRdRA4M7LUA/7WMpqcFxrXuKp
LucuoF66rtlqMcuxfquP5U+0BIc3RP0JJ0V5RVzvzf9tr3QuvIroaolpWoknkfqV
f49xKU5T6y55yFC6HznqMvtGpSZygcY4TRuKLOz7+f1+ufSWtka8afoX86mZU3z8
ZYyeoSTYHz2/xH30cyT0flFB4wsgpZCQCClTDibNEZ5rQc20BJOwo2mseL+WCZOd
ZEv9xGbBuP7eIdLXVE/xymTU8O4hjN8nyaSL5O6TKVeV6kRztaSJ+K3gBRDE/85F
Xvq2RJ6B1U/JgoVupkew6lsYB2Q+cfTVnQS8/Ip8xvT2Xd6NLm9CXRvSi/DzpZHs
csGDzuxHWqqBKLEssW9mmCI4cE0YI71w+nfqh+TWyChr7Mnk+/rxkiZeA/7dwYTZ
et7pKbsCDHLD0kbiEKetnGKkrh7+RjkBZvQaaLL9YbOmqc95xiVyJt0snWx/1od6
M0ZFtaYKZnXReho9MpdeB+AuY52kpaAlwOzPwBV8gTgXFdWsS0svFVHUub0s9gSx
Nz1B01Uz+Tap2QtOr2HA5vecd6EccShC1rCrmqn79lXI4HfCycxJ6/Bgw0+UDP6j
yKx3hLkZQio=
=Ab7k
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX1nloONLKJtyKPYoAQiYphAApSLCUqq/ysraLjfhciotaQxqYVLx5T74
FJK5Hp2/Xs7PsE1wFThVjgghi0XbaxhYBAvashSzK2nDmFEfPgkL4aSSfNwjB4Dq
8H019YzkA1rK+kRopstBDsIf6piPFJwT+JPO3mq4e2we963nRPnTm/x2h+s7z8Vl
mBlh5TTqlRW9B4IeOgVbRFYstZak2qShTQOMAecO8OFFp2kGxB8IctIg/c77dWcK
Pk5pWzQagFPwbDsHllpy1qxttgTviWiyw/FYWiN/lJTe+qmLrayEtSEnLHz4VsxO
W0CEThOB9hBbt6vZOoKitkXuPPVpxdLT4gmglJYydbSUaivtZG7M3569y5rPk1BD
pEDRajIh8mYjqa+l+snY94YKOk6Zedst6lr0jbfl3b+6CEDmeewO820cKck7oWbh
3fv0ckF0TJryXPreSrA3j2PupCwbRIIuqqPCl+gKN1XNmnmsfza0wq45L0nWK456
DWsL8vQovYBgKphykXo9k0rhICrMjyFNSlxny/48JCgRN1kTBVy0tTUA1Aa1U9XG
AY8L50n61/BHVkpIyhwjF1doIcYprnk5lTFFRrWFfXs5JL7OyGiO8pyhbOYJC2sx
tnK2siPeH8RraGfqHGw6wWWjXnk8rWk5X+B0q5jyNUQw6qH056TYtMJ9loIV8Jo7
U68xwHB/m7w=
=Sw+Y
-----END PGP SIGNATURE-----