CVE-2017-18191 Red Hat Update for openstack-nova (RHSA-2018:2332)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

OpenStack Compute (nova) launches and schedules large networks of virtualmachines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required toorchestrate a cloud, including running virtual machine instances andcontrolling access through users and projects. The following packages have been upgraded to a later upstream version:openstack-nova (16.1.4). (BZ#1591212)

Security Fixes: openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2332 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2332: Red Hat Enterprise Linux

Leave a Reply