Skip to navigation

Security Advisory Moderate: openstack-nova security and bug fix update

Advisory: RHSA-2013:1199-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-09-03
Last updated on: 2013-09-03
Affected Products: Red Hat OpenStack 3.0
CVEs (cve.mitre.org): CVE-2013-2256
CVE-2013-4179
CVE-2013-4185
CVE-2013-4261

Details

Updated openstack-nova packages that fix multiple security issues and
various bugs are now available for Red Hat OpenStack 3.0.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The openstack-nova packages provide OpenStack Compute (Nova), which
provides services for provisioning, managing, and using virtual machine
instances.

It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released
via RHSA-2013:0657, did not fully correct the issues in the Extensible
Markup Language (XML) parser used by Nova. A remote attacker could use
this flaw to send a specially-crafted request to a Nova API, causing
Nova to consume an excessive amount of CPU and memory, or possibly crash.
(CVE-2013-4179)

A denial of service flaw was found in the way Nova handled network source
security group policy updates. An authenticated user could send a large
number of server creation operations, causing nova-network to become
unresponsive. (CVE-2013-4185)

An information disclosure flaw and a resource limit bypass were found in
the way Nova handled virtual hardware templates (flavors). These allowed
tenants to show and boot other tenants' flavors and bypass resource limits
enforced via the os-flavor-access:is_public property. (CVE-2013-2256)

It was discovered that, in some configurations, certain messages in
console-log could cause nova-compute to become unresponsive, resulting in a
denial of service. (CVE-2013-4261)

Red Hat would like to thank the OpenStack project for reporting
CVE-2013-2256 and CVE-2013-4185. Upstream acknowledges hzrandd from NetEase
as the original reporter of CVE-2013-2256, and Vishvananda Ishaya
from Nebula as the original reporter of CVE-2013-4185. Upstream also
acknowledges Ken'ichi Ohmichi from NEC for providing a corrected fix for
CVE-2013-2256.

The CVE-2013-4179 issue was discovered by Grant Murphy of the Red Hat
Product Security Team, and CVE-2013-4261 was discovered by Jaroslav Henner
of Red Hat.

This update also fixes a number of bugs in openstack-nova.

Additionally, openstack-nova has been rebased to the latest stable release
2013.1.3. (BZ#993100)

All users of openstack-nova are advised to upgrade to these updated
packages, which correct these issues. After installing the updated
packages, the running Nova services will be restarted automatically.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat OpenStack 3.0

SRPMS:
openstack-nova-2013.1.3-3.el6ost.src.rpm
File outdated by:  RHSA-2014:0366
    MD5: 2ecce0a2f1ac4fa9859312f7d5d7a876
SHA-256: f50f21a099981e82c21bf3784f73f9a8dcd23208b5f491e686998ce6d969bc7b
 
x86_64:
openstack-nova-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 59298758fb267c6f0d379f9a2da12e92
SHA-256: 6dbb2bd3508642df6526e174f3422f727d1de7ec618258ffc787a2ee97869a07
openstack-nova-api-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: ec40d4dd712d49a27c63e89816ff2cd7
SHA-256: 6be67a282ef831f941f14a937968e97fdd2448a9e37df655c6eaca54813545f8
openstack-nova-cells-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 59e3e65a3499aa23aeb27ba0ea48f1e0
SHA-256: 7206b77b43bb7bbc6c9db8a42efda87e5fcf25f32460e633cecdefed1dfd2469
openstack-nova-cert-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: abf60acc51001ea54feb3e690c030a94
SHA-256: e790bfa7bec9b780ea775cc7e4ac9c15dbde3243199cb241949b5f80ff29db3f
openstack-nova-common-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 5ca50457a4e7c60440d57ed0fab6797d
SHA-256: 59ec6dd1bc045f7005bcf8547a7025b123a032955ace73785d4e31b32e1c32d9
openstack-nova-compute-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 986a9f4606bdefafd91bbd19a8b024d7
SHA-256: 75829cba77c297727eb9312a152865aeaa7d076fca65711efff96ca8bb0cff24
openstack-nova-conductor-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: a96fd3da3b4d46b2ca423d5631c03dac
SHA-256: 5820adbc437b867843648319170e21d2726603996c506c4a3b4f077c59ca8eaa
openstack-nova-console-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 260d4a33d4008e1d817e9f1f69dfd9d5
SHA-256: 843f7f881a37c8a54500954d456ba7982417c05f078b75e3065b45b99e34fb94
openstack-nova-doc-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 09364c804633329eceb0519840966c1e
SHA-256: f2ac80658c0164e4fb132c4512f7dade18c058060e78419271ae5f2362130fc2
openstack-nova-network-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 9e6bf4512899d67d3f6b4f4b9ca9a473
SHA-256: ca4cb13a8287ecf5328d306366bc3481913f38875530abd0b6e1a8cd30ad20e6
openstack-nova-objectstore-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: a3ed6ab1e8c6c69eae7eeb8aa8e7d950
SHA-256: 521976ef0d0a9d687f9b1b3132d1948849db890ebfd631ef6482564d97d74d68
openstack-nova-scheduler-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 9dde6e4f910ddc04f3cb95197c953e6f
SHA-256: c540dffeef2052ee2bbb74df2e14a997a640e2c4ba7952d068b3f672717c1e9b
python-nova-2013.1.3-3.el6ost.noarch.rpm
File outdated by:  RHSA-2014:0366
    MD5: 0614fd2d708ff3e427fe40c77c3c0626
SHA-256: 280ab74a1b86cf9f2b7c2972f34a6eaaf339f4d11381ad1a0c06277c5feee129
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

971188 - Console log lacks dashes.
975882 - Nova doesn't close qpid connections after certain error conditions
989707 - CVE-2013-4179 OpenStack: Nova XML entities DoS
993331 - CVE-2013-4185 OpenStack: Nova network source security groups denial of service
993340 - CVE-2013-2256 OpenStack: Nova private flavors resource limit circumvention
997649 - config_drive_cdrom not effective
997840 - live block migration stopped working, claiming DestinationDiskExists
998598 - nova interface-attach fails with HTTP 400; TypeError: get_config() takes exactly 6 arguments...
999271 - CVE-2013-4261 OpenStack: openstack-nova-compute console-log DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/