RHSA-2022:0983: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (openstack-nova) security update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-03-24

Updated:

2022-03-24

RHSA-2022:0983 - Security Advisory

• Overview
• Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 16.1 (openstack-nova) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openstack-nova is now available for Red Hat OpenStack
Platform 16.1 (Train).

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

OpenStack Compute (codename Nova) is open source software designed
to provision and manage large networks of virtual machines, creating a
redundant and scalable cloud computing platform. It gives you the software,
control panels, and APIs required to orchestrate a cloud, including running
instances, managing networks, and controlling access through users and
projects.OpenStack Compute strives to be both hardware and hypervisor
agnostic, currently supporting a variety of standard hardware
configurations and seven major hypervisors.

Security Fix(es):

• novnc allows open redirection (CVE-2021-3654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

• Red Hat OpenStack 16.1 x86_64
• Red Hat OpenStack for IBM Power 16.1 ppc64le

Fixes

• BZ - 1961439 - CVE-2021-3654 openstack-nova: novnc allows open redirection
• BZ - 1977667 - Compute service DOWN after FFU from RHOSP13 to 16.1 because service version is still 30.
• BZ - 1999588 - [OSP 16.1.8] Provide a workaround option and/or nova-manage command to force the refresh of connection_info during a hard reboot
• BZ - 2002773 - [OSP16.1] Nova is out of sync with ironic as hypervisor list in nova does not agree with ironic list after reboot of the nodes
• BZ - 2003258 - [OSP16.1] vm creation interrupted by cluster degradation results in required nova cell information being unpopulated.
• BZ - 2020313 - If an upper case mac address is used in a heat template, live migration won’t work in nova

Red Hat OpenStack 16.1

SRPM

openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.src.rpm

SHA-256: cda26a9bab7216a73ca3b15538b762ddf6adf568b16d458b4f366a7c4e090d12

x86_64

openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 59d0be80760c6c2b7f886b7c9d5e77d25f279dc9a90cf6aef3aab1cde917e0c3

openstack-nova-api-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 743ba8ebfd070c69a49ee3bc3b5d85a72bc260b2ad2cfbded689777bda490b56

openstack-nova-common-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: db3ddf769492cdb18ab789e3c3230e5bba7e508c9a1efc46e494a389346fca87

openstack-nova-compute-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 1fde01bb539b9fb9b85411a79414271f34a88e4e01dd3c044a5517e03c9c03aa

openstack-nova-conductor-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 8714b3d1f330fe89437d6e699ae85f528a39298a3153fafa1b6b4473b37fed41

openstack-nova-console-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 940fd43f7a829cb2f0a3a2a2770e754b15db9e2a0960fd95c6d68d0eeee5267d

openstack-nova-migration-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 544eac941e88c2e6087e1f64a3775cc46cbadfe98265606b14900e3c2afe065f

openstack-nova-novncproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 4fe2e7ec9ad2762ecd580f00f25e19999e3021683c739bdf8b801071394a4e0c

openstack-nova-scheduler-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 25004bc8936129a4d7024198388490d09202b43774035c1fcaf1b5ececabd304

openstack-nova-serialproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: c4ad5df23a9ed6978b368673b6d5529b1c5027bc36b4ff562cb3022bb69383ce

openstack-nova-spicehtml5proxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 323b4af66ebe4783cac13365315695ae518222cf22391060efd81b4c7eeaace2

python3-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: d4371ad888d98d631fa4634369f59e878a70dc53d239793d0216c9ed2dac2d36

Red Hat OpenStack for IBM Power 16.1

SRPM

openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.src.rpm

SHA-256: cda26a9bab7216a73ca3b15538b762ddf6adf568b16d458b4f366a7c4e090d12

ppc64le

openstack-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 59d0be80760c6c2b7f886b7c9d5e77d25f279dc9a90cf6aef3aab1cde917e0c3

openstack-nova-api-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 743ba8ebfd070c69a49ee3bc3b5d85a72bc260b2ad2cfbded689777bda490b56

openstack-nova-common-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: db3ddf769492cdb18ab789e3c3230e5bba7e508c9a1efc46e494a389346fca87

openstack-nova-compute-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 1fde01bb539b9fb9b85411a79414271f34a88e4e01dd3c044a5517e03c9c03aa

openstack-nova-conductor-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 8714b3d1f330fe89437d6e699ae85f528a39298a3153fafa1b6b4473b37fed41

openstack-nova-console-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 940fd43f7a829cb2f0a3a2a2770e754b15db9e2a0960fd95c6d68d0eeee5267d

openstack-nova-migration-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 544eac941e88c2e6087e1f64a3775cc46cbadfe98265606b14900e3c2afe065f

openstack-nova-novncproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 4fe2e7ec9ad2762ecd580f00f25e19999e3021683c739bdf8b801071394a4e0c

openstack-nova-scheduler-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 25004bc8936129a4d7024198388490d09202b43774035c1fcaf1b5ececabd304

openstack-nova-serialproxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: c4ad5df23a9ed6978b368673b6d5529b1c5027bc36b4ff562cb3022bb69383ce

openstack-nova-spicehtml5proxy-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: 323b4af66ebe4783cac13365315695ae518222cf22391060efd81b4c7eeaace2

python3-nova-20.4.1-1.20220112153422.1ee93b9.el8ost.noarch.rpm

SHA-256: d4371ad888d98d631fa4634369f59e878a70dc53d239793d0216c9ed2dac2d36

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.