SUSE-SU-2019:2267-1: moderate: Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persi ster, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Sep 2 10:15:47 MDT 2019


   SUSE Security Update: Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack
 -monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:2267-1
Rating:             moderate
References:         #1027315 #1129729 #1133719 #1134232 #1140512 
                    #1141676 #1144026 #1144027 
Cross-References:   CVE-2015-3448 CVE-2017-17051 CVE-2019-11236
                    CVE-2019-11324 CVE-2019-13611 CVE-2019-7164
                    CVE-2019-7548 CVE-2019-9735 CVE-2019-9740
                   
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that fixes 9 vulnerabilities is now available.

Description:

   This update for ardana-ansible, ardana-barbican, ardana-cinder,
   ardana-cluster, ardana-cobbler, ardana-db, ardana-designate,
   ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon,
   ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone,
   ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron,
   ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui,
   ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest,
   crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui,
   java-monasca-common, java-monasca-common-kit, openstack-ceilometer,
   openstack-cinder, openstack-designate, openstack-heat,
   openstack-horizon-plugin-neutron-fwaas-ui,
   openstack-horizon-plugin-neutron-lbaas-ui,
   openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic,
   openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
   openstack-manila, openstack-monasca-notification,
   openstack-monasca-persister, openstack-monasca-persister-java,
   openstack-monasca-persister-java-kit, openstack-neutron,
   openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova,
   openstack-octavia, openstack-tempest,
   python-ardana-configurationprocessor, python-cinder-tempest-plugin,
   python-ironicclient, python-keystonemiddleware,
   python-monasca-tempest-plugin, python-openstackclient,
   python-openstacksdk, python-proliantutils, python-python-engineio,
   python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar
   fixes the following issues:

   - Update to version 9.0+git.1566374020.301191f:
     * Use raw image format when using SES backend on Nova (SOC-9285)

   - Update to version 9.0+git.1563375514.31fa9a7:
     * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)

   - Update to version 9.0+git.1563192450.30e8f16:
     * Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840)

   - Update to version 9.0+git.1566251498.be02ca4:
     * adds ipv6 format to http/https urls (SOC-10063)

   - Update to version 9.0+git.1565678764.c3a9b9f:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1562898832.1731f25:
     * FIX broken symlink for policy.yaml.j2.   (SOC-0000)

   - Update to version 9.0+git.1559333871.40508f7:
     * Allow system to bind to non local ipv6 addresses (SOC-9330)

   - Update to version 9.0+git.1566336494.93967dd:
     * Using python netaddr for ipv6 address comparison (SOC-9940)

   - Update to version 9.0+git.1564409964.b7e4fc3:
     * Don't use 'latest' with 'zypper' (SOC-9997)

   - Update to version 9.0+git.1562182567.aef23e0:
     * Format curl commands for ipv6 (SOC-9369)

   - Update to version 9.0+git.1565680593.df7a432:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1566213657.69862ab:
     * Add missing service plugin for l2gw (SOC-5837)

   - Update to version 9.0+git.1563904379.31ff1e9:
     * Add the NSX-T L2-Gateway Service definition (SOC-5837)

   - Switch to new Gerrit Server

   - Update to version 9.0+git.1566375806.f0b2333:
     * Configure glance image_direct_url/multiple_locations (SOC-9285)

   - Update to version 9.0+git.1565720518.c7fdca2:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1564491141.602fdf9:
     * Default glance_default_store to rbd if SES enabled (SOC-8749)

   - Update to version 9.0+git.1565721273.f44b8d7:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565891518.2a545a1:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565655129.ab3a58c:
     * Removed None condition from rule (SOC-10003)

   - Update to version 9.0+git.1564609155.033a963:
     * Updated heat_policy.json permission to be 664 (SOC-9872)

   - Update to version 9.0+git.1562848565.91e75b2:
     * Include memcached in the minimal ardana-ci model (SOC-9800)

   - Update to version 9.0+git.1566255088.3443670:
     * Add server state column (SOC-9957)

   - Update to version 9.0+git.1565218199.868c5d1:
     * Add ipv6 support (SOC-9677) (#357)

   - Update to version 9.0+git.1563912815.7090c20:
     * Only show ses config upload option when ses is not configured
       (SOC-8555) (#356)

   - Update to version 9.0+git.1565721987.ddc59c8:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565891593.cad6d1a:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1563911975.a7ed208:
     * Ensure Member role is created during upgrade (SOC-9923)

   - Update to version 9.0+git.1565761582.2dc823a:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565762005.016032a:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1566332665.ad894c0:
     * adds ipv6 format to http/https urls (SOC-10063)

   - Update to version 9.0+git.1565691188.2309798:
     * Use systemd for monasca-thresh (SOC-10145)

   - Update to version 9.0+git.1565115025.148d092:
     * Enable ipv6 on rabbitmq-server (SOC-9745)

   - Update to version 9.0+git.1566251310.3a1e8f9:
     * adds ipv6 format to http/https urls (SOC-10063)

   - Update to version 9.0+git.1563989391.dfe3688:
     * Let SDN services configure VPN and Firewall service providers
       (SOC-9935)

   - Update to version 9.0+git.1561563389.90bfb06:
     * Add dependent services to neutron services (SOC-8746)

   - Update to version 9.0+git.1566332515.e232568:
     * adds ipv6 format to http/https urls (SOC-10063)

   - Update to version 9.0+git.1565946239.023aefe:
     * Set diskcachemode and disk discard when using RBD (SOC-10182)

   - Update to version 9.0+git.1565715522.3fe67c6:
     * fix Ironic endpoint override (SOC-10130)

   - Update to version 9.0+git.1565366126.4993583:
     * Make default/rpc_response_timeout configurable (SOC-9285)

   - Update to version 9.0+git.1562762205.ce51d30:
     * Resolves nova-novncproxy random status failures (SOC-9574)

   - Update to version 9.0+git.1566206502.6c87b41:
     * Use default values for amphora connection retries/timeout (SOC-9285)

   - Update to version 9.0+git.1566251377.b1caeaa:
     * adds ipv6 format to http/https urls (SOC-10063)

   - Add ipaddr bower dependency (SOC-9679)

   - Update to version 9.0+git.1565764394.545b573:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565380193.f006466:
     * Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges
       (SOC-9939)

   - Update to version 9.0+git.1565265803.6a720d0:
     * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)

   - Update to version 9.0+git.1565150548.c475cb8:
     * Configured logrotate user for ovs as 'root' (SOC-8139)

   - Update to version 9.0+git.1563894224.943cbc2:
     * Make the example repo url entry totally fictitious (SOC-6800)

   - Update to version 9.0+git.1563383124.1d585e4:
     * Add an global_filter entry to lvm.conf  (bsc#1140512)

   - Update to version 9.0+git.1562782235.67538c9:
     * Configure ovs user for logrotate (SOC-8139)

   - Update to version 9.0+git.1562371586.24a698a:
     * Allow for use of --check in iptables command (SOC-9349)

   - Update to version 9.0+git.1562170979.edc53b6:
     * Don't set datapath-ids on ovs-bridges anymore (SOC-9239)

   - Update to version 9.0+git.1564706915.edd44c4:
     * Add ipv6 support (SOC-9677)

   - Update to version 9.0+git.1563468620.5035cf8:
     * Add support for ses integration (SOC-8555)

   - Update to version 9.0+git.1563461311.16ea2df:
     * Change url of upper-constraints file (SOC-9863)

   - Update to version 9.0+git.1565962617.523149b:
     * Add ses-status playbook (SOC-9902)

   - Update to version 9.0+git.1565704258.123de3f:
     * Update Swift endpoint during deploy (SOC-9303)

   - Update to version 9.0+git.1565891872.73fc3c7:
     * adds ipv6 format to urls (SOC-10063)

   - Update to version 9.0+git.1565644472.644d5f6:
     * Cloud 8 to 9 upgrade enhancements (SOC-10146)

   - Update to version 9.0+git.1566471752.a3c5c9c:
     * Delete existing run filter before deploying it (SOC-10287)

   - Update to version 9.0+git.1565366961.33ad009:
     * Run loadbalancer tests in parallel (SOC-9285)

   - Update to version 9.0+git.1563203769.49124de:
     * Blacklist failing shelve tests (SOC-9775)

   - Update to version 9.0+git.1562783575.7e02c70:
     * Blacklist failing shelve tests (SOC-9775)

   - Update to version 6.0+git.1566321308.1de18b9a4:
     * ohai: Hardcode ruby version for package installation (SOC-10010)

   - Update to version 6.0+git.1566303970.2c7d83971:
     * upgrade: restart nova services after upgrade

   - Update to version 6.0+git.1565859218.525130340:
     * upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164)

   - Update to version 6.0+git.1565256572.49359f57b:
     * ovs-pre-up: remove controller for admin bridge (SOC-10073)

   - Update to version 6.0+git.1564996068.e7ccb0bae:
     * batch: Fix get_proposal_json (SOC-9954)

   - Update to version 6.0+git.1564738819.232375c6f:
     * batch: Format crowbar batch error output (SOC-9954)
     * repochecks errors for ses5-pool on SOC9
     * dns: fix migration for designate

   - Update to version 6.0+git.1564480387.a4b8c2ff7:
     * batch: Format crowbar batch error output (SOC-9954)

   - Update to version 6.0+git.1564406710.9273d5a17:
     * travis: Whitelist CVE-2015-3448 (SOC-9911)
     * travis: Use env variable for commit range (SOC-9911)

   - Update to version 6.0+git.1564131651.98f426eae:
     * monasca: add cleanup before upgrade (SOC-9482)
     * bind9: Fix spelling error in template

   - Update to version 6.0+git.1563950117.f6123bd8f:
     * Cleanup clone_stateless_services leftovers (SOC-9842)

   - Update to version 6.0+git.1562772809.4a470bec0:
     * upgrade: update file names for 8 -> 9 (SOC-9029)

   - Update to version 6.0+git.1562733958.204289d65:
     * ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098)

   - Update to version 6.0+git.1566406179.7549de2:
     * corosync: Hardcode ruby version for package installation (SOC-10010)

   - Update to version 6.0+git.1566404979.41279a88e:
     * Designate: Update DB pools configuration (SOC-9767)
     * horizon: Install designate plugin when configured (SOC-9695)

   - Update to version 6.0+git.1566211690.54dcd56ba:
     * ceilometer: Remove old ceilometer-api vhosts (SOC-9483)

   - Update to version 6.0+git.1565968769.ae650697c:
     * Octavia: Barclamp (SOC-6100)

   - Update to version 6.0+git.1565739445.3fc6ef5e8:
     * designate: Configure resource settings (SOC-9633)

   - Update to version 6.0+git.1565713423.0dd3fbb3e:
     * tempest: Set port_admin_state_change to false when using linuxbridge
       (SOC-10029)

   - Update to version 6.0+git.1565081581.1e2cf5bd0:
     * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)

   - Update to version 6.0+git.1564586397.a7203dba7:
     * Add tempest filters based on services (SOC-9298)
     * upgrade: Fix HA detection for keystone db_sync (SOC-9981)

   - Update to version 6.0+git.1564498339.07f14a985:
     * Fix magnum tempest tests (SOC-9298)
     * Fix nova tempest tests (SOC-9298)

   - Update to version 6.0+git.1564435128.cef47cc21:
     * neutron: raise validation error if domain names dont end with a dot(.)

   - Update to version 6.0+git.1564412715.c969e1e11:
     * Fix barbican SSL support (SOC-9298)

   - Update to version 6.0+git.1564039130.9ad11f213:
     * designate: Use server node for VIP look ups (SOC-9631)

   - add cirros-0.4.0-x86_64-disk.img (SOC-9298)
     * the disk img is required to run the barbican tempest test

   - Update to version 6.0+git.1563891318.d41ce2e75:
     * Cleanup clone_stateless_services leftovers (SOC-9842)

   - Update to version 6.0+git.1563439849.5c507bcdb:
     * Fix tempest config for cinder using ceph as backenid (SOC-9298)

   - Update to version 6.0+git.1562841293.9768602a2:
     * swift: Sync HA nodes (SOC-9683)

   - Update to version 6.0+git.1562684470.f5d361077:
     * designate: Fix spelling error inside comments (SOC-6361)

   - Update to version 6.0+git.1562599436.b4c63fc56:
     * case-insensitive when lookup by name (SOC-9339)

   - Update to version 6.0+git.1562319309.98a52a0a3:
     * monasca: move Grafana DB creation

   - Update to version 1.3.0+git.1563181545.65360af5:
     * upgrade: Update repocheck keys
     * Update texts for 8-9 upgrade (SOC-9689)

   - Update to version 1.3.0+git.1562579063.5690a1bc:
     * Pin gulp-angular-templatecache version

   - Bumped package version to 1.3 to differentiate it from 8-9 version

   - Udate to version 2.11.1.dev4
    * Add Cassandra db support
    * Bump the pom version to 1.3.0
   * Remove cassandra.patch (merged upstream)

   - Fix license

   - Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common

   - Update to version ceilometer-11.0.2.dev14:
     * Fixing broken links

   - Update to version ceilometer-11.0.2.dev14:
     * Fixing broken links

   - Update to version cinder-13.0.7.dev3:
     * Prevent double-attachment race in attachment\_reserve

   - Update to version cinder-13.0.7.dev1: 13.0.6
     * Add OS-SCH-HNT in extensions list

   - Update to version cinder-13.0.6.dev16:
     * Revert "Declare multiattach support for HPE MSA"

   - Update to version cinder-13.0.6.dev14:
     * Remove Sheepdog tests from zuul config

   - Update to version cinder-13.0.6.dev13:
     * [VNX] Fix test case issue

   - Update to version cinder-13.0.7.dev3:
     * Prevent double-attachment race in attachment\_reserve

   - Update to version cinder-13.0.7.dev1: 13.0.6
     * Add OS-SCH-HNT in extensions list

   - Update to version cinder-13.0.6.dev16:
     * Revert "Declare multiattach support for HPE MSA"

   - Update to version cinder-13.0.6.dev14:
     * Remove Sheepdog tests from zuul config

   - Update to version cinder-13.0.6.dev13:
     * [VNX] Fix test case issue

     * nimble: Fix missing ssl support (bsc#1027315)
   - Update to version designate-7.0.1.dev21:
     * Improve log message for better understanding

   - Update to version designate-7.0.1.dev21:
     * Improve log message for better understanding

   - Update to version openstack-heat-11.0.3.dev19:
     * Fix allowed address pair validation

   - Update to version openstack-heat-11.0.3.dev18:
     * Show an engine as down if service record is not updated twice
     * Allow update of previously-replaced resources
     * Do not perform the tenant stack limit check for admin user

   - Update to version openstack-heat-11.0.3.dev12:
     * Add entry\_point for oslo policy scripts

   - Update to version openstack-heat-11.0.3.dev10:
     * Don't resolve properties for OS::Heat::None resource

   - Update to version openstack-heat-11.0.3.dev8:
     * Add local bindep.txt and limit bandit version
     * Retry on DB deadlock in event\_create()

   - Update to version openstack-heat-11.0.3.dev19:
     * Fix allowed address pair validation

   - Update to version openstack-heat-11.0.3.dev18:
     * Show an engine as down if service record is not updated twice
     * Allow update of previously-replaced resources
     * Do not perform the tenant stack limit check for admin user

   - Update to version openstack-heat-11.0.3.dev12:
     * Add entry\_point for oslo policy scripts

   - Update to version openstack-heat-11.0.3.dev10:
     * Don't resolve properties for OS::Heat::None resource

   - Update to version openstack-heat-11.0.3.dev8:
     * Add local bindep.txt and limit bandit version
     * Retry on DB deadlock in event\_create()

   - Do not exclude python bytecode files (see
     https://review.opendev.org/#/c/666611 for details)

   - Update to version neutron-lbaas-dashboard-5.0.1.dev7:
     * Update tox.ini for new upper constraints strategy
     * OpenDev Migration Patch

   - Update to latest spec from rpm-packaging
     * Don't exclude python bytecode files in dashboards

   - Update to version ironic-11.1.4.dev9:
     * Filter security group list on the ID's we expect
     * Ansible module: fix deployment for private and/or shared images

   - Update to version ironic-11.1.4.dev5:
     * Ansible driver: fix deployment with serial specified as root device
       hint
     * CI: stop using pyghmi from git master

   - Update to version ironic-11.1.4.dev9:
     * Filter security group list on the ID's we expect
     * Ansible module: fix deployment for private and/or shared images

   - Update to version ironic-11.1.4.dev5:
     * Ansible driver: fix deployment with serial specified as root device
       hint
     * CI: stop using pyghmi from git master

   - Update to version ironic-python-agent-3.3.3.dev4:
     * CI: stop using pyghmi from git master

   - Update to version ironic-python-agent-3.3.3.dev3:
     * Correct formatting of a warning when lshw cannot be run

   - Update to version ironic-python-agent-3.3.3.dev1:
     * Stop logging lshw output, collect it with other logs instead 3.3.2

   - Update to version keystone-14.1.1.dev8:
     * Revert "Blacklist bandit 1.6.0"

   - Update to version keystone-14.1.1.dev8:
     * Revert "Blacklist bandit 1.6.0"

   - Update to version magnum-7.1.1.dev28:
     * Revert "support http/https proxy for discovery url"
     * Use rocky heat-container-agent for stable/rocky

   - Update to version magnum-7.1.1.dev28:
     * Revert "support http/https proxy for discovery url"
     * Use rocky heat-container-agent for stable/rocky

   - Update to version manila-7.3.1.dev3:
     * Remove the redunant table from windows' editor

   - Update to version manila-7.3.1.dev3:
     * Remove the redunant table from windows' editor

   - update to version 1.14.2~dev1
     - [GateFix] Ignore false positive bandit B105 test failure

   - update to version 1.12.1~dev9
     - Update all columns in metrics on an update to refresh TTL

   - update to version 1.12.1~dev7
     - Widen exception catch for point parse failure

   - update to version 1.12.1~dev6
     - some points unable to parse
     - OpenDev Migration Patch

   - Rebased patches:
     + 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
       dropped (merged upstream)

   - Update to version monasca-persister-1.12.1.dev9:
     * Update all columns in metrics on an update to refresh TTL
     * OpenDev Migration Patch

   - Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch

   - Update to version monasca-persister-1.12.1.dev4
     * Java persister config: defaults and robustness
     * Add Cassandra db support
   - Remove java-persister-defaults.patch (merged upstream)
   - Remove cassandra.patch (merged upstream)
   - Add missing URLs for patches

   - Updated to kit tarball built from 1.12.1.dev4
   - Updated README.updating for current version

   - Update to version neutron-13.0.5.dev22:
     * Clear skb mark on encapsulating packets
     * Stop OVS agent before starting it again
     * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
     * fix update port bug

   - Update to version neutron-13.0.5.dev15:
     * Check for agent restarted after checking for DVR port

   - Update to version neutron-13.0.5.dev14:
     * Retry trunk status updates failing with StaleDataError

   - Update to version neutron-13.0.5.dev13:
     * Don't crash ovs agent during reconfigure of phys bridges

   - Update to version neutron-13.0.5.dev12:
     * Use --bind-dynamic with dnsmasq instead of --bind-interfaces
     * Yield control to other greenthreads while processing trusted ports
     * Limit max ports per rpc for dhcp\_ready\_on\_ports()

   - Update to version neutron-13.0.5.dev6:
     * Ignore first local port update notification

   - Update to version neutron-13.0.5.dev5:
     * Add custom ethertype processing 13.0.4

   - Update to version neutron-13.0.5.dev22:
     * Clear skb mark on encapsulating packets
     * Stop OVS agent before starting it again
     * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings
     * fix update port bug

   - Update to version neutron-13.0.5.dev15:
     * Check for agent restarted after checking for DVR port

   - Update to version neutron-13.0.5.dev14:
     * Retry trunk status updates failing with StaleDataError

   - Update to version neutron-13.0.5.dev13:
     * Don't crash ovs agent during reconfigure of phys bridges

   - Update to version neutron-13.0.5.dev12:
     * Use --bind-dynamic with dnsmasq instead of --bind-interfaces
     * Yield control to other greenthreads while processing trusted ports
     * Limit max ports per rpc for dhcp\_ready\_on\_ports()

   - Update to version neutron-13.0.5.dev6:
     * Ignore first local port update notification

   - Update to version neutron-13.0.5.dev5:
     * Add custom ethertype processing 13.0.4

     * When converting sg rules to iptables, do not emit dport if not
       supported (CVE-2019-9735, bsc#1129729)
   - Update to version group-based-policy-5.0.1.dev459:
     * Tempest Scenario test for Connection Tracking

   - Update to version group-based-policy-5.0.1.dev457:
     * Adding icmp\_code and icmp\_type for SG rule
     * A VM could be associated with multiple ports
     * Optimize the extend\_router\_dict() call

   - Update to version group-based-policy-5.0.1.dev451:
     * [AIM] Enhance gbp-validate to detect routed subnet overlap

   - Update to version group-based-policy-5.0.1.dev450:
     * [AIM] Prevent overlapping CIDRs in routed VRF
     * Disallow external subnets as router interfaces

   - Update to version group-based-policy-5.0.1.dev448:
     * Fix issues on sync\_state display on neutron based on AIM status

   - Update to version group-based-policy-5.0.1.dev446:
     * Send the port updates for the SNAT use case if needed
     * Make DHCP provisioning blocks conditional

   - Update to version neutron-lbaas-13.0.1.dev14:
     * Update tox.ini for new upper constraints strategy
     * Remove the release notes job from stable/rocky

   - add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch

   - Update to version neutron-lbaas-13.0.1.dev14:
     * Update tox.ini for new upper constraints strategy
     * Remove the release notes job from stable/rocky

     * Fix doubling allocations on rebuild (CVE-2017-17051,
       bsc#CVE-2017-17051)
   - Update to version octavia-3.1.2.dev8:
     * Add octavia-v2-dsvm jobs to the gate queue

   - Update to version octavia-3.1.2.dev7:
     * Fix for utils LB DM transformation function

   - Update to version octavia-3.1.2.dev5:
     * Update amphora-agent to report UDP listener health

   - Update to version octavia-3.1.2.dev3:
     * Update tox.ini for new upper constraints strategy

   - Add patches fixing tempest cleanup removing all networks
     https://bugs.launchpad.net/tempest/+bug/1812660
     * 0001-Remove-deprecated-services-from-cleanup.patch
     * 0002-Fix-tempest-cleanup.patch
     * 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch

   - Update to version 9.0+git.1566405927.c5c03d4:
     * Adds ipv6 support to baremetal ServersValidator (SOC-9940)

   - Update to version 9.0+git.1565384645.8fcf5db:
     * Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939)

   - Update to version 9.0+git.1564587526.5db9d5d:
     * Flag forward:NORMAL on MANAGEMENT network group (SOC-9939)

   - Update to version 9.0+git.1563384666.4c1a3e5:
     * Bracketed ipv6 addresses for endpoint urls (SOC-9357)

   - added 0001-Fix-volume-revert-to-snapshot-tests.patch

   - update to version 2.5.3
     - Do not try to use /v1/v1 when endpoint_override is used
     - OpenDev Migration Patch

   - added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch

   - added 0001-Use-unicode-literals-in-test_metrics.patch

   - update to version 3.16.2 (bsc#1144027, bsc#1144026)
   - update to version 0.17.3
     - OpenDev Migration Patch
     - Replace openstack.org git:// URLs with https://
     - Fixes for Unicode characters in python 2 requests
     - Fix functional tests on stable/rocky
     - Correct updating baremetal nodes by name or ID
     - Support bare metal service error messages
     - import zuul job settings from project-config
     - Correct update operations for baremetal
     - Add simple create/show/delete functional tests for all baremetal
       resources
     - Add a simple baremetal functional job
     - Pass microversion info through from Profile

   - update to 2.8.4 (SOC-9280)
     * Adding fix for nic\_capacity calculation

   - Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676)
     * python-python-engineio: An issue was discovered in python-engineio
       through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH)
       vulnerability that allows attackers to make WebSocket connections to a
       server

   - Switch to new Gerrit Server

   - Switch to opendev as external projects are not longer synced to github.
     As a result, there is also no automatic change log.
   - Updated to 13.0.1~dev146 (d307746a5)
     * NSX|V3 adminUtils: detect and clean orphaned section rules
     * OpenDev Migration Patch
     * Delete SG rules when deleting their remote group
     * NSX|V3: Limit number of subnet static routes per backend
     * NSX|V: Restrict creating conflicting address_pair in the same network
     * NSX|V3: Add verification of num defined address pairs
     * constrain rocky dependencies
     * Update rocky .gitreview branch
     * Handle multiple default SG creation in all plugins
     * update tox for stable branch
     * NSX|V3: remove redundent code in get_port/s
     * NSX|V3: Change status code of SG failure
     * NSX|V: enable allow_address_pairs upon request
     * Revert "NSX|V3: Simplify LBaaS implementation"
     * NSX|V3: Fix LBaaS loadbalancer creation
     * NSX|V: Init FWaaS callbacks only if enabled
     * NSX|V3: Simplify LBaaS implementation
     * Complete the init of the Neutron main process
     * NSX|V3: Respect default keyword for physical_net
     * NSX|V admin utils: Find and fix spoofguard policies mismatches
     * TVD: Add start_rpc_listeners to the plugin
     * Upgrade appdirs lower constraints
     * NSX|V+V3: relax FWaaS validation
     * Revert "NSX|V3: Init FWaaS before spawn"
     * NSX|V3: prevent user from changing the NSX internal SG
     * Fix provider security group exception call
     * NSX|V3+V: Handle fwaas policy removal
     * NSX|V3: Create port bindings for dhcp ports
     * NSX|V3: Fix LB error handling
     * Fix security group broken code & tests
     * [NSX-V] Ensure binding exists before assigning lswitch_id
     * NSX|V: Fix update section header
     * NSX|V3: Validate FWaaS cidrs
     * Devstack: Delete old project before deciding how to get the new code
     * NSX|V3: Init FWaaS before spawn
     * Devstack: Fix failed of ml2 directory creation
     * Devstack: Fix failed of ml2 directory creation
     * Fix cffi lower constraints
     * NSX|V3: Do not allow external subnets overlapping with uplink cidr
     * Devstack: Fix ml2 config file creation for FWaaS-V2
     * NSX|V3 Support expected codes for LB HM
     * NSX|V3: Fix ipam to check subnets carefully
     * NSX|V3 Fix provider nsx-net create
     * NSX-T: Delete subnet in case of dhcp error
     * Fix Octavia devstack instructions
     * NSX|V3: Fix LB statistics getter
     * NSX|V3: Add L2GW connection validation
     * Devstack: Create ml2 config file for FWaaS-V2
     * NSX|V3: Configure tier0 transit networks
     * Use upper-constraints from stable/rocky
     * fix lower constraints
     * TVD: Add missing VPN driver api
     * NSX|V3: FWaaS translate 0.0.0.0 to Any ip
     * NSX|V use context reader for router driver
     * NSX|V Fix AdminUtils get apis to use the right context
     * TVD LBaaS: fix operational status api
     * Use tenant context to get router GW network
     * NSX-v3: Fix listener for pool not fetched anymore
     * NSX-v3: Prevent comparison with None
     * NSXv: use admin context for metadata port config
     * NSX-v3: Fix LB HTTP/HTTPS monitor impl
     * NSX|V Fix orphaned networks and bindings
     * NSX|V3 Fix dhcp binding rollback
     * NSX|V3: Fix FW(v2) status when deleting an illegal port
     * Ensure NSX VS is always associated with NSX LBS
     * NSX|V3: validate LBaaS NSX stats fields
     * TVD verify loadbalancer project match the LB object project
     * TVD: Do not crash in case the project is not found
     * NSX|V3: Fix member fip error message
     * NSX|V3: Restrict update of LB port with fixed IP
     * NSX|V3 Add NO-NAT rules only for routers with enabled SNAT
     * NSXv: Metadata should complete init
     * TVD: Add LBaaS get_operating_status support
     * NSX|V Fill VIF data for upgraded ports
     * Devstack plugin: fetch Neutron only when needed
     * NSX|V: Improve SG rule service creation
     * NSX|V fix LBaaS operation status function params
     * NSX|V3: Add LB status calls validations
     * NSX|V3 remove lbaas import to allow the plugin to work without lbaas
     * NSX|V Allow updating port security and mac learning together
     * NSX|V3: Change external provider network error message
     * NSX|V+V3: Prevent adding different projects routers to fwaas-V1
     * NSX|V: Fix BGP plugin get operations
     * NSX|V: Validate DVS Id when creating flat/vlan network
     * NSX|V: Fix devstack cleanup for python 3
     * NSX|V3: Check specific exception when deleting dhcp port
     * NSX|V3 Validate rate-limit value in admin utilitiy
     * NSX|V3 adminUtils: Use nsx plugin to get ports
     * NSX|V3: Fail on unsupported QoS rules
     * NSX|V3: VPN connection status update
     * NSX-V3| Fix port MAC learning flag handling
     * NSX|V3 update port revision on update_port response
     * NSX|V: Avoid updating the default section at init
     * NSX|V3: LBaaS operating status support
     * NSX|V3: Fix external LB member create
     * Devstack: Use the right python version in cleanup
     * NSX|V: Fix host groups for DRS HA for AZ
     * NSX|V Fix policy security group update
     * NSX|V+V3 QoS rbac support
     * NSX|V3 update port binding for callbacks notifications
     * NSX|V3: Support new icmp codes and types
     * NSX|V3: Make sure LB member is connected to the LB router
     * NSX|V3: Prevent adding an external net as a router interface
     * NSX|V: Shorten the L2 bridge edge name
     * NSX|V3: Fix port binding update on new ports

   - update to version 13.0.1~dev146

   - Switch to opendev as external projects are not longer synced to github.
     As a result, there is also no automatic change log.
   - update to version 13.0.1~dev24 (ebaacab)
     * updates for stable branch
     * NSX|V3+P: Change max allowed host routes
     * Adding the option to configure disabled mac profile
     * OpenDev Migration Patch
     * NSX|T: Backend parameter for max subnet static routes
     * NSX|T: Add NSX limit of IP address association to port
     * Fix nsgroup update to access the logging field safely
     * Retry http requests on timeouts
     * Added retries if API call fails due to MP cluster reconfig
     * Fix check_manager_status to support older NSX versions
     * Improve Cluster validation checks
     * Add apis to get tier0 uplink cidrs and not just ips
     * Support response status codes for LB HM
     * Add manager status validation to validate connection
     * Handle get_default_headers errors
     * Update the max NS groups criteria tags number dynamically
     * Fix multi-cluster connectivity
     * Amend allowed ICMP types and codes in strict mode
     * Fix cluster connectivity
     * Fix the revision needed for security rules version
     * New api for getting VPN session status
     * New api for getting the LB virtual servers status
     * NSX|V3: Support new icmp codes and types list-

   - update to version 13.0.1~dev24

   - Fix the Requires: format in spec file (bsc#1134232)
   - 3.4.2


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      crowbar-core-6.0+git.1566321308.1de18b9a4-3.6.1
      crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.6.1

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-ha-6.0+git.1566406179.7549de2-3.6.1
      crowbar-openstack-6.0+git.1566404979.41279a88e-3.6.1
      crowbar-ui-1.3.0+git.1563181545.65360af5-3.3.1
      openstack-ceilometer-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
      openstack-ceilometer-polling-11.0.2~dev14-3.6.3
      openstack-cinder-13.0.7~dev3-3.6.3
      openstack-cinder-api-13.0.7~dev3-3.6.3
      openstack-cinder-backup-13.0.7~dev3-3.6.3
      openstack-cinder-scheduler-13.0.7~dev3-3.6.3
      openstack-cinder-volume-13.0.7~dev3-3.6.3
      openstack-designate-7.0.1~dev21-3.6.3
      openstack-designate-agent-7.0.1~dev21-3.6.3
      openstack-designate-api-7.0.1~dev21-3.6.3
      openstack-designate-central-7.0.1~dev21-3.6.3
      openstack-designate-producer-7.0.1~dev21-3.6.3
      openstack-designate-sink-7.0.1~dev21-3.6.3
      openstack-designate-worker-7.0.1~dev21-3.6.3
      openstack-heat-11.0.3~dev19-3.6.3
      openstack-heat-api-11.0.3~dev19-3.6.3
      openstack-heat-api-cfn-11.0.3~dev19-3.6.3
      openstack-heat-engine-11.0.3~dev19-3.6.3
      openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
      openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
      openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
      openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
      openstack-ironic-11.1.4~dev9-3.6.3
      openstack-ironic-api-11.1.4~dev9-3.6.3
      openstack-ironic-conductor-11.1.4~dev9-3.6.3
      openstack-ironic-python-agent-3.3.3~dev4-3.6.3
      openstack-keystone-14.1.1~dev8-3.6.4
      openstack-magnum-7.1.1~dev28-3.6.3
      openstack-magnum-api-7.1.1~dev28-3.6.3
      openstack-magnum-conductor-7.1.1~dev28-3.6.3
      openstack-manila-7.3.1~dev3-4.6.3
      openstack-manila-api-7.3.1~dev3-4.6.3
      openstack-manila-data-7.3.1~dev3-4.6.3
      openstack-manila-scheduler-7.3.1~dev3-4.6.3
      openstack-manila-share-7.3.1~dev3-4.6.3
      openstack-monasca-notification-1.14.2~dev1-6.6.4
      openstack-monasca-persister-1.12.1~dev9-4.3.3
      openstack-monasca-persister-java-1.12.1~dev9-4.3.2
      openstack-neutron-13.0.5~dev22-3.6.3
      openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
      openstack-neutron-gbp-5.0.1~dev459-3.6.3
      openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
      openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
      openstack-neutron-lbaas-13.0.1~dev14-3.6.2
      openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
      openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
      openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
      openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
      openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
      openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
      openstack-neutron-server-13.0.5~dev22-3.6.3
      openstack-nova-18.2.2~dev9-3.6.2
      openstack-nova-api-18.2.2~dev9-3.6.2
      openstack-nova-cells-18.2.2~dev9-3.6.2
      openstack-nova-compute-18.2.2~dev9-3.6.2
      openstack-nova-conductor-18.2.2~dev9-3.6.2
      openstack-nova-console-18.2.2~dev9-3.6.2
      openstack-nova-novncproxy-18.2.2~dev9-3.6.2
      openstack-nova-placement-api-18.2.2~dev9-3.6.2
      openstack-nova-scheduler-18.2.2~dev9-3.6.2
      openstack-nova-serialproxy-18.2.2~dev9-3.6.2
      openstack-nova-vncproxy-18.2.2~dev9-3.6.2
      openstack-octavia-3.1.2~dev8-3.6.3
      openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
      openstack-octavia-api-3.1.2~dev8-3.6.3
      openstack-octavia-health-manager-3.1.2~dev8-3.6.3
      openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
      openstack-octavia-worker-3.1.2~dev8-3.6.3
      openstack-tempest-19.0.0-7.3.3
      openstack-tempest-test-19.0.0-7.3.3
      python-ceilometer-11.0.2~dev14-3.6.3
      python-cinder-13.0.7~dev3-3.6.3
      python-cinder-tempest-plugin-0.1.0-3.3.1
      python-designate-7.0.1~dev21-3.6.3
      python-heat-11.0.3~dev19-3.6.3
      python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
      python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
      python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
      python-ironic-11.1.4~dev9-3.6.3
      python-ironicclient-2.5.3-4.6.2
      python-ironicclient-doc-2.5.3-4.6.2
      python-keystone-14.1.1~dev8-3.6.4
      python-keystonemiddleware-5.2.0-3.3.2
      python-magnum-7.1.1~dev28-3.6.3
      python-manila-7.3.1~dev3-4.6.3
      python-monasca-notification-1.14.2~dev1-6.6.4
      python-monasca-persister-1.12.1~dev9-4.3.3
      python-monasca-tempest-plugin-0.3.0-3.3.1
      python-neutron-13.0.5~dev22-3.6.3
      python-neutron-gbp-5.0.1~dev459-3.6.3
      python-neutron-lbaas-13.0.1~dev14-3.6.2
      python-nova-18.2.2~dev9-3.6.2
      python-octavia-3.1.2~dev8-3.6.3
      python-openstackclient-3.16.2-3.3.2
      python-openstacksdk-0.17.3-3.3.2
      python-proliantutils-2.8.4-3.3.1
      python-tempest-19.0.0-7.3.3
      python-vmware-nsx-13.0.1~dev146-4.3.1
      python-vmware-nsxlib-13.0.1~dev24-3.3.1
      yast2-crowbar-3.4.2-3.3.1

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-ansible-9.0+git.1566374020.301191f-3.6.1
      ardana-barbican-9.0+git.1566251498.be02ca4-3.6.1
      ardana-cinder-9.0+git.1565678764.c3a9b9f-3.6.1
      ardana-cluster-9.0+git.1559333871.40508f7-3.6.1
      ardana-cobbler-9.0+git.1566336494.93967dd-3.6.1
      ardana-db-9.0+git.1564409964.b7e4fc3-3.6.1
      ardana-designate-9.0+git.1565680593.df7a432-3.6.1
      ardana-extensions-nsx-9.0+git.1566213657.69862ab-3.3.2
      ardana-glance-9.0+git.1566375806.f0b2333-3.6.1
      ardana-heat-9.0+git.1565721273.f44b8d7-3.6.1
      ardana-horizon-9.0+git.1565891518.2a545a1-3.6.1
      ardana-input-model-9.0+git.1562848565.91e75b2-3.6.1
      ardana-installer-ui-9.0+git.1566255088.3443670-3.6.1
      ardana-installer-ui-debugsource-9.0+git.1566255088.3443670-3.6.1
      ardana-ironic-9.0+git.1565721987.ddc59c8-3.6.1
      ardana-keystone-9.0+git.1565891593.cad6d1a-3.6.1
      ardana-logging-9.0+git.1565761582.2dc823a-3.6.1
      ardana-magnum-9.0+git.1565762005.016032a-3.6.1
      ardana-monasca-9.0+git.1566332665.ad894c0-3.6.1
      ardana-mq-9.0+git.1565115025.148d092-3.6.1
      ardana-neutron-9.0+git.1566251310.3a1e8f9-3.6.1
      ardana-nova-9.0+git.1566332515.e232568-3.6.1
      ardana-octavia-9.0+git.1566206502.6c87b41-3.6.1
      ardana-opsconsole-9.0+git.1566251377.b1caeaa-3.6.1
      ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.6.1
      ardana-osconfig-9.0+git.1565764394.545b573-3.6.1
      ardana-service-9.0+git.1564706915.edd44c4-3.6.1
      ardana-ses-9.0+git.1565962617.523149b-3.6.1
      ardana-swift-9.0+git.1565891872.73fc3c7-3.6.1
      ardana-swiftlm-drive-provision-9.0+git.1541434883.e0ebe69-3.3.1
      ardana-swiftlm-log-tailer-9.0+git.1541434883.e0ebe69-3.3.1
      ardana-swiftlm-uptime-mon-9.0+git.1541434883.e0ebe69-3.3.1
      ardana-tempest-9.0+git.1566471752.a3c5c9c-3.6.1
      openstack-ceilometer-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
      openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
      openstack-ceilometer-polling-11.0.2~dev14-3.6.3
      openstack-cinder-13.0.7~dev3-3.6.3
      openstack-cinder-api-13.0.7~dev3-3.6.3
      openstack-cinder-backup-13.0.7~dev3-3.6.3
      openstack-cinder-scheduler-13.0.7~dev3-3.6.3
      openstack-cinder-volume-13.0.7~dev3-3.6.3
      openstack-designate-7.0.1~dev21-3.6.3
      openstack-designate-agent-7.0.1~dev21-3.6.3
      openstack-designate-api-7.0.1~dev21-3.6.3
      openstack-designate-central-7.0.1~dev21-3.6.3
      openstack-designate-producer-7.0.1~dev21-3.6.3
      openstack-designate-sink-7.0.1~dev21-3.6.3
      openstack-designate-worker-7.0.1~dev21-3.6.3
      openstack-heat-11.0.3~dev19-3.6.3
      openstack-heat-api-11.0.3~dev19-3.6.3
      openstack-heat-api-cfn-11.0.3~dev19-3.6.3
      openstack-heat-engine-11.0.3~dev19-3.6.3
      openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
      openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
      openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
      openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
      openstack-ironic-11.1.4~dev9-3.6.3
      openstack-ironic-api-11.1.4~dev9-3.6.3
      openstack-ironic-conductor-11.1.4~dev9-3.6.3
      openstack-ironic-python-agent-3.3.3~dev4-3.6.3
      openstack-keystone-14.1.1~dev8-3.6.4
      openstack-magnum-7.1.1~dev28-3.6.3
      openstack-magnum-api-7.1.1~dev28-3.6.3
      openstack-magnum-conductor-7.1.1~dev28-3.6.3
      openstack-manila-7.3.1~dev3-4.6.3
      openstack-manila-api-7.3.1~dev3-4.6.3
      openstack-manila-data-7.3.1~dev3-4.6.3
      openstack-manila-scheduler-7.3.1~dev3-4.6.3
      openstack-manila-share-7.3.1~dev3-4.6.3
      openstack-monasca-notification-1.14.2~dev1-6.6.4
      openstack-monasca-persister-1.12.1~dev9-4.3.3
      openstack-monasca-persister-java-1.12.1~dev9-4.3.2
      openstack-neutron-13.0.5~dev22-3.6.3
      openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
      openstack-neutron-gbp-5.0.1~dev459-3.6.3
      openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
      openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
      openstack-neutron-lbaas-13.0.1~dev14-3.6.2
      openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
      openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
      openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
      openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
      openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
      openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
      openstack-neutron-server-13.0.5~dev22-3.6.3
      openstack-nova-18.2.2~dev9-3.6.2
      openstack-nova-api-18.2.2~dev9-3.6.2
      openstack-nova-cells-18.2.2~dev9-3.6.2
      openstack-nova-compute-18.2.2~dev9-3.6.2
      openstack-nova-conductor-18.2.2~dev9-3.6.2
      openstack-nova-console-18.2.2~dev9-3.6.2
      openstack-nova-novncproxy-18.2.2~dev9-3.6.2
      openstack-nova-placement-api-18.2.2~dev9-3.6.2
      openstack-nova-scheduler-18.2.2~dev9-3.6.2
      openstack-nova-serialproxy-18.2.2~dev9-3.6.2
      openstack-nova-vncproxy-18.2.2~dev9-3.6.2
      openstack-octavia-3.1.2~dev8-3.6.3
      openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
      openstack-octavia-api-3.1.2~dev8-3.6.3
      openstack-octavia-health-manager-3.1.2~dev8-3.6.3
      openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
      openstack-octavia-worker-3.1.2~dev8-3.6.3
      openstack-tempest-19.0.0-7.3.3
      openstack-tempest-test-19.0.0-7.3.3
      python-ardana-configurationprocessor-9.0+git.1566405927.c5c03d4-3.7.1
      python-ceilometer-11.0.2~dev14-3.6.3
      python-cinder-13.0.7~dev3-3.6.3
      python-cinder-tempest-plugin-0.1.0-3.3.1
      python-designate-7.0.1~dev21-3.6.3
      python-heat-11.0.3~dev19-3.6.3
      python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
      python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
      python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
      python-ironic-11.1.4~dev9-3.6.3
      python-ironicclient-2.5.3-4.6.2
      python-ironicclient-doc-2.5.3-4.6.2
      python-keystone-14.1.1~dev8-3.6.4
      python-keystonemiddleware-5.2.0-3.3.2
      python-magnum-7.1.1~dev28-3.6.3
      python-manila-7.3.1~dev3-4.6.3
      python-monasca-notification-1.14.2~dev1-6.6.4
      python-monasca-persister-1.12.1~dev9-4.3.3
      python-monasca-tempest-plugin-0.3.0-3.3.1
      python-neutron-13.0.5~dev22-3.6.3
      python-neutron-gbp-5.0.1~dev459-3.6.3
      python-neutron-lbaas-13.0.1~dev14-3.6.2
      python-nova-18.2.2~dev9-3.6.2
      python-octavia-3.1.2~dev8-3.6.3
      python-openstackclient-3.16.2-3.3.2
      python-openstacksdk-0.17.3-3.3.2
      python-proliantutils-2.8.4-3.3.1
      python-python-engineio-2.0.2-4.3.1
      python-swiftlm-9.0+git.1541434883.e0ebe69-3.3.1
      python-tempest-19.0.0-7.3.3
      python-vmware-nsx-13.0.1~dev146-4.3.1
      python-vmware-nsxlib-13.0.1~dev24-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2015-3448.html
   https://www.suse.com/security/cve/CVE-2017-17051.html
   https://www.suse.com/security/cve/CVE-2019-11236.html
   https://www.suse.com/security/cve/CVE-2019-11324.html
   https://www.suse.com/security/cve/CVE-2019-13611.html
   https://www.suse.com/security/cve/CVE-2019-7164.html
   https://www.suse.com/security/cve/CVE-2019-7548.html
   https://www.suse.com/security/cve/CVE-2019-9735.html
   https://www.suse.com/security/cve/CVE-2019-9740.html
   https://bugzilla.suse.com/1027315
   https://bugzilla.suse.com/1129729
   https://bugzilla.suse.com/1133719
   https://bugzilla.suse.com/1134232
   https://bugzilla.suse.com/1140512
   https://bugzilla.suse.com/1141676
   https://bugzilla.suse.com/1144026
   https://bugzilla.suse.com/1144027



More information about the sle-security-updates mailing list