SUSE-SU-2015:2220-1: moderate: Security update for openstack-nova and openstack-neutron
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Dec 7 11:12:12 MST 2015
SUSE Security Update: Security update for openstack-nova and openstack-neutron
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2220-1
Rating: moderate
References: #927625 #935017 #935263 #939691 #942457 #943648
#944178 #945923 #948704 #949070 #949529
Cross-References: CVE-2015-3221 CVE-2015-3241 CVE-2015-3280
CVE-2015-5240 CVE-2015-7713
Affected Products:
SUSE OpenStack Cloud Compute 5
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 6 fixes is
now available.
Description:
This update for openstack-nova and openstack-neutron provides various
fixes and improvements.
openstack-nova:
- Fix instance filtering. (bsc#927625)
- Remove error messages from multipath command output before parsing.
(bsc#949529)
- Fix live-migration usage of the wrong connector information.
- Added requirement for memcached to python-nova. (bsc#942457)
- Don't expect meta attributes in object_compat that aren't in the db obj.
(bsc#949070, CVE-2015-7713)
- Kill rsync/scp processes before deleting instance. (bsc#935017,
CVE-2015-3241)
- Sync process utils from oslo for execute callbacks. (bsc#935017,
CVE-2015-3241)
- Fix rebuild of an instance with a volume attached.
- Fixes _cleanup_rbd code to capture ImageBusy exception.
- Don't try to confine a non-NUMA instance.
- Include blank volumes in the block device mapping (bsc#945923)
- Delete orphaned instance files from compute nodes (bsc#944178,
CVE-2015-3280)
openstack-neutron:
- Fix usage_audit to work with ML2.
- Fix UDP offloading issue with virtio VMs. (bsc#948704)
- Fix ipset can't be destroyed when last rule is deleted.
- Add ARP spoofing protection for LinuxBridge agent.
- Don't use ARP responder for IPv6 addresses in ovs.
- Stop device_owner from being set to 'network:*'. (bsc#943648,
CVE-2015-5240)
- NSX-mh: use router_distributed flag.
- NSX-mh: Failover controller connections on socket failures.
- NSX-mh: Prevent failures on router delete.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Compute 5:
zypper in -t patch SUSE-SLE12-CLOUD-5-2015-953=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud Compute 5 (noarch):
openstack-neutron-2014.2.4~a0~dev103-10.3
openstack-neutron-dhcp-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-ha-tool-2014.2.4~a0~dev103-10.3
openstack-neutron-l3-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-lbaas-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-metadata-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-metering-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-openvswitch-agent-2014.2.4~a0~dev103-10.3
openstack-neutron-vpn-agent-2014.2.4~a0~dev103-10.3
openstack-nova-2014.2.4~a0~dev80-14.1
openstack-nova-compute-2014.2.4~a0~dev80-14.1
python-neutron-2014.2.4~a0~dev103-10.3
python-nova-2014.2.4~a0~dev80-14.1
python-python-memcached-1.54-2.1
References:
https://www.suse.com/security/cve/CVE-2015-3221.html
https://www.suse.com/security/cve/CVE-2015-3241.html
https://www.suse.com/security/cve/CVE-2015-3280.html
https://www.suse.com/security/cve/CVE-2015-5240.html
https://www.suse.com/security/cve/CVE-2015-7713.html
https://bugzilla.suse.com/927625
https://bugzilla.suse.com/935017
https://bugzilla.suse.com/935263
https://bugzilla.suse.com/939691
https://bugzilla.suse.com/942457
https://bugzilla.suse.com/943648
https://bugzilla.suse.com/944178
https://bugzilla.suse.com/945923
https://bugzilla.suse.com/948704
https://bugzilla.suse.com/949070
https://bugzilla.suse.com/949529
More information about the sle-security-updates
mailing list