Updated openstack-nova packages that fix one security issue are nowavailable for Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse)for RHEL 6.Red Hat Product Security has rated this update as having Importantsecurity impact.

Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.
OpenStack Compute (nova) launches and schedules large networks ofvirtual machines, creating a redundant and scalable cloud computingplatform.

Compute provides the software, control panels, and APIsrequired to orchestrate a cloud, including running virtual machineinstances and controlling access through users and projects.An information-exposure flaw was found in the OpenStack Compute (nova)resize and migrate functionality.

An authenticated user could write amalicious qcow header to an ephemeral or root disk, referencing a blockdevice as a backing file. With a subsequent resize or migration, filesystem content on the specified device would be leaked to the user. Onlysetups using libvirt with raw storage and “use_cow_images = False” wereaffected. (CVE-2016-2140)This issue was discovered by Matthew Booth of Red Hat.All openstack-nova users are advised to upgrade to these updated packages,which correct this issue.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat OpenStack 5.0 for RHEL 6

SRPMS:
openstack-nova-2014.1.5-28.el6ost.src.rpm
    MD5: 680a2949fb31fb7e77466f499eeb6c7eSHA-256: 708686df52ab4351d6f398f67d2216a340d3448491399890a7014541de9f7230
 
x86_64:
openstack-nova-2014.1.5-28.el6ost.noarch.rpm
    MD5: cf7528d80d762e77be2a24870c36b2f4SHA-256: 4198f766acaf63d755589aea3ff888b731438efed727c60f0d5e56dd4b944ef6
openstack-nova-api-2014.1.5-28.el6ost.noarch.rpm
    MD5: fc3045503d5b961537d433989f4d571eSHA-256: b569e35f94bc10b3cd59b39d47fb256b86f89a2549f7fd2a85a8db06ac6e643b
openstack-nova-cells-2014.1.5-28.el6ost.noarch.rpm
    MD5: d738d8ae196f0c40435451743a44d1d7SHA-256: bf5a49771b4471b7247dbb60f97226d5e2d1bae625143cf136f09a17f32162cd
openstack-nova-cert-2014.1.5-28.el6ost.noarch.rpm
    MD5: dd13d579756b4712ae9d648a2648a27fSHA-256: 5c07be8c08d96215800105368476da1b9bd24dc71e02e0b283d7a6d524391c14
openstack-nova-common-2014.1.5-28.el6ost.noarch.rpm
    MD5: 6a52e9d7c6ac9febd3f1117c87620075SHA-256: 3c76629bc1438ffaae0a99acd94f5eb6be8d75a2f7e6e232d2941d6da6e80235
openstack-nova-compute-2014.1.5-28.el6ost.noarch.rpm
    MD5: 2c06bd08defff25b47efe7afdd582c9dSHA-256: de4180fc7e46b19258d0880d5a345642f3833fe9f8cb76d59100a0e882f2cee6
openstack-nova-conductor-2014.1.5-28.el6ost.noarch.rpm
    MD5: f5c92ad52e016cda92b536c4ebe3de43SHA-256: aa14b92b00877260e163c49702aba0a5a9bb0e45d44d015217750f9d70657e42
openstack-nova-console-2014.1.5-28.el6ost.noarch.rpm
    MD5: fdbd1567de11815af26a05bcc0f07df3SHA-256: 1b1c21382a11111fa502c2cb2c5091c59e50ef309bedf5bc4190d79f71936678
openstack-nova-doc-2014.1.5-28.el6ost.noarch.rpm
    MD5: 08599ba052e7e6962b2201ce7e56acb3SHA-256: 133e67057f4006a1936db5f0a90641f87e8856b095379858fc36332ea31b728b
openstack-nova-network-2014.1.5-28.el6ost.noarch.rpm
    MD5: 97a03841301a3f38a9f5d6a1a8b09f5bSHA-256: a8eaa5b9ccc1854cd970050c0d7324650125e3353237a23794a0d11192656794
openstack-nova-novncproxy-2014.1.5-28.el6ost.noarch.rpm
    MD5: fd7a8b0c06dcb5bb13aac260da55b27aSHA-256: c30fcfe7e7369edd2a5605df06b019ec5ac2fa2c36fc058e3fa88100d7f00c16
openstack-nova-objectstore-2014.1.5-28.el6ost.noarch.rpm
    MD5: 949162385dc7dd82b5bd958befc7778fSHA-256: 2f976fcf988a59e5a2ae7605bfe5d854b260c1ae28ec813d1b92777b4ff55442
openstack-nova-scheduler-2014.1.5-28.el6ost.noarch.rpm
    MD5: b9a339309afe64f61e66207a050febceSHA-256: 55511ee46578ccab427c13f619bc6597beb711251348d760a7d46007f81b3e62
openstack-nova-serialproxy-2014.1.5-28.el6ost.noarch.rpm
    MD5: 3f43779c9707bafa600a2cf5c7b4aff7SHA-256: df262436ee89573787c469747348cd1dd24c4472a59c0bb7cbb87e9516122374
python-nova-2014.1.5-28.el6ost.noarch.rpm
    MD5: 5369102164464cd28b6932e4a85bd4d8SHA-256: b3d76e96f93786ae38369c20dd6141ee37b8d75b2df256e728b78cb0ae4c64ae
 
(The unlinked packages above are only available from the Red Hat Network)

1313454 – CVE-2016-2140 openstack-nova: Host data leak through resize/migration

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: