Cisco Metacloud September 2018 Update

Cisco Metacloud releases contain bug fixes, feature updates, and security updates.

Additional Security Updates for 2014.1.7.x and 2014.1.8.x - September 2018

The following security updates have been implemented in Metacloud 2014.1.7.x or 2014.1.8.x.

The fixes for addressing these issues require a new operating system kernel, CPU microcode, libvert and QEMU. All Metacloud Controllers and Hypervisors will need to be rebooted after patches are applied.

For customers to fully secure virtual machines instances they must first apply the relevant patches for the instance’s operating system and they must hard reboot all virtual machines after being upgraded to the 4.9 release. Please refer to your operating system supplier for information on what patches must be applied to address the CVEs addressed above.

Security Updates for 2014.1.7.x and 2014.1.8.x - September 2018

The following security updates have been implemented in Metacloud 2014.1.7.x or 2014.1.8.x.

  • Fixes to address security vulnerability related to Spectre Varient 3 (CVE-2018-3640), Spectre Varient 4 (CVE-2018-3639]) and LazyFP (CVE-2018-3665).
  • Please note that post update live migration will only work from strictly older to strictly newer virtual machines. As a result it is possible to live migrate a VM from an older kernel/virtual cpu type to a newer one. However once a virtual machines has been rebooted in a newer kernel and the new virtual CPU type is assigned it can not be migrated to back to the older kernal.
  • Please see our support article on verifying that virtual machines are secureed after these updates are applied.

Security Updates for 2014.1.7.x and 2014.1.8.x - April 2018

The following security updates have been implemented in Metacloud 2014.1.7.x or 2014.1.8x.

Feature Updates 2014.1.7.6

The following improvements have been implemented in version 2014.1.7.6:

  • You can now run IP and iSCSI interfaces on different VLANs on SolidFire servers.
  • A cross-site scripting vulnerability that could enable an attacker to run arbitrary JavaScript, has been removed.
  • You can now delete a heat stack after removing all of its resources.

Feature Update 2014.1.7.5

The following improvement has been implemented in version 2014.1.7.5:

An XML update now enables successful live migrations and snaphots.

Feature Updates 2014.1.7.4

The following improvements have been implemented in version 2014.1.7.4:

  • An SSL vulnerability that could allow DoS and DDoS attcks, has been removed.
  • The SolidFire driver now properly handles iSCSI access failure when you create an image cache volume.
  • Networking service ports are no longer deleted when you detach VMs from a network.
  • Volume Quotas now correctly display on the Launch Instance panel.
  • When you launch an instance, the volume storage chart now correctly uses the minimum disk size required by the flavor.
  • You can now correctly migrate instances that have deleted users.
  • VM network usage statistics are now correctly reported in the Dashboard.
  • Flavors created that have a disk size lower than the size of the image being used now correctly display as available in the Dashboard.

Feature Updates 2014.1.7.3

The following improvements have been implemented in version 2014.1.7.3:

  • L2 anti-spoof protection now prevents packets from bypassing the filtering to spoof MAC addresses.
  • The Networking service now uses MD5 authentication per interface between routers.
  • Snapshots of running instances now work correctly.
  • The stunnel console proxy now supports TLS v1.1. TLS v1.0 is no longer supported.
  • Network Topology page in the Dashboard now correctly displays routers.
  • Project membership now correctly matches between CLI and Dashboard when changes are made.
  • Volumes and volume snapshots now correctly display in the quota calculation in the Dashboard.

Feature Updates 2014.1.7.2

The following improvements have been implemented in version 2014.1.7.2:

  • You can now correctly use a CentOS ISO image file to launch new instances.
  • The Block Storage service now correctly uses the volume_tmp_dir parameter for volume conversion on Ceph storage servers.

Feaure Update 2014.1.7.1

The following improvement has been implemented in version 2014.1.7.1:

An out-of-bounds read/write access vulnerability that could enable a user to escape into another VM on the same hypervisor, has been removed.

Feature Updates 2014.1.7.0

The following improvements have been implemented in version 2014.1.7.0:

  • You can now use the Networking service to create an external network to handle a network address translation (NAT) server failover.
  • You can now accurately check valid users against an LDAP group.
  • The openrc.sh file now contains the correct Image service URL for your instance.

Supported API Versions

Service API Version
Compute v2
Image v1
CloudFormation v1
Volume v1
EC2 v1
Orchestration v1
Identity v2
Neutron v2

Supported OpenStack Projects and Versions

Project Version
Nova Icehouse
Cinder Icehouse
Keystone Icehouse
Glance Icehouse
Heat Juno
Horizon Icehouse
Neutron Juno

Supported Image Types

Image Storage Location Local Storage NFS-backed Storage Ceph-backed Storage
AMI (AWS) x x x
ISO9660 x x N/A
QCOW2 (KVM, Xen) x x N/A
RAW x x x
VDI (VirtualBox) x x N/A
VHD (Hyper-V) x x N/A
VDMK (VMWare) x x N/A