Updated openstack-cinder and openstack-glance packages that fix one securityissue are now available for Red Hat OpenStack Platform 9.0 (Mitaka).Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
OpenStack Block Storage (cinder) manages block storage mounting and thepresentation of such mounted block storage to instances. The backend physicalstorage can consist of local disks, or Fiber Channel, iSCSI, and NFS mountsattached to Compute nodes. In addition, Block Storage supports volume backups,and snapshots for temporary save and restore operations. Programatic managementis available via Block Storage’s API.OpenStack Image service (glance) provides discovery, registration, and deliveryservices for disk and server images. It provides the ability to copy or snapshota server image, and immediately store it away. Stored images can be used as atemplate to get new servers up and running quickly and more consistently thaninstalling a server operating system and individually configuring additionalservices.Security Fix(es):* A resource vulnerability in the Block Storage (cinder) and Image (glance)services was found in their use of qemu-img. An unprivileged user could consumeas much as 4 GB of RAM on the compute host by uploading a malicious image. Thisflaw could lead possibly to host out-of-memory errors and negatively affectother running tenant instances. (CVE-2015-5162)
Red Hat OpenStack 9.0 for RHEL 7

    MD5: f2fe82d338ec82c088a0a5c017aa1917SHA-256: 5e8240753576510947b7b32845dff842dc972da7de3cf9e9f5014adaf85411b3
    MD5: 925753d99b56cdc4555e0481924250a8SHA-256: 0ea62e96f9bef4c4084be82de7c48353a0f0339b8389f8e7eec58b6362a071ed
    MD5: 220961c7309f6aef6a2e8c0af7fd81bdSHA-256: 5c68a5b6b9973f9c78aae0481f0d9f5bddc7ec50b5bbea4749abc4a57ece29d7
    MD5: 3ddd7064ca668857ae6becbfab27d1b2SHA-256: 94e80edeee317e2e13657439dc44c4a3fb0ffe328ad12e3d44386592da0ffabf
    MD5: d2a80e8fe85baa11084f67186370281bSHA-256: c1fdc956818dae43157d327d4a52c9887b6b4d72db61fa89928083fd129c2aa8
    MD5: e9029cad4c72f503d9c0fe429c49ecffSHA-256: ddde2cb588c8b751f2ea0093572ff5d5d3aabfd6e0d9aa072367790bd16259dc
    MD5: d44dc087ef1003bc5fee692be2b3ebf9SHA-256: 2941942da54dee987ce597b7e6cdbf110238e36c2541e8641a68eae06c5761af
    MD5: 45937a4ad351e238896fab8ea4728dd4SHA-256: 962dfc0c4331725fe2e7f46bfeb033a01d17cc3c4933c7845d6dfb28f409d49e
(The unlinked packages above are only available from the Red Hat Network)

1268303 – CVE-2015-5162 openstack-nova/glance/cinder: Malicious image may exhaust resources1380842 – Creating Encrypted Volumes with Cinder(Ceph backend) gives false positive1381283 – cinder-api lost SSL in oslo.service wsgi move for Mitaka1381350 – qemu-img calls need to be restricted by ulimit1386253 – NetApp Cinder driver: cloning operations are unsuccessful

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply