SUSE-SU-2018:1448-1: Security update for openstack-nova

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon May 28 07:10:50 MDT 2018 

   SUSE Security Update: Security update for openstack-nova
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1448-1
Rating:             low
References:         #1070603 #1073933 #1081685 
Cross-References:   CVE-2017-18191
Affected Products:
                    SUSE OpenStack Cloud 7
______________________________________________________________________________

   An update that solves one vulnerability and has two fixes
   is now available.

Description:

   This update for openstack-nova fixes the following bugs and security
   issues:

   The following security-issue has been fixed:

   - CVE-2017-18191: libvirt: Block swap volume attempts with encrypted
     volumes. (bsc#1081685)

   Additionally, the following bugs have been fixed:

   - Set TasksMax to infinity for openstack-nova-compute. (bsc#1070603)
   - Fix qemu-img convert image incompatability in alpine linux. (bsc#1073933)
   - Update openstack-nova-placement-api handling.
     + Remove the systemd .service file. the placement-api should run in a
       real WSGI container.
     + Add a apache vhost sample configuration.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-988=1



Package List:

   - SUSE OpenStack Cloud 7 (noarch):

      openstack-nova-14.0.11~dev13-4.22.1
      openstack-nova-api-14.0.11~dev13-4.22.1
      openstack-nova-cells-14.0.11~dev13-4.22.1
      openstack-nova-cert-14.0.11~dev13-4.22.1
      openstack-nova-compute-14.0.11~dev13-4.22.1
      openstack-nova-conductor-14.0.11~dev13-4.22.1
      openstack-nova-console-14.0.11~dev13-4.22.1
      openstack-nova-consoleauth-14.0.11~dev13-4.22.1
      openstack-nova-doc-14.0.11~dev13-4.22.1
      openstack-nova-novncproxy-14.0.11~dev13-4.22.1
      openstack-nova-placement-api-14.0.11~dev13-4.22.1
      openstack-nova-scheduler-14.0.11~dev13-4.22.1
      openstack-nova-serialproxy-14.0.11~dev13-4.22.1
      openstack-nova-vncproxy-14.0.11~dev13-4.22.1
      python-nova-14.0.11~dev13-4.22.1


References:

   https://www.suse.com/security/cve/CVE-2017-18191.html
   https://bugzilla.suse.com/1070603
   https://bugzilla.suse.com/1073933
   https://bugzilla.suse.com/1081685

More information about the sle-security-updates mailing list