SUSE-SU-2019:1450-1: moderate: Security update for Cloud7 packages
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Jun 7 10:12:46 MDT 2019
SUSE Security Update: Security update for Cloud7 packages
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1450-1
Rating: moderate
References: #1063535 #1074662 #1112767 #1113107 #1118004
#1120767 #1122053 #1122875 #1123709 #1127558
#1127752 #1128954 #1128987 #1130414 #1131053
Cross-References: CVE-2017-1000433 CVE-2018-1000872
Affected Products:
SUSE OpenStack Cloud 7
SUSE Enterprise Storage 4
______________________________________________________________________________
An update that solves two vulnerabilities and has 13 fixes
is now available.
Description:
This update provides fixes for the following packages issues:
caasp-openstack-heat-templates:
- Update to version 1.0+git.1553079189.3bf8922:
* SCRD-2813 Add support for CPI parameters
- Update to version 1.0+git.1547562889.43707e7:
* Switch LB protocol from HTTP to HTTPS
crowbar:
- Update to version 4.0+git.1551088848.823bcaa3:
* install-chef-suse: filter comments from authorized_keys file
crowbar-core:
- Update to version 4.0+git.1556285635.ab602dd4d:
* network: run wicked ifdown for interface cleanup (bsc#1063535)
- Update to version 4.0+git.1554931881.d98412e0e:
* Fix cloud-mkcloud9-job-backup-restore (SCRD-7126)
- Update to version 4.0+git.1552239940.5bc9aaac4:
* crowbar: Do not rely on Chef::Util::FileEdit to write the file
(bsc#1127752)
- Update to version 4.0+git.1550493400.9787ea9ad:
* upgrade: Delay status switch after upgrade ends
- Update to version 4.0+git.1549474445.d9a35cf52:
* fix hound warning
* Support RAID 0
- Packaged default upgrade timeouts file
- Update to version 4.0+git.1549136953.afcde921f:
* apache2: enable sslsessioncache
- Update to version 4.0+git.1548859099.0edbbfdc2:
* upgrade: Add default upgrade timeouts file
crowbar-ha:
- Update to version 4.0+git.1556181005.47c643d:
* pacemaker: wait more for founder if SBD is configured (SCRD-8462)
* pacemaker: don't check cluster members on founder (SCRD-8462)
- Update to version 4.0+git.1554215159.8a42a71:
* improve galera HA setup (bsc#1122875)
crowbar-openstack:
- Update to version 4.0+git.1554887450.ff7c30c1c:
* neutron: Added option to use L3 HA with Keepalived
- Update to version 4.0+git.1554843756.5622551da:
* ironic: Fix regression in helper
- Update to version 4.0+git.1554814630.ec3c89f25:
* ceilometer: Install package which contains cron file (bsc#1130414)
- Update to version 4.0+git.1551459192.89433e13b:
* rabbit: fix mirroring regex
- Update to version 4.0+git.1550582615.f6b433ec7:
* ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107)
- Update to version 4.0+git.1550262335.9667fa580:
* mysql: Do not set a custom logfile for mysqld (bsc#1112767)
* mysql: create .my.cnf in root home directory for mysql cmdline
- Update to version 4.0+git.1549986893.df836d6cc:
* mariadb: Remove installing the xtrabackup package
* ssl: Fix ACL setup in ssl_setup provider (bsc#1123709)
galera-python-clustercheck:
- readtimeout.patch: Add socket read timeout (bsc#1122053)
openstack-ceilometer:
- Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer
This is needed in a clustered environment where multiple
ceilometer-collector services are installed on different nodes (and due
to that multiple expirer cron jobs installed). That can lead to
deadlocks when the cron jobs run in parallel on the different nodes
(bsc#1113107)
openstack-heat-gbp:
- switch to newton branch
python-PyKMIP:
- Fix a denial-of-service bug by setting the server socket timeout
(bsc#1120767 CVE-2018-1000872)
python-pysaml2:
- Fix for the authentication bypass due to optimizations
(CVE-2017-1000433, bsc#1074662)
rubygem-crowbar-client:
- Update to 3.9.0
- Add support for the restricted APIs
- Add --raw to "proposal show" and "proposal edit"
- Correctly parse error messages that we don't handle natively
- Better upgrade repocheck output
- Update to 3.7.0
- upgrade: Use cloud_version config for upgrade
- ses: Add ses upload subcommand
- Add cloud_version config field.
- Wrap os-release file parsing for better reuse.
- upgrade: Fix repocheck component in error message
- upgrade: Better repocheck output
- updated to version 3.6.1
* Hide the database step when it is not used (bsc#1118004)
* Fix help strings
* Describe how to upgrade more nodes with one command
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2019-1450=1
Package List:
- SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3
ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
- SUSE OpenStack Cloud 7 (noarch):
caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2
crowbar-4.0+git.1551088848.823bcaa3-7.29.2
crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2
crowbar-ha-4.0+git.1556181005.47c643d-4.46.3
crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3
galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2
openstack-ceilometer-7.1.1~dev4-4.15.3
openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3
openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3
openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3
openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3
openstack-ceilometer-api-7.1.1~dev4-4.15.3
openstack-ceilometer-collector-7.1.1~dev4-4.15.3
openstack-ceilometer-doc-7.1.1~dev4-4.15.3
openstack-ceilometer-polling-7.1.1~dev4-4.15.3
openstack-heat-gbp-5.1.1~dev1-2.6.3
python-PyKMIP-0.5.0-3.3.3
python-ceilometer-7.1.1~dev4-4.15.3
python-heat-gbp-5.1.1~dev1-2.6.3
python-pysaml2-4.0.2-3.6.3
- SUSE Enterprise Storage 4 (aarch64 x86_64):
crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
- SUSE Enterprise Storage 4 (noarch):
crowbar-4.0+git.1551088848.823bcaa3-7.29.2
References:
https://www.suse.com/security/cve/CVE-2017-1000433.html
https://www.suse.com/security/cve/CVE-2018-1000872.html
https://bugzilla.suse.com/1063535
https://bugzilla.suse.com/1074662
https://bugzilla.suse.com/1112767
https://bugzilla.suse.com/1113107
https://bugzilla.suse.com/1118004
https://bugzilla.suse.com/1120767
https://bugzilla.suse.com/1122053
https://bugzilla.suse.com/1122875
https://bugzilla.suse.com/1123709
https://bugzilla.suse.com/1127558
https://bugzilla.suse.com/1127752
https://bugzilla.suse.com/1128954
https://bugzilla.suse.com/1128987
https://bugzilla.suse.com/1130414
https://bugzilla.suse.com/1131053
More information about the sle-security-updates
mailing list