Updated openstack-nova packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno)for RHEL 7.Red Hat Product Security has rated this update as having Importantsecurity impact.

Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.
OpenStack Compute (nova) launches and schedules large networks ofvirtual machines, creating a redundant and scalable cloud computingplatform.

Compute provides the software, control panels, and APIsrequired to orchestrate a cloud, including running virtual machineinstances and controlling access through users and projects.An information-exposure flaw was found in the OpenStack Compute (nova)resize and migrate functionality.

An authenticated user could write amalicious qcow header to an ephemeral or root disk, referencing a blockdevice as a backing file. With a subsequent resize or migration, filesystem content on the specified device would be leaked to the user. Onlysetups using libvirt with raw storage and “use_cow_images = False” wereaffected. (CVE-2016-2140)This issue was discovered by Matthew Booth of Red Hat.All openstack-nova users are advised to upgrade to these updated packages,which correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat OpenStack 6.0 for RHEL 7

SRPMS:
openstack-nova-2014.2.3-54.1.el7ost.src.rpm
    MD5: 5def08973efef4863919ed364b3d3291SHA-256: 247caee1f69dd95e6897b3b90321a8c32baba8c3fee7fd7c4884caa62fa474e3
 
x86_64:
openstack-nova-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: d5d0d1f1f6a02ffd19e6038ecfc193e0SHA-256: 2ebf9fbba9d2adc677ab22eca4036346212287107d1cd390f4b46cc9370d54b4
openstack-nova-api-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 4618d13547c38fe3f2fafa370f56da0aSHA-256: 45d4ae64468e40ce6bf3b792afec9465795c8b9cb66280c738774aa73e08e38f
openstack-nova-cells-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 3ab6e9ce5fc3b688ca16057b39f073c0SHA-256: 640792261f0ac12b6327630235a5a8114ebbc6008a143667109b1b68f6622b7f
openstack-nova-cert-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 5cad7c74eca868df4357ff21a4b3b33aSHA-256: 893212539fbc7224661a384563a876854d3009959909d28ed94af4200386080e
openstack-nova-common-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: b8e46d7f36720ed082bd358874dfbf8bSHA-256: 9ff2c6c2b5d4802c9395cd6975a1acf3b5c807a68e6eef2d577ced7e4c21cd3d
openstack-nova-compute-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 5de82c3a13cb737f53d1ef6d68af7031SHA-256: bf6d3b938a9cae31f4a5bc1d453ae1b9150b18ae4c54b0eca64cf5327a563b30
openstack-nova-conductor-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 8e2582c61ddc7fcbc2467a49174d79ccSHA-256: 5d8f3692ff322474d37bc7c64da2bb484ad1f4d1b7ca6cfb1ecd81ccbf393a97
openstack-nova-console-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: bb8beb16f19f7dfad329084c48b4a96bSHA-256: 0c561eb924750d608ead3474c9c37e084610bbff4da9b3ae16db42676839f3c7
openstack-nova-doc-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: e64cca60576700197560cc8f372639c3SHA-256: d8e63da5991c70036ce6ca058c39624fa24df3aac4c87602cd2421dd78522ec2
openstack-nova-network-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: ea00a53058772ace285fdff67b95a682SHA-256: 6f36c6d289d1b65bc15852535b9731ab55190eb4d0d0a3cfa10c0081eea234fc
openstack-nova-novncproxy-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 330c3ee73d791e2b15b332aa11b7980cSHA-256: 3b0ec7436b53fa6f3fe44347af69a776e3ed6ef253129ad90ca2c05711d55b3c
openstack-nova-objectstore-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: f8b51d4606ab3de8d04d46b882ef45beSHA-256: 6aeace72215398fbd01ab70fc906a44e9cddbb9f8dbf9d842323583950195638
openstack-nova-scheduler-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 3220a70e35a7e7adbb83ac707df46d60SHA-256: 81e66440380ec7be5a55dbec1207c5f71c32eef86f39f0b086cbe97f00ca79ff
openstack-nova-serialproxy-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: dc855d60245ca8d603e304eec98ec8ffSHA-256: 0f81e293afe7a7545f9d9edeb1a7ba901c2fbce63b9d3d0c441724606bec15d3
python-nova-2014.2.3-54.1.el7ost.noarch.rpm
    MD5: 8ca5dc1f625abcfcb1963d5ed75064c3SHA-256: 7bdfd74ce9bc1258bf600c490e51c88d985a393decba9618fd73e0ad798e2b33
 
(The unlinked packages above are only available from the Red Hat Network)

1313454 – CVE-2016-2140 openstack-nova: Host data leak through resize/migration

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: