Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1879 Red Hat OpenStack Platform 10 Security, Bug Fix, and Enhancement Advisory 28 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Red Hat OpenStack Platform Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-1059 Reference: ESB-2018.1871 ESB-2018.1324 Original Bulletin: https://access.redhat.com/errata/RHSA-2018:2102 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenStack Platform 10 Security, Bug Fix, and Enhancement Advisory Advisory ID: RHSA-2018:2102-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:2102 Issue date: 2018-06-27 CVE Names: CVE-2018-1059 ===================================================================== 1. Summary: An update is now available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: OpenStack 10.0 Tools for RHEL 7 - noarch Red Hat OpenStack Platform 10.0 - noarch, x86_64 3. Description: Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. Security Fix(es): * dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1059 issue was discovered by Maxime Coquelin (Red Hat). 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat OpenStack Platform 10 runs on Red Hat Enterprise Linux 7.4. The Red Hat OpenStack Platform 10 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat OpenStack Platform 10, including which channels need to be enabled and disabled. The Release Notes are available at: https://access.redhat.com/documentation/en/red-hat-openstack-platform/10/pa ged/release-notes This update is available through 'yum update' on systems registered through Red Hat Subscription Manager. For more information about Red Hat Subscription Manager, see: https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Manageme nt/1/html/RHSM/index.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1540017 - ovs-vswitchd systemd process timesout in environments with large (200G) hugepages 1540158 - RHOS10.z OVS 1802 update 1540164 - RHOS10.z 1802 Rebase OVS with branch-2.6 1540175 - RHOS10.z 1802 Rebase DPDK with LTS branch 1542107 - Live migration fails on OSPd10 DPDK env because of selinux denied 1544298 - CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations 1546198 - [RFE] ovs-stats metrics list to add to collectd 1549893 - Issue with pCPUs for PMDs not running 100% in user space, but a relatively high amount of time in kernel space 1550124 - "upcall_cb failure: ukey installation fails" message in OVS DPDK 1550398 - failed to start vhost interface after updating ovs to 2.9 in osp10 1551682 - ovs-vswitchd segfaults after any instance is spawned on numa 1 socket 1553812 - Update openvswitch 2.6 to use stable DPDK 16.11.5 1556662 - vhostuser interface link is down sometimes unexpectedly 1561939 - Backport from master OVS for "LACP: check active partner sys id" 1572510 - OSP10: Support for dpdkvhostuserclient mode 1579905 - Update OSP10 to OVS 2.9 -19 Fast Datapath build 18.04 1583750 - openvswitch-2.9.0-19.el7fdp installs /var/log/openvswitch with permissions 0755 [openstack-10] 6. Package List: Red Hat OpenStack Platform 10.0: Source: openstack-selinux-0.8.14-5.el7ost.src.rpm openvswitch-2.9.0-19.el7fdp.1.src.rpm noarch: openstack-selinux-0.8.14-5.el7ost.noarch.rpm python-openvswitch-2.9.0-19.el7fdp.1.noarch.rpm x86_64: openvswitch-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-debuginfo-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-devel-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-ovn-central-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-ovn-common-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-ovn-host-2.9.0-19.el7fdp.1.x86_64.rpm openvswitch-ovn-vtep-2.9.0-19.el7fdp.1.x86_64.rpm OpenStack 10.0 Tools for RHEL 7: noarch: openvswitch-test-2.9.0-19.el7fdp.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1059 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzQox9zjgjWX9erEAQiYVw//VmfUDHQIZNbxjxrPwaAYKgxziVrU1Uga dzmg9PCViIoJsSniy+oW7Ge7alBd8qxYfYTjrM8wR5AGoOYVjslU5PiXRAC4jsKx 2px1WEx6vWyLKadnDAlyePpl85MDNBhKHjqiChicjLjw5RhpOc2tPUfAo5dYS/V6 zdsVzraUXqas9ygUi0BF8azkDP0OwzA9W93VfKZ7PFOfYc8fYPCrRK1qel8/JqA1 nyaBiJZ4rQUksP5gVon8aPCmzfogdR7IKvP4ZatfXGcWqyN4jt9k4+Mf8FIaiE0E NssKJ5z+GwmegQaxaipZRkuXMr8VwA9ID70v6xiqW0hjr1uNUIDodvGxBrVQgJOI EGpIFLxFYQAB0rZjC3qrwu6yC4LhJQgvxJk+FhTQXamHF34Ha9Op7KCssoO1ujx9 y75kFY5kAeS8inmG0UvrQ3w4K/hBKgKnXOI+++r/B6RCe6vASY54ia8bsURzrOfv LnRSZEbtTxgKcjt9RWpMJsW0SIdZN2sFG6RJgccZjiu6+lmZQMydSHMYkAm7HqJL 5F6uSsFXEGM/ObdHyBh6hqVlwMHRDzoYvIECBr4vcyar9XPRUx3744rXBIEPtdtZ ReBvISiZwX3dF2AxK4Z7UGB7svxOIugGwP2mcEoeKF5yFwsZ7X01T/+spyt71Nbd hyA5W3Nk4JU= =N2e4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzQ19WaOgq3Tt24GAQjhRBAAzPpuDa8IKHApW1Z4HQ3f+DPwhgIMWuRK EYvx6A8ctVXmrynL+TWyBqLDMI1uxvbxwId68NvXUjIfGLTM4GuxNKSqxko/gu20 YZIr0Y/zE8POkbSZf7HMT4LmhgdgavBG4P6flnNl8OkYXVgvDnptFMPHS25nl9xu IImRTiAaFVYqcR6fGwVzISd6FeoMgN2Xw3APJC0ZEopGhdo+svbDTLBk73dqDUBQ auQ3SGuI4MPwCufMwZhU45R55rt4K1pGCovdXD05d0LI5/+P08zw0e7/7RiYLFwY evWVQ2NWxP7DWtd/Mr7zr1fAtoooxRA5iwEqBGeRwlV+dhZa+/1lnfbtOtjGJsL8 unXTi3N85onw6TKXr8rEguipww+MQMHmkwk+rSZ/MVXDLHaCI4T6JCxGhbmwQZa7 O50siZhF9ElDthGm7F6nj6bO9GV5ABYbhTfxQb7d6SXs+IRvwdIrbi75yPnWfs9j V4u4mBEo0lXN1FgjFbY1jMV/iP66sjjdjUZGcND+k4nt3hHiBUvFtzWcRc/qpmYG 3B1H6CWJ4Q+6kdHDVpUvmd3u4lrNT1b0aw0gv8Pt6xhwEz1WN2yyzkYX1pdKenwV SFYFAwbvL7GdmToeUXBetvN/dLOVGmC6s0aKRUFf94lGnfHjDHJP2hyRvLP12p6V ODQzQkVURWI= =eKhE -----END PGP SIGNATURE-----