Updated openstack-nova packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)for RHEL 7.Red Hat Product Security has rated this update as having Importantsecurity impact.

Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.
OpenStack Compute (nova) launches and schedules large networks ofvirtual machines, creating a redundant and scalable cloud computingplatform.

Compute provides the software, control panels, and APIsrequired to orchestrate a cloud, including running virtual machineinstances and controlling access through users and projects.An information-exposure flaw was found in the OpenStack Compute (nova)resize and migrate functionality.

An authenticated user could write amalicious qcow header to an ephemeral or root disk, referencing a blockdevice as a backing file. With a subsequent resize or migration, filesystem content on the specified device would be leaked to the user. Onlysetups using libvirt with raw storage and “use_cow_images = False” wereaffected. (CVE-2016-2140)This issue was discovered by Matthew Booth of Red Hat.All openstack-nova users are advised to upgrade to these updated packages,which correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat OpenStack 5.0 for RHEL 7

SRPMS:
openstack-nova-2014.1.5-28.el7ost.src.rpm
    MD5: ab57cf137e5725bd7e828e056e77856dSHA-256: 6bdec973ca99995b802f0881e3bff1b2a83270ee743efe20df2c88f6611bf23a
 
x86_64:
openstack-nova-2014.1.5-28.el7ost.noarch.rpm
    MD5: e7e87cc0b201206c52bf13891c611507SHA-256: a2feb8d98cffbf8b82f5bea797346967f719b0855d4097ba0536e601eded6d36
openstack-nova-api-2014.1.5-28.el7ost.noarch.rpm
    MD5: d4cf0773111ad1dd8f9d547dc1b94112SHA-256: 1151f7e563ae49541845c0a0500f45c27f32556ce41de23573d3058293e8bd9f
openstack-nova-cells-2014.1.5-28.el7ost.noarch.rpm
    MD5: ccb7ea1106614c6ed0fd114050bc9e1bSHA-256: c0d9f450eb555c1b8c8b4ae56f6fad4beb44cab6719473d06aebed110e0bd4b8
openstack-nova-cert-2014.1.5-28.el7ost.noarch.rpm
    MD5: 698aa2d333f63b2e296c5fd08c1adb4eSHA-256: 3947f7af990c57cc8561a5b0f191d1d5f4b0de9c6a8d309b93f626fb1e6950f0
openstack-nova-common-2014.1.5-28.el7ost.noarch.rpm
    MD5: 500ef001b0fb39d470feb7d414cb089bSHA-256: 17e067276b183623e434e3ef0c70f821302f42e4c6ab43a6fac29e2b690824bd
openstack-nova-compute-2014.1.5-28.el7ost.noarch.rpm
    MD5: b446faa3056ac747fe482c9e07ac3d5eSHA-256: 6167431223765eee0fc28727b204d120e8e597c4408a0354ca447d7a9122fc37
openstack-nova-conductor-2014.1.5-28.el7ost.noarch.rpm
    MD5: 8879accf736cb87b172e6c6aa68a8d3dSHA-256: b99fc2d817789f69c2c4119199705627163c20413b64caa35f19f86348c90f42
openstack-nova-console-2014.1.5-28.el7ost.noarch.rpm
    MD5: 8df8d7c42a12f7f3f526baec02711ec9SHA-256: f6e4afebffe9cb17b03a70a8317502716de7333edafc9163fc9019ecca5261aa
openstack-nova-doc-2014.1.5-28.el7ost.noarch.rpm
    MD5: 6688a8f8ee7fe9c33747752a52aaf353SHA-256: d0bdd0302d5f591b2a298f59d27ff7df6e98280167b10b98629694c682aa83ea
openstack-nova-network-2014.1.5-28.el7ost.noarch.rpm
    MD5: 798f6d06d5a9924c0f3896f4ee9a6d7fSHA-256: b2ace84f440b245ecccea9b6756e14ea6b85627501014eee21a482d7f4ac79f7
openstack-nova-novncproxy-2014.1.5-28.el7ost.noarch.rpm
    MD5: d524d49a037bd5d96e9af942c42d6076SHA-256: 35319015dae69cc1d5e15fc69fe6a3f03e472ea68aec345cfb8905dfb53919b0
openstack-nova-objectstore-2014.1.5-28.el7ost.noarch.rpm
    MD5: 4cc4aedf47173c80a68c74f5a5ce2a05SHA-256: 39b5cd0ee762f130ab1a466a6caa1a3a1ba7349b637b2819c98bf06080a4849d
openstack-nova-scheduler-2014.1.5-28.el7ost.noarch.rpm
    MD5: 1e7170935cc394db97051233821863afSHA-256: 1d669b6c1980e4a31427c9c921468bcb8ac951cddcba67eab40a1915d2cde98a
openstack-nova-serialproxy-2014.1.5-28.el7ost.noarch.rpm
    MD5: b5ab30e62e2664a53fe6c961275320f1SHA-256: 9e7ca94261bf8ddf8f070ff8858b7234638c5fb253e2a4ea6ad9fca60da61547
python-nova-2014.1.5-28.el7ost.noarch.rpm
    MD5: c701355169119d7ac414c4c787dbe2ecSHA-256: 1f86b4f7f63af41d2e3bbe0570e802afaba56c18912c8309d14f6f2672c1797f
 
(The unlinked packages above are only available from the Red Hat Network)

1313454 – CVE-2016-2140 openstack-nova: Host data leak through resize/migration

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: