Описание
Security update for openstack-nova and openstack-neutron
This update for openstack-nova and openstack-neutron provides various fixes and improvements.
openstack-nova:
- Fix instance filtering. (bsc#927625)
- Remove error messages from multipath command output before parsing. (bsc#949529)
- Fix live-migration usage of the wrong connector information.
- Added requirement for memcached to python-nova. (bsc#942457)
- Don't expect meta attributes in object_compat that aren't in the db obj. (bsc#949070, CVE-2015-7713)
- Kill rsync/scp processes before deleting instance. (bsc#935017, CVE-2015-3241)
- Sync process utils from oslo for execute callbacks. (bsc#935017, CVE-2015-3241)
- Fix rebuild of an instance with a volume attached.
- Fixes _cleanup_rbd code to capture ImageBusy exception.
- Don't try to confine a non-NUMA instance.
- Include blank volumes in the block device mapping (bsc#945923)
- Delete orphaned instance files from compute nodes (bsc#944178, CVE-2015-3280)
openstack-neutron:
- Fix usage_audit to work with ML2.
- Fix UDP offloading issue with virtio VMs. (bsc#948704)
- Fix ipset can't be destroyed when last rule is deleted.
- Add ARP spoofing protection for LinuxBridge agent.
- Don't use ARP responder for IPv6 addresses in ovs.
- Stop device_owner from being set to 'network:*'. (bsc#943648, CVE-2015-5240)
- NSX-mh: use router_distributed flag.
- NSX-mh: Failover controller connections on socket failures.
- NSX-mh: Prevent failures on router delete.
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
Ссылки
- Link for SUSE-SU-2015:2220-1
- E-Mail link for SUSE-SU-2015:2220-1
- SUSE Security Ratings
- SUSE Bug 927625
- SUSE Bug 935017
- SUSE Bug 935263
- SUSE Bug 939691
- SUSE Bug 942457
- SUSE Bug 943648
- SUSE Bug 944178
- SUSE Bug 945923
- SUSE Bug 948704
- SUSE Bug 949070
- SUSE Bug 949529
- SUSE CVE CVE-2015-3221 page
- SUSE CVE CVE-2015-3241 page
- SUSE CVE CVE-2015-3280 page
- SUSE CVE CVE-2015-5240 page
- SUSE CVE CVE-2015-7713 page
Описание
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
Затронутые продукты
Ссылки
- CVE-2015-3221
- SUSE Bug 935263
Описание
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.
Затронутые продукты
Ссылки
- CVE-2015-3241
- SUSE Bug 935017
Описание
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
Затронутые продукты
Ссылки
- CVE-2015-3280
- SUSE Bug 1000443
- SUSE Bug 944178
Описание
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
Затронутые продукты
Ссылки
- CVE-2015-5240
- SUSE Bug 943648
Описание
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
Затронутые продукты
Ссылки
- CVE-2015-7713
- SUSE Bug 949070