Security update for openstack-nova
| Announcement ID: | SUSE-SU-2015:2219-1 |
| Rating: | moderate |
| References: | #927625 #935017 #942457 #944178 #945923 #949070 #949529 |
| Affected Products: |
An update that solves three vulnerabilities and has four fixes is now available.
Description:
This update for openstack-nova provides various fixes and improvements:
- Fix regression where launched instances in tenants not visible for other
users. (bsc#927625)
- Remove error messages from multipath command output before parsing.
(bsc#949529)
- Fix live-migration usage of the wrong connector information.
- Added requirement for memcached to python-nova. (bsc#942457)
- Don't expect meta attributes in object_compat that aren't in the db obj.
(bsc#949070, CVE-2015-7713)
- Delete orphaned instance files from compute nodes (bsc#944178,
CVE-2015-3280)
- Kill rsync/scp processes before deleting instance. (bsc#935017,
CVE-2015-3241)
- Sync process utils from oslo for execute callbacks. (bsc#935017,
CVE-2015-3241)
- Fix rebuild of an instance with a volume attached.
- Fixes _cleanup_rbd code to capture ImageBusy exception.
- Don't try to confine a non-NUMA instance.
- Include blank volumes in the block device mapping (bsc#945923)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-openstack-nova-12253=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
- openstack-nova-2014.2.4~a0~dev80-20.1
- openstack-nova-api-2014.2.4~a0~dev80-20.1
- openstack-nova-cells-2014.2.4~a0~dev80-20.1
- openstack-nova-cert-2014.2.4~a0~dev80-20.1
- openstack-nova-compute-2014.2.4~a0~dev80-20.1
- openstack-nova-conductor-2014.2.4~a0~dev80-20.1
- openstack-nova-console-2014.2.4~a0~dev80-20.1
- openstack-nova-consoleauth-2014.2.4~a0~dev80-20.1
- openstack-nova-novncproxy-2014.2.4~a0~dev80-20.1
- openstack-nova-objectstore-2014.2.4~a0~dev80-20.1
- openstack-nova-scheduler-2014.2.4~a0~dev80-20.1
- openstack-nova-serialproxy-2014.2.4~a0~dev80-20.1
- openstack-nova-vncproxy-2014.2.4~a0~dev80-20.1
- python-nova-2014.2.4~a0~dev80-20.1
- SUSE OpenStack Cloud 5 (noarch):
- openstack-nova-doc-2014.2.4~a0~dev80-20.1
References:
- https://www.suse.com/security/cve/CVE-2015-3241.html
- https://www.suse.com/security/cve/CVE-2015-3280.html
- https://www.suse.com/security/cve/CVE-2015-7713.html
- https://bugzilla.suse.com/927625
- https://bugzilla.suse.com/935017
- https://bugzilla.suse.com/942457
- https://bugzilla.suse.com/944178
- https://bugzilla.suse.com/945923
- https://bugzilla.suse.com/949070
- https://bugzilla.suse.com/949529