Security update for openstack-nova

Announcement ID:	SUSE-SU-2015:2219-1
Rating:	moderate
References:	bsc#927625 bsc#935017 bsc#942457 bsc#944178 bsc#945923 bsc#949070 bsc#949529
Cross-References:	CVE-2015-3241 CVE-2015-3280 CVE-2015-7713
CVSS scores:
Affected Products:	SUSE Cloud 5

An update that solves three vulnerabilities and has four security fixes can now be installed.

Description:

This update for openstack-nova provides various fixes and improvements:

• Fix regression where launched instances in tenants not visible for other users. (bsc#927625)
• Remove error messages from multipath command output before parsing. (bsc#949529)
• Fix live-migration usage of the wrong connector information.
• Added requirement for memcached to python-nova. (bsc#942457)
• Don't expect meta attributes in object_compat that aren't in the db obj. (bsc#949070, CVE-2015-7713)
• Delete orphaned instance files from compute nodes (bsc#944178, CVE-2015-3280)
• Kill rsync/scp processes before deleting instance. (bsc#935017, CVE-2015-3241)
• Sync process utils from oslo for execute callbacks. (bsc#935017, CVE-2015-3241)
• Fix rebuild of an instance with a volume attached.
• Fixes _cleanup_rbd code to capture ImageBusy exception.
• Don't try to confine a non-NUMA instance.
• Include blank volumes in the block device mapping (bsc#945923)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Cloud 5
  zypper in -t patch sleclo50sp3-openstack-nova-12253=1

Package List:

• SUSE Cloud 5 (x86_64)
  • openstack-nova-cert-2014.2.4~a0~dev80-20.1
  • openstack-nova-compute-2014.2.4~a0~dev80-20.1
  • openstack-nova-objectstore-2014.2.4~a0~dev80-20.1
  • openstack-nova-vncproxy-2014.2.4~a0~dev80-20.1
  • openstack-nova-conductor-2014.2.4~a0~dev80-20.1
  • openstack-nova-api-2014.2.4~a0~dev80-20.1
  • openstack-nova-serialproxy-2014.2.4~a0~dev80-20.1
  • python-nova-2014.2.4~a0~dev80-20.1
  • openstack-nova-2014.2.4~a0~dev80-20.1
  • openstack-nova-novncproxy-2014.2.4~a0~dev80-20.1
  • openstack-nova-cells-2014.2.4~a0~dev80-20.1
  • openstack-nova-consoleauth-2014.2.4~a0~dev80-20.1
  • openstack-nova-console-2014.2.4~a0~dev80-20.1
  • openstack-nova-scheduler-2014.2.4~a0~dev80-20.1
• SUSE Cloud 5 (noarch)
  • openstack-nova-doc-2014.2.4~a0~dev80-20.1

References:

• https://www.suse.com/security/cve/CVE-2015-3241.html
• https://www.suse.com/security/cve/CVE-2015-3280.html
• https://www.suse.com/security/cve/CVE-2015-7713.html
• https://bugzilla.suse.com/show_bug.cgi?id=927625
• https://bugzilla.suse.com/show_bug.cgi?id=935017
• https://bugzilla.suse.com/show_bug.cgi?id=942457
• https://bugzilla.suse.com/show_bug.cgi?id=944178
• https://bugzilla.suse.com/show_bug.cgi?id=945923
• https://bugzilla.suse.com/show_bug.cgi?id=949070
• https://bugzilla.suse.com/show_bug.cgi?id=949529