-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenStack Platform 16.2 (openstack-nova) security update Advisory ID: RHSA-2023:1948-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1948 Issue date: 2023-04-26 CVE Names: CVE-2022-37394 ===================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: OpenStack Compute (codename Nova) is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors. Security Fix(es): * Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap (CVE-2022-37394) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2051631 - Fresh deployment - nova api calls timing out 2075467 - Ensure that at startup nova-compute cleans up unavailable PCI devices from the DB that are not reported from the hypervisor 2084239 - nova host-evacuation returns erroneous pci addresses and an error: Unable to correlate PCI slot 2088676 - [OSP16.2] while live-migrating many instances concurrently, libvirt sometimes return internal error: migration was active, but no RAM info was set 2117333 - CVE-2022-37394 openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap 2138381 - [OSP 16.2] Unacceptable CPU info: CPU doesn't have compatibility 2140992 - 16.2 - Update instance host and task state when post live migration fails 2151410 - [OSP16.2] Invalid bdm record is left when cinder api call to delete a volume attachment times out 2158181 - nova-compute container won't start when specifying x86_Icelake-Server CPU model 2164970 - Backport "Improving logging at '_allocate_mdevs'." to 16.2 6. Package List: Red Hat OpenStack Platform 16.2: Source: openstack-nova-20.6.2-2.20230308185148.fc01371.el8ost.src.rpm noarch: openstack-nova-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-api-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-common-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-compute-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-conductor-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-console-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-migration-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-novncproxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-scheduler-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-serialproxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm python3-nova-20.6.2-2.20230308185148.fc01371.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-37394 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEllEdzjgjWX9erEAQgTvhAAjGticFLuy8AG55llEeoIZHQzOMKuwwKU YsNi6IHQ358JmeTL7E1Nh3ibdbI4NI+pibgosxcH170GF9f2f3CB+EnHWqz/ZUwg ZpqKXEBPRNRM9HsdYfryONt9JIyWb9UTsLCYt4A69SPvr9KE+iJRsvD+UyCa6opo mELmOAVihPUFSzhuGkcGuc067jkI7QLzJNWxqtgWoXBCBUmLVIyyHmSwToEDH1Sw FwUlvKoAaiR1e5kF6Mv9woAQHDyQeOAc2MHTWEhstjDQJEHSp9PDZwQt/zWHUW9I FEv67oZeF32PWk5Y+2HhCYSzv5v9kq3xwG8BO2gEjSGpRq4QBJ0pmquCtZMX3W+p MPthunQB6JaWk5tjophesotAD1GMO7WD6YzZscAjH/8Nnn1JkzCea3mn5LmEMShA CPUUFrUjHddCocCWvLd3IqyTMnNwwl9hBYobYkGSlEAzpURkDj4Snij2lAjgcKyT kr/6+nbCQQRV9/3fdNqj+KATENkhpG2XuYD9RYybRuZdH4cNahezm6C3Q/1CcT2n 1saTKvXGLO0kDdHtJ3HKlxyvNadUUrSRoxOhbLc09jmBNgkBP8N7XOtConwFcTss wZ4mH0eMU275/JI9X15+cqQvbCm/C6Caaz9dF2JViAJ+vEsgGD2FbUbuLnFkTMWw mypEl0lrmxQ= =sJy4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce