(RHSA-2022:0999) Moderate: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

OpenStack Compute (codename Nova) is open source software designed
to provision and manage large networks of virtual machines,creating a
redundant and scalable cloud computing platform. It gives you the software,
control panels, and APIs required to orchestrate a cloud, including running
instances, managing networks, and controlling access through users and
projects.OpenStack Compute strives to be both hardware and hypervisor
agnostic, currently supporting a variety of standard hardware
configurations and seven major hypervisors.

Security Fix(es):

• novnc allows open redirection (CVE-2021-3654)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Bug Fix(es):

• Red Hat OpenStack Platform (RHOSP) does not support the use of a fully qualified domain name (FQDN) as the instance display name in a boot server request. The instance display name is passed from the boot server request to the instance.hostname field. Some customers use this unsupported naming in their workflows.

A recent update [1] now sanitizes the instance.hostname field. The sanitization steps include replacing periods with dashes, a replacement that makes it impossible to continue using the unsupported FQDN instance display names.

This update provides a temporary workaround for customers who use a fully qualified domain name (FQDN) as the instance display name in a boot server request. It limits the scope of the sanitization to cases where the instance display name ends with a period followed by one or more numeric digits.

If you use FQDN as the instance display name in a boot server request, modify your workflow before upgrading to RHOSP 17. (BZ#2036652)