SUSE-SU-2020:0640-1: important: Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironi c-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 11 11:34:57 MDT 2020


   SUSE Security Update: Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-ne
 tworking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0640-1
Rating:             important
References:         #1077717 #1117080 #1117840 #1123191 #1148158 
                    #1152007 #1154235 #1155089 #1155942 #1156305 
                    #1156669 #1156914 #1157028 #1157206 #1157482 
                    #1158675 #1160048 #1160878 #1160883 #1160895 
                    #1160912 #1161351 #1161517 #1162388 
Cross-References:   CVE-2017-1002201 CVE-2018-17954 CVE-2019-13117
                    CVE-2019-16770 CVE-2019-18901 CVE-2019-2737
                    CVE-2019-2739 CVE-2019-2740 CVE-2019-2758
                    CVE-2019-2805 CVE-2019-2938 CVE-2019-2974
                    CVE-2020-2574 CVE-2020-7595
Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has 10 fixes
   is now available.

Description:

   This update for ardana-cinder, ardana-cobbler, ardana-designate,
   ardana-extensions-example, ardana-extensions-nsx, ardana-glance,
   ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone,
   ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq,
   ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig,
   ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui,
   keepalived, mariadb, openstack-cinder, openstack-dashboard,
   openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates,
   openstack-horizon-plugin-designate-ui,
   openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic,
   openstack-keystone, openstack-monasca-agent, openstack-neutron,
   openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova,
   openstack-octavia, openstack-octavia-amphora-image,
   openstack-resource-agents, openstack-sahara, openstack-trove,
   python-cinderlm, python-congressclient, python-designateclient,
   python-ironic-lib, python-networking-cisco, python-osc-lib,
   python-oslo.context, python-oslo.rootwrap, python-oslo.serialization,
   python-oslo.service, python-stevedore, python-taskflow,
   rubygem-crowbar-client, rubygem-puma, venv-openstack-swift fixes the
   following issues: Security issues fixed:

   The update of rubygem-crowbar-client, rubygem-puma fixes the following
   security issues:
   - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret
     admin passwords to all nodes (bsc#1117080).
   - CVE-2019-16770: Fixed a denial-of-service vulnerability that was
     exploitable by clients sending extraneous keepalive requests
     (bsc#1158675).

   The update of mariadb to 10.2.29 fixes several security issues:
   - CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed
     an attacker to crash the client (bsc#1162388).
   - CVE-2019-18901: Fixed a difficult to exploit vulnerability that allowed
     an attacker to crash the client (bsc#1162388).
   - CVE-2017-1002201: Fixed an issue where special characters did not escpae
     properly (bsc#1155089)
   - CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758,
     CVE-2019-2805, CVE-2019-2938, CVE-2019-2974: Fixed an issue where could
     lead a remote attacker to cause denial of service (bsc#1156669)

   Non-security issues fixed:

   Changes in ardana-cinder:
   - Update to version 8.0+git.1579279939.ee7da88:
     * Add option to flatten snapshots when using SES (SOC-11054)

   - Update to version 8.0+git.1571846011.1a2f62b:
     * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)

   Changes in ardana-cobbler:
   - Update to version 8.0+git.1575037115.0326803:
     * Set root device on SLES autoyast templates (SOC-7365)

   Changes in ardana-designate:
   - Update to version 8.0+git.1573597788.15b7984:
     * Update gerrit location (SOC-9140)

   Changes in ardana-extensions-example:
   - Switch to new Gerrit Server

   - Update to version 8.0+git.1534266307.db1ec28:
     * SCPL-409 Fix .gitreview for stable/pike

   Changes in ardana-extensions-nsx:
   - Update to version 8.0+git.1567529036.a41a037:
     * Update policy json templates for vmware-nsx (SOC-10254)

   - Switch to new Gerrit Server

   Changes in ardana-glance:
   - Update to version 8.0+git.1571846045.ab9e3ea:
     * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)

   Changes in ardana-heat:
   - Update to version 8.0+git.1571777596.14dce6a:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in ardana-input-model:
   - Update to version 8.0+git.1582147997.b9ed134:
     * Enable port security extension neutron (SOC-11027)

   - Update to version 8.0+git.1573658751.38e822a:
     * Move manila share to controller (SOC-10938)

   Changes in ardana-ironic:
   - Update to version 8.0+git.1571845225.006843d:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in ardana-keystone:
   - Update to version 8.0+git.1573147067.09e3ea0:
     * enable debug and insecure_debug on demand (SOC-10934)

   Changes in ardana-logging:
   - Update to version 8.0+git.1572452293.e65d714:
     * use correct Keystone v3 params bsc#1117840 (SOC-9753)

   Changes in ardana-monasca:
   - Update to version 8.0+git.1572527728.9b34bdf:
     * use correct Keystone v3 params bsc#1117840 (SOC-9753)
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in ardana-monasca-transform:
   - Update to version 8.0+git.1571845965.97714fb:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in ardana-mq:
   - Update to version 8.0+git.1581024906.fbf0be3:
     * Ensure HA queue sync wait fails (SOC-11083)
     * Fix HA policy setting comments (SOC-10317, SOC-11082)

   - Update to version 8.0+git.1580853688.4e72fc1:
     * Set HA policy accordingly (SOC-10317, SOC-11082)

   - Update to version 8.0+git.1579014733.a855e3a:
     * Change the HA policy mirror (SOC-10317)

   Changes in ardana-neutron:
   - Update to version 8.0+git.1573050365.ff6fa06:
     * Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230)

   - Update to version 8.0+git.1571846086.19cb7eb:
     * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)

   Changes in ardana-nova:
   - Update to version 8.0+git.1571846125.584d988:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in ardana-octavia:
   - Update to version 8.0+git.1575642049.1f321d0:
     * Change event_streamer_driver to noop (bsc#1154235)

   Changes in ardana-osconfig:
   - Update to version 8.0+git.1581015942.2d21e63:
     * Adjust 'fs.inotify.max_user_instances' to align with crowbar
       (bsc#1161351)

   - Update to version 8.0+git.1580469528.0ac2a8b:
     * Start OVS services before wicked service at boot (SOC-11067)

   Changes in ardana-tempest:
   - Update to version 8.0+git.1579261264.7dd213a:
     * Create network resources needed by some heat tests (SOC-7028)

   - Update to version 8.0+git.1573571182.8fa9823:
     * Restrore designate test (SOC-9753)

   - Update to version 8.0+git.1571846164.6279bc0:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in crowbar-core:
   - Update to version 5.0+git.1582968668.1a55c77c5:
     * Ignore CVE-2020-7595 in CI (bsc#1161517)

   - Update to version 5.0+git.1582543433.f71d39544:
     * Fix deployment queue display (SOC-10741)

   - Update to version 5.0+git.1580209640.80f2ba3d9:
     * network: start OVS before wickedd (SOC-11067)

   - Update to version 5.0+git.1579705862.220974047:
     * dns: add checks to designate migration (SOC-11047)

   - Update to version 5.0+git.1579271614.eac1c490c:
     * upgrade: Add the upgrade menu entry (SOC-11053)
     * upgrade: Fix upgrade link (SOC-11053)

   - Update to version 5.0+git.1578989446.a2d23b7e1:
     * Do not log an error for a case that is correct (trivial)

   - Update to version 5.0+git.1578472131.b88a31055:
     * apache2: Restart after enabling SSL flag (SOC-11029)

   - Update to version 5.0+git.1578295229.96952deab:
     * Avoid nil crash when provisioner attributes are not set (bsc#1160048)

   - Update to version 5.0+git.1578063264.d0223905b:
     * Ignore CVE-2019-16770 (SOC-10999)

   - Update to version 5.0+git.1576053049.a2f4c9820:
     * upgrade: Remove DRBD specific code from the preparation parts
       (SOC-10985)

   - Update to version 5.0+git.1575020613.fc167f4dc:
     * List XEN nodes when failing precheck (trivial)

   - Update to version 5.0+git.1574763025.0a6957f37:
     * Disable installation repository (bsc#1152007)
     * Disable automatic repo services (bsc#1152007)
     * Designate: Don't add the admin node to the public network (SOC-10658)

   - Update to version 5.0+git.1574715523.ee8e58f4b:
     * upgrade: Check the result after commiting proposal (noref)
     * upgrade: Do not try to disable services that might not exist (noref)

   - Update to version 5.0+git.1574667034.76644f658:
     * [upgrade] Remove existing upgrade directories from nodes (SOC-10956)

   - Update to version 5.0+git.1574348992.88de970a6:
     * [upgrade] Wait for keystone to be ready after start (bsc#1157206)

   - Update to version 5.0+git.1574270784.294f0e830:
     * upgrade: Ignore Cloud repository during repocheck (bsc#1152007)

   - Update to version 5.0+git.1574165163.52870c62e:
     * [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942)

   - Update to version 5.0+git.1574103089.1fbb5a51d:
     * Ignore CVE-2019-13117 in CI builds (bsc#1157028)
     * upgrade: Make the time before next upgrade configurable (SOC-10955)
     * upgrade: Make sure cinder-volume is really stopped (bsc#1156305)

   - Update to version 5.0+git.1573110008.449237f0d:
     * Allow pacemaker remotes for upgrade (SOC-10133)
     * upgrade: Precheck for unsaved proposals (SOC-10912)

   - Update to version 5.0+git.1572880575.4a6efa3a1:
     * upgrade: Add a precheck for XEN compute nodes presence (SOC-10495)
     * upgrade: Reload repo config in repochecks (SOC-10718)

   - Update to version 5.0+git.1572097431.519baa552:
     * Ignore CVE-2017-1002201 in CI builds (bsc#1155089)

   - Update to version 5.0+git.1571210032.8648ab99c:
     * Revert "Use block-migration when needed" (SOC-10133)

   Changes in crowbar-ha:
   - Update to version 5.0+git.1574286229.e0364c3:
     * Drop g-haproxy location before group deletion (bsc#1156914)

   Changes in crowbar-openstack:
   - Update to version 5.0+git.1582911795.5081ef1da:
     * designate: Mark as user managed (SOC-10233)
     * Designate: make sure dns-server is active on a non-admin node
       (SOC-10636)

   - Update to version 5.0+git.1580549331.ba1e1a0a3:
     * [5.0] ec2-api: run keystone_register on cluster founder only
       (SOC-11079)

   - Update to version 5.0+git.1579182968.f54cfa8f5:
     * tempest: tempest run filters as templates (SOC-11052)

   - Update to version 5.0+git.1578515319.fdab3a0b2:
     * Install openstack client for neutron recipes (SOC-11039)

   - Update to version 5.0+git.1576764142.8efe58655:
     * Do not read data from barclamp that has not been saved (SOC-11028)

   - Update to version 5.0+git.1576666547.b7a0b8814:
     * Revert "Octavia: Hide UI until complete (SOC-10550)"

   - Update to version 5.0+git.1576250115.67b80cbca:
     * [5.0] tempest: Update default image on schema (SOC-11023)

   - Update to version 5.0+git.1576078873.ecc798ffe:
     * neutron: Revert remove .openrc creation from neutron cookbooks
       (SOC-10378)
     * keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)

   - Update to version 5.0+git.1574927541.694ac3863:
     * designate: move keystone resource lookup to convergence (SOC-10887)

   - Update to version 5.0+git.1574769056.07a7c373e:
     * designate: declare all mdns servers as master on pool config
       (SOC-10952)
     * designate: add support for SSL (SOC-10877)
     * designate: change default configuration (SOC-10899)

   - Update to version 5.0+git.1574421761.ace345683:
     * Add tempest filter for designate (SOC-10288)

   - Update to version 5.0+git.1574359417.113b616b2:
     * horizon: install lbaas horizon dashboard (SOC-10883)

   - Update to version 5.0+git.1572937880.ffb86e88b:
     * Make sure the input file with ssh key exists (SOC-10133)

   - Update to version 5.0+git.1571764038.ad48726d6:
     * mysql: fix WSREP sync race (SOC-10717)
     * mysql: stop service for mysql_install_db (SOC-10717)
     * Do not use obsoleted --endpoint-type option with CLI

   - Update to version 5.0+git.1571323259.7402ef5eb:
     * [5.0] Tempest: blacklist test_volume_boot_pattern (SOC-10874)

   - Update to version 5.0+git.1571241534.f4af21325:
     * rabbitmq: fix migration 200 (SOC-10623)
     * Fix Cloud 8 no-op migrations (SOC-10623)
     * neutron-lbaas: remove loadbalancer/pool limit
     * [5.0] Configurable timeout for Galera pre-sync

   - Update to version 5.0+git.1571138324.edb9e8b56:
     * horizon: tighten check for existence of monasca while deploying grafana
     * monasca: improve detection if monasca-server is available
     * monasca: install agent before run setup monitors in server
     * Monasca: Handle node reinstall (jsc#SOC-10440, bsc#1148158 )

   - Update to version 5.0+git.1570618886.06022a6ef:
     * glance: Set barbican auth endpoint (bsc#1123191, SOC-10844)
     * tempest: Add barbican run_filters from ardana (SOC-10844)
     * Fix nova tempest tests (SOC-9298, SOC-10844)

   - Update to version 5.0+git.1570505588.4bdc5aa6f:
     * No rndc key if no public DNS server (SOC-10835)

   Changes in crowbar-ui:
   - Update to version 1.2.0+git.1575896697.a01a3a08:
     * upgrade: Added missing error title
     * travis: Stop testing against nodejs4

   - Update to version 1.2.0+git.1572871359.50fc6087:
     * Add title for XEN compute nodes precheck (SOC-10495)

   Changes in keepalived:
   - update to 2.0.19
   - new BR pkgconfig(libnftnl) to fix nftables support
   - add nftables to the BR
   - added patch
     * linux-4.15.patch
   - add buildrequires for file-devel
     - used in the checker to verify scripts
   - enable json stats and config dump support new BR: pkgconfig(json-c)
   - enable http regexp support: new BR pcre2-devel
   - disable dbus instance creation support as it is marked as dangerous
   - Add BFD build option to keepalived.spec rpm file Issue #1114 identified
     that the keepalived.spec file was not being generated to build BFD
     support even if keepalived had been configured to support it.
   - full changelog https://keepalived.org/changelog.html

   Changes in mariadb:
   - update to 10.2.31 GA [bsc#1162388]
     * Fixes for the following security vulnerabilities:
       * 10.2.31: CVE-2020-2574
       * 10.2.30: none
     * release notes and changelog:
       https://mariadb.com/kb/en/library/mariadb-10231-release-notes
       https://mariadb.com/kb/en/library/mariadb-10231-changelog
       https://mariadb.com/kb/en/library/mariadb-10230-release-notes
       https://mariadb.com/kb/en/library/mariadb-10230-changelog
   - refresh mariadb-10.1.12-deharcode-libdir.patch
   - remove mariadb-10.2.29-bufferoverflowstrncat.patch (upstreamed)
   - pack pam_user_map.so module in the /%{_lib}/security directory and
     user_map.conf configuration file in the /etc/security directory

   - fix race condition with mysql_upgrade_info status file by moving it to
     the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895]
   - move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to
     /var/lib/misc/.mariadb_run_upgrade so the mysql user can't use it for a
     symlink attack [bsc#1160912]

   - on BTRFS systems /var/lib/mysql is created as a subvolume with 755
     permissions during the system installaion. Fix it to 700 as
     mysql_install_db doesn't do it [bsc#1077717]
   - add important options to mariadb.service and mariadb at .service
     (ProtectSystem, ProtectHome and UMask) [bsc#1160878]
   - mysql-systemd-helper: use systemd-tmpfiles instead of shell script
     operations for a cleaner and safer creating of /run/mysql [bsc#1160883]

   - update to 10.2.29 GA
     * Fixes for the following security vulnerabilities:
       * 10.2.29: none
       * 10.2.28: CVE-2019-2974, CVE-2019-2938
       * 10.2.27: none
       * 10.2.26: CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737,
         CVE-2019-2758
     * release notes and changelog:
       https://mariadb.com/kb/en/library/mariadb-10229-release-notes
       https://mariadb.com/kb/en/library/mariadb-10229-changelog
       https://mariadb.com/kb/en/library/mariadb-10228-release-notes
       https://mariadb.com/kb/en/library/mariadb-10228-changelog
       https://mariadb.com/kb/en/library/mariadb-10227-release-notes
       https://mariadb.com/kb/en/library/mariadb-10227-changelog
       https://mariadb.com/kb/en/library/mariadb-10226-release-notes
       https://mariadb.com/kb/en/library/mariadb-10226-changelog
   - refresh mariadb-10.0.15-logrotate-su.patch mariadb-10.2.4-logrotate.patch
   - add mariadb-10.2.29-bufferoverflowstrncat.patch to fix "Statement might
     be overflowing a buffer in strncat" error
   - tracker bug [bsc#1156669]
   - add main.gis_notembedded to the skipped tests (fails when latin1 is not
     set)

   Changes in openstack-cinder:
   - Update to version cinder-11.2.3.dev23:
     * Fix handling of 'cinder\_encryption\_key\_id' image metadata

   - Update to version cinder-11.2.3.dev21:
     * Add retry to LVM deactivation

   - Update to version cinder-11.2.3.dev19:
     * Fix ceph: only close rbd image after snapshot iteration is finished

   - Update to version cinder-11.2.3.dev17:
     * Exclude disabled API versions from listing

   Changes in openstack-cinder:
   - Update to version cinder-11.2.3.dev23:
     * Fix handling of 'cinder\_encryption\_key\_id' image metadata

   - Update to version cinder-11.2.3.dev21:
     * Add retry to LVM deactivation

   - Update to version cinder-11.2.3.dev19:
     * Fix ceph: only close rbd image after snapshot iteration is finished

   - Update to version cinder-11.2.3.dev17:
     * Exclude disabled API versions from listing

   Changes in openstack-dashboard:
   - Update to version horizon-12.0.5.dev2:
     * Use python 2.7 as the default interpreter in tox
     * OpenDev Migration Patch 12.0.4

   Changes in openstack-dashboard-theme-SUSE:
   - Update to version 2017.2+git.1573629528.6b21fa5:
     * SCRD-7984 fixed help links

   Changes in openstack-heat:
   - Update to version heat-9.0.8.dev22:
     * Do deepcopy when copying templates

   - Update to version heat-9.0.8.dev21:
     * Set stack.thread\_group\_mgr for cancel\_update
     * Eliminate client race condition in convergence delete
     * Delete snapshots using contemporary resources

   - Update to version heat-9.0.8.dev15:
     * Unskip StackSnapshotRestoreTest

   - Update to version heat-9.0.8.dev14:
     * Fix translate tenants in flavor

   Changes in openstack-heat:
   - Update to version heat-9.0.8.dev22:
     * Do deepcopy when copying templates

   - Update to version heat-9.0.8.dev21:
     * Set stack.thread\_group\_mgr for cancel\_update
     * Eliminate client race condition in convergence delete
     * Delete snapshots using contemporary resources

   - Update to version heat-9.0.8.dev15:
     * Unskip StackSnapshotRestoreTest

   - Update to version heat-9.0.8.dev14:
     * Fix translate tenants in flavor

   Changes in openstack-heat-templates:
   - Update to version 0.0.0+git.1560033670.e3b5a52:
     * Add example for running Zun container
     * OpenDev Migration Patch
     * Replace openstack.org git:// URLs with https://
     * Remove docs, deprecated hooks, tests
     * Update the bugs link to storyboard
     * Use octavia resources for autoscaling example
     * Fix the incorrect cirros default password

   Changes in openstack-horizon-plugin-designate-ui:
   - Update to version designate-dashboard-5.0.3.dev2:
     * Fix list zones updated at same time
     * OpenDev Migration Patch 5.0.2

   Changes in openstack-horizon-plugin-neutron-lbaas-ui:
   - Add _1481_project_ng_loadbalancersv2_panel.pyc file to package
     (SOC-10883) The .pyc file needs to be removed when the package is
     uninstalled,
   otherwise the panel will remain enabled in the dashboard and cause errors.

   Changes in openstack-ironic:
   - Update to version ironic-9.1.8.dev8:
     * Place upper bound on python-dracclient version

   Changes in openstack-ironic:
   - Update to version ironic-9.1.8.dev8:
     * Place upper bound on python-dracclient version

   Changes in openstack-keystone:
   - Update to version keystone-12.0.4.dev5:
     * Import LDAP job into project

   Changes in openstack-keystone:
   - Update to version keystone-12.0.4.dev5:
     * Import LDAP job into project

   Changes in openstack-monasca-agent:
   - Added dependency:
     * fdupes
     * pwdutils and shadow-utils for useradd/groupadd

   - added 0001-add-X.509-certificate-check-plugin.patch

   Changes in openstack-neutron:
   - Update to version neutron-11.0.9.dev60:
     * Set DB retry for quota\_enforcement pecan\_wsgi hook

   - Update to version neutron-11.0.9.dev58:
     * don't clear skb mark when ovs is hw-offload enabled

   - Update to version neutron-11.0.9.dev57:
     * doc: add known limitation about attaching SR-IOV ports

   - Update to version neutron-11.0.9.dev56:
     * raise priority of dead vlan drop

   - Update to version neutron-11.0.9.dev54:
     * [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled

   - Update to version neutron-11.0.9.dev52:
     * Initialize phys bridges before setup\_rpc

   Changes in openstack-neutron:
   - Update neutron-ha-tool to latest version:
     * Add DHCP agent evacuation (SOC-11046)

   - Update to version neutron-11.0.9.dev60:
     * Set DB retry for quota\_enforcement pecan\_wsgi hook

   - Update to version neutron-11.0.9.dev58:
     * don't clear skb mark when ovs is hw-offload enabled

   - neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of
     https://review.opendev.org/#/c/695867/

   - Update to version neutron-11.0.9.dev57:
     * doc: add known limitation about attaching SR-IOV ports

   - Update to version neutron-11.0.9.dev56:
     * raise priority of dead vlan drop

   - Update to version neutron-11.0.9.dev54:
     * [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled

   - Update to version neutron-11.0.9.dev52:
     * Initialize phys bridges before setup\_rpc

   Changes in openstack-neutron-gbp:
   - Update to version group-based-policy-7.3.1.dev72:
     * Refactor static path code

   - Update to version group-based-policy-7.3.1.dev71:
     * Support named ip protocols for SecurityGroupRules

   - Update to version group-based-policy-7.3.1.dev70:
     * Allow both FIP and SNAT on a single port

   - Update to version group-based-policy-7.3.1.dev69:
     * Fix active-active AAP RPC query

   - Update to version group-based-policy-7.3.1.dev67:
     * [AIM] Add extra provided/consumed contracts to network extension

   - Update to version group-based-policy-7.3.1.dev66:
     * Active active AAP feature

   - Update to version group-based-policy-7.3.1.dev64:
     * Support cache option for legacy GBP driver

   - Update to version group-based-policy-7.3.1.dev63:
     * Fix host ID length in VM names table

   - Update to version group-based-policy-7.3.1.dev62:
     * Update\_proj\_descr in apic when project description is updated in os

   - Update to version group-based-policy-7.3.1.dev61:
     * Send port notifications when host\_route is getting updated
     * Provide a control knob to use the internal EP interface

   - Update to version group-based-policy-7.3.1.dev57:
     * Fix pep8 failures seen on submitted patches

   Changes in openstack-neutron-vsphere:
   - Update to version networking-vsphere-2.0.1.dev133:
     * Update to use Agent model from neutron.db.models
     * Fix neutron-dvs-agent startup errors
     * OpenDev Migration Patch
   - Remove 0001-fix-dvs-agent-config.patch as changes had been backported to
     stable/pike
      - See https://review.opendev.org/#/c/682482

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev49:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version nova-16.1.9.dev48:
     * Avoid redundant initialize\_connection on source post live migration
     * Error out interrupted builds
     * Skip checking of target\_dev for vhostuser
     * Functional reproduce for bug 1833581
     * Prevent init\_host test to interfere with other tests
     * Add functional test for resize crash compute restart revert
     * Move restart\_compute\_service to a common place
     * lxc: make use of filter python3 compatible
     * cleanup evacuated instances not on hypervisor
     * Delete resource providers for all nodes when deleting compute service

   - Update to version nova-16.1.9.dev30:
     * Explicitly fail if trying to attach SR-IOV port
     * Stabilize unshelve notification sample tests

   - Update to version nova-16.1.9.dev26:
     * Fix listing deleted servers with a marker
     * Add functional regression test for bug 1849409

   - Update to version nova-16.1.9.dev22:
     * Hook resource\_tracker to remove stale node information

   - Update to version nova-16.1.9.dev20:
     * Workaround missing RequestSpec.instance\_group.uuid
     * Add regression recreate test for bug 1830747

   - Update to version nova-16.1.9.dev16:
     * Changing scheduler sync event from INFO to DEBUG

   - Update to version nova-16.1.9.dev14:
     * Only nil az during shelve offload
     * Delete instance\_id\_mappings record in instance\_destroy

   - Update to version nova-16.1.9.dev11:
     * Revert "openstack server create" to "nova boot" in nova docs
     * doc: fix and clarify --block-device usage in user docs

   - Update to version nova-16.1.9.dev8:
     * Functional reproduce for bug 1852207

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev49:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version nova-16.1.9.dev48:
     * Avoid redundant initialize\_connection on source post live migration
     * Error out interrupted builds
     * Skip checking of target\_dev for vhostuser
     * Functional reproduce for bug 1833581
     * Prevent init\_host test to interfere with other tests
     * Add functional test for resize crash compute restart revert
     * Move restart\_compute\_service to a common place
     * lxc: make use of filter python3 compatible
     * cleanup evacuated instances not on hypervisor
     * Delete resource providers for all nodes when deleting compute service

   - Update to version nova-16.1.9.dev30:
     * Explicitly fail if trying to attach SR-IOV port
     * Stabilize unshelve notification sample tests

   - Update to version nova-16.1.9.dev26:
     * Fix listing deleted servers with a marker
     * Add functional regression test for bug 1849409

   - Update to version nova-16.1.9.dev22:
     * Hook resource\_tracker to remove stale node information

   - Update to version nova-16.1.9.dev20:
     * Workaround missing RequestSpec.instance\_group.uuid
     * Add regression recreate test for bug 1830747

   - Update to version nova-16.1.9.dev16:
     * Changing scheduler sync event from INFO to DEBUG

   - Update to version nova-16.1.9.dev14:
     * Only nil az during shelve offload
     * Delete instance\_id\_mappings record in instance\_destroy

   - Update to version nova-16.1.9.dev11:
     * Revert "openstack server create" to "nova boot" in nova docs
     * doc: fix and clarify --block-device usage in user docs

   - Update to version nova-16.1.9.dev8:
     * Functional reproduce for bug 1852207

   Changes in openstack-octavia:
   - Update to version octavia-1.0.6.dev3:
     * Fix urgent amphora two-way auth security bug

   Changes in openstack-octavia-amphora-image:
   - Update image to 0.1.2 to include udated keepalived 2.0.19

   - Update image to 0.1.1 to include latest changes

   - Add keepalived service Changes in openstack-resource-agents:
   - Update to version 1.0+git.1569436425.8b9c49f:
     * Add a configurable delay to Nova Evacuate calls
     * OpenDev Migration Patch
     * NovaEvacuate: fix a syntax error
     * NovaEvacuate: Support the new split-out IHA fence agents with
       backwards compatibility
     * NovaEvacuate: Correctly handle stopped hypervisors
     * neutron-ha-tool: do not replicate dhcp
     * NovaCompute: Support parsing host option from /etc/nova/nova.conf.d
     * NovaCompute: Use variable to avoid calling crudini a second time
     * NovaEvacuate: Allow debug logging to be turned on easily

   Changes in openstack-sahara:
   - Update to version sahara-7.0.5.dev4:
     * Run sahara-scenario using Python 3
     * Enforce python 2 for documentation build
     * Fix requirements(bandit)
     * OpenDev Migration Patch 7.0.4

   Changes in openstack-sahara:
   - Update to version sahara-7.0.5.dev4:
     * Run sahara-scenario using Python 3
     * Enforce python 2 for documentation build
     * Fix requirements (bandit)
     * OpenDev Migration Patch 7.0.4

   Changes in openstack-trove:
   - Update to version trove-8.0.2.dev2:
     * Add local bindep.txt
     * OpenDev Migration Patch 8.0.1

   Changes in openstack-trove:
   - Update to version trove-8.0.2.dev2:
     * Add local bindep.txt
     * OpenDev Migration Patch 8.0.1

   Changes in python-cinderlm:
   - Update to version 0.0.2+git.1571845893.27f0b7b:
     * SCRD-4764 remove V2.0 auth end points (SOC-9753)

   Changes in python-congressclient:
   - update to version 1.8.1
     - Update .gitreview for stable/pike
     - Update UPPER_CONSTRAINTS_FILE for stable/pike
     - import zuul job settings from project-config
     - Updated from global requirements

   Changes in python-designateclient:
   - update to version 2.7.1
     - Update .gitreview for stable/pike
     - Updated from global requirements
     - import zuul job settings from project-config
     - Update UPPER_CONSTRAINTS_FILE for stable/pike
     - server-get/update show wrong values about 'id' and 'update_at'

   Changes in python-ironic-lib:
   - update to version 2.10.2
     - Replace openstack.org git:// URLs with https://
     - Make search for config drive partition case insensitive
     - Revert "Use dd conv=sparse when writing images to nodes"
     - Check GPT table with sgdisk insread of partprobe
     - Avoid tox_install.sh for constraints support
     - Fix GPT bug with whole disk images
     - import zuul job settings from project-config

   Changes in python-networking-cisco:
   - Update to version networking-cisco-6.1.1.dev65:
     * Nexus: Add CA Bundle path to https doc
     * Improve Nexus Ironic related doc and logs
     * Upgrade release notes to include Tripleo/puppet
     * Fix socket not closed errors in unit test logs
     * Add release note about adding support for Rocky OpenStack
     * Update publish-openstack-python-branch-tarball job
     * Remove MultiConfigParser from SAF application
     * More fixes for networking\_cisco rocky support
     * Remove MultiConfigParser from the device manger config loader
     * Ensure CFG agent is started after neutron config is written
     * Removed older version of python added 3.5
     * Begin process of supporting neutron Rocky
     * Typo in tar command in doc install guide
     * Add cisco providernet extension to Nexus doc
     * Add missing policy to fix stable/queens unit tests
     * Pin stestr version (1.1.0) for Mitaka
     * Fix places in ucsm network driver using .ucsm instead of .ucsms
     * Fix doc build under python3
     * Fix mitaka bug with NeutronWorker missing parameter
     * Eliminate 30 sec delay for Nexus replay thread
     * Fix foreign key constraint violation while creating primary key with
       subnet\_id
     * Put upper constraint on ncclient version to prevent breakages
     * Improvements to the networking-cisco zuul jobs
     * Remove deprecated host/interface map config
     * Include device manager configuration file when starting config agent
     * Fix pep8 and other tox environments locally
     * Add rocky to CI
     * Add bandit to tox and resolve Nexus SA errors
     * Deprecate old ML2 Nexus/UCSM documentation file
     * Secure Nexus https certificates by default
   - Add tempest_plugin subpackage

   Changes in python-osc-lib:
   - update to version 1.7.1
     - import zuul job settings from project-config
     - Update UPPER_CONSTRAINTS_FILE for stable/pike
     - Updated from global requirements
     - Update .gitreview for stable/pike
     - Avoid tox_install.sh for constraints support

   Changes iython-oslo.context:
   - update to version 2.17.2
     - Fix sphinx-docs job for stable branch
     - import zuul job settings from project-config

   Changes in python-oslo.rootwrap:
   - update to version 5.9.3
     - Avoid tox_install.sh for constraints support
     - Follow the new PTI for document build
     - import zuul job settings from project-config

   Changes in python-oslo.serialization:
   - update to version 2.20.3
     - import zuul job settings from project-config
     - Fix sphinx-docs job for stable branch

   Changes in python-oslo.service:
   - update to version 1.25.2
     - import zuul job settings from project-config
     - Fix sphinx-docs job for stable branch

   Changes in python-stevedore:
   - update to version 1.25.2
     - move doc requirements to doc/requirements.txt
     - Use stable branch for upper-constraints
     - remove duplicate sphinx dependency
     - Avoid tox_install.sh for constraints support
     - import zuul job settings from project-config

   Changes in python-taskflow:
   - update to version 2.14.2
     - don't let tox_install.sh error if there is nothing to do
     - import zuul job settings from project-config
     - Updated from global requirements
     - Use doc/requirements.txt

   Changes in rubygem-crowbar-client:
   - Update to 3.9.1
     - Fix repocheck table output (SOC-10718)
     - Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)

   Changes in rubygem-puma:
   - Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This
     patch fixes a DoS vulnerability a malicious client could use to block a
     large amount of threads.

   Changes in venv-openstack-swift:
   - Fix lower version numver after inheriting the version from main
     component (SCRD-8523)

   - Revert: "Inherit version number of venv from main component (SCRD-8523)"
     as zypper reports the new version number as older than what is released

   - Inherit version number of venv from main component (SCRD-8523)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-640=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2020-640=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2020-640=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      crowbar-core-5.0+git.1582968668.1a55c77c5-3.35.4
      crowbar-core-branding-upstream-5.0+git.1582968668.1a55c77c5-3.35.4
      keepalived-2.0.19-3.6.3
      keepalived-debuginfo-2.0.19-3.6.3
      keepalived-debugsource-2.0.19-3.6.3
      mariadb-10.2.31-4.17.3
      mariadb-client-10.2.31-4.17.3
      mariadb-client-debuginfo-10.2.31-4.17.3
      mariadb-debuginfo-10.2.31-4.17.3
      mariadb-debugsource-10.2.31-4.17.3
      mariadb-galera-10.2.31-4.17.3
      mariadb-tools-10.2.31-4.17.3
      mariadb-tools-debuginfo-10.2.31-4.17.3
      ruby2.1-rubygem-crowbar-client-3.9.1-3.9.3
      ruby2.1-rubygem-puma-2.16.0-3.3.3
      ruby2.1-rubygem-puma-debuginfo-2.16.0-3.3.3
      rubygem-puma-debugsource-2.16.0-3.3.3

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      crowbar-ha-5.0+git.1574286229.e0364c3-3.29.3
      crowbar-openstack-5.0+git.1582911795.5081ef1da-4.34.3
      crowbar-ui-1.2.0+git.1575896697.a01a3a08-3.15.3
      mariadb-errormessages-10.2.31-4.17.3
      openstack-cinder-11.2.3~dev23-3.24.4
      openstack-cinder-api-11.2.3~dev23-3.24.4
      openstack-cinder-backup-11.2.3~dev23-3.24.4
      openstack-cinder-doc-11.2.3~dev23-3.24.3
      openstack-cinder-scheduler-11.2.3~dev23-3.24.4
      openstack-cinder-volume-11.2.3~dev23-3.24.4
      openstack-dashboard-12.0.5~dev2-3.23.4
      openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3
      openstack-heat-9.0.8~dev22-3.27.4
      openstack-heat-api-9.0.8~dev22-3.27.4
      openstack-heat-api-cfn-9.0.8~dev22-3.27.4
      openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
      openstack-heat-doc-9.0.8~dev22-3.27.3
      openstack-heat-engine-9.0.8~dev22-3.27.4
      openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
      openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
      openstack-heat-test-9.0.8~dev22-3.27.4
      openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      openstack-ironic-9.1.8~dev8-3.24.4
      openstack-ironic-api-9.1.8~dev8-3.24.4
      openstack-ironic-conductor-9.1.8~dev8-3.24.4
      openstack-ironic-doc-9.1.8~dev8-3.24.3
      openstack-keystone-12.0.4~dev5-5.30.4
      openstack-keystone-doc-12.0.4~dev5-5.30.3
      openstack-monasca-agent-2.2.5~dev5-3.15.2
      openstack-neutron-11.0.9~dev60-3.27.4
      openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
      openstack-neutron-doc-11.0.9~dev60-3.27.3
      openstack-neutron-gbp-7.3.1~dev72-3.12.3
      openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
      openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
      openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
      openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
      openstack-neutron-server-11.0.9~dev60-3.27.4
      openstack-neutron-vsphere-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
      openstack-nova-16.1.9~dev49-3.32.4
      openstack-nova-api-16.1.9~dev49-3.32.4
      openstack-nova-cells-16.1.9~dev49-3.32.4
      openstack-nova-compute-16.1.9~dev49-3.32.4
      openstack-nova-conductor-16.1.9~dev49-3.32.4
      openstack-nova-console-16.1.9~dev49-3.32.4
      openstack-nova-consoleauth-16.1.9~dev49-3.32.4
      openstack-nova-doc-16.1.9~dev49-3.32.3
      openstack-nova-novncproxy-16.1.9~dev49-3.32.4
      openstack-nova-placement-api-16.1.9~dev49-3.32.4
      openstack-nova-scheduler-16.1.9~dev49-3.32.4
      openstack-nova-serialproxy-16.1.9~dev49-3.32.4
      openstack-nova-vncproxy-16.1.9~dev49-3.32.4
      openstack-octavia-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
      openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
      openstack-octavia-api-1.0.6~dev3-4.21.3
      openstack-octavia-health-manager-1.0.6~dev3-4.21.3
      openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
      openstack-octavia-worker-1.0.6~dev3-4.21.3
      openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
      openstack-sahara-7.0.5~dev4-3.12.4
      openstack-sahara-api-7.0.5~dev4-3.12.4
      openstack-sahara-doc-7.0.5~dev4-3.12.3
      openstack-sahara-engine-7.0.5~dev4-3.12.4
      openstack-trove-8.0.2~dev2-3.12.3
      openstack-trove-api-8.0.2~dev2-3.12.3
      openstack-trove-conductor-8.0.2~dev2-3.12.3
      openstack-trove-doc-8.0.2~dev2-3.12.3
      openstack-trove-guestagent-8.0.2~dev2-3.12.3
      openstack-trove-taskmanager-8.0.2~dev2-3.12.3
      python-cinder-11.2.3~dev23-3.24.4
      python-congressclient-1.8.1-3.3.4
      python-designateclient-2.7.1-3.3.4
      python-designateclient-doc-2.7.1-3.3.4
      python-freezegun-0.3.9-1.3.3
      python-heat-9.0.8~dev22-3.27.4
      python-horizon-12.0.5~dev2-3.23.4
      python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      python-ironic-9.1.8~dev8-3.24.4
      python-ironic-lib-2.10.2-3.3.3
      python-keystone-12.0.4~dev5-5.30.4
      python-monasca-agent-2.2.5~dev5-3.15.2
      python-networking-cisco-6.1.1~dev65-3.3.3
      python-networking-vsphere-2.0.1~dev133-3.12.3
      python-neutron-11.0.9~dev60-3.27.4
      python-neutron-gbp-7.3.1~dev72-3.12.3
      python-nova-16.1.9~dev49-3.32.4
      python-octavia-1.0.6~dev3-4.21.3
      python-osc-lib-1.7.1-3.3.3
      python-oslo.context-2.17.2-3.3.3
      python-oslo.rootwrap-5.9.3-3.3.3
      python-oslo.serialization-2.20.3-3.3.3
      python-oslo.service-1.25.2-3.3.3
      python-sahara-7.0.5~dev4-3.12.4
      python-stevedore-1.25.2-3.3.3
      python-taskflow-2.14.2-3.3.3
      python-trove-8.0.2~dev2-3.12.3

   - SUSE OpenStack Cloud 8 (x86_64):

      keepalived-2.0.19-3.6.3
      keepalived-debuginfo-2.0.19-3.6.3
      keepalived-debugsource-2.0.19-3.6.3
      mariadb-10.2.31-4.17.3
      mariadb-client-10.2.31-4.17.3
      mariadb-client-debuginfo-10.2.31-4.17.3
      mariadb-debuginfo-10.2.31-4.17.3
      mariadb-debugsource-10.2.31-4.17.3
      mariadb-galera-10.2.31-4.17.3
      mariadb-tools-10.2.31-4.17.3
      mariadb-tools-debuginfo-10.2.31-4.17.3

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3
      ardana-cobbler-8.0+git.1575037115.0326803-3.41.3
      ardana-designate-8.0+git.1573597788.15b7984-3.17.3
      ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3
      ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4
      ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3
      ardana-heat-8.0+git.1571777596.14dce6a-3.15.3
      ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3
      ardana-ironic-8.0+git.1571845225.006843d-3.9.3
      ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3
      ardana-logging-8.0+git.1572452293.e65d714-3.21.3
      ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3
      ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3
      ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3
      ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3
      ardana-nova-8.0+git.1571846125.584d988-3.38.3
      ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3
      ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3
      ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3
      mariadb-errormessages-10.2.31-4.17.3
      openstack-cinder-11.2.3~dev23-3.24.4
      openstack-cinder-api-11.2.3~dev23-3.24.4
      openstack-cinder-backup-11.2.3~dev23-3.24.4
      openstack-cinder-doc-11.2.3~dev23-3.24.3
      openstack-cinder-scheduler-11.2.3~dev23-3.24.4
      openstack-cinder-volume-11.2.3~dev23-3.24.4
      openstack-dashboard-12.0.5~dev2-3.23.4
      openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3
      openstack-heat-9.0.8~dev22-3.27.4
      openstack-heat-api-9.0.8~dev22-3.27.4
      openstack-heat-api-cfn-9.0.8~dev22-3.27.4
      openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
      openstack-heat-doc-9.0.8~dev22-3.27.3
      openstack-heat-engine-9.0.8~dev22-3.27.4
      openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
      openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
      openstack-heat-test-9.0.8~dev22-3.27.4
      openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      openstack-ironic-9.1.8~dev8-3.24.4
      openstack-ironic-api-9.1.8~dev8-3.24.4
      openstack-ironic-conductor-9.1.8~dev8-3.24.4
      openstack-ironic-doc-9.1.8~dev8-3.24.3
      openstack-keystone-12.0.4~dev5-5.30.4
      openstack-keystone-doc-12.0.4~dev5-5.30.3
      openstack-monasca-agent-2.2.5~dev5-3.15.2
      openstack-neutron-11.0.9~dev60-3.27.4
      openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
      openstack-neutron-doc-11.0.9~dev60-3.27.3
      openstack-neutron-gbp-7.3.1~dev72-3.12.3
      openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
      openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
      openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
      openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
      openstack-neutron-server-11.0.9~dev60-3.27.4
      openstack-neutron-vsphere-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
      openstack-nova-16.1.9~dev49-3.32.4
      openstack-nova-api-16.1.9~dev49-3.32.4
      openstack-nova-cells-16.1.9~dev49-3.32.4
      openstack-nova-compute-16.1.9~dev49-3.32.4
      openstack-nova-conductor-16.1.9~dev49-3.32.4
      openstack-nova-console-16.1.9~dev49-3.32.4
      openstack-nova-consoleauth-16.1.9~dev49-3.32.4
      openstack-nova-doc-16.1.9~dev49-3.32.3
      openstack-nova-novncproxy-16.1.9~dev49-3.32.4
      openstack-nova-placement-api-16.1.9~dev49-3.32.4
      openstack-nova-scheduler-16.1.9~dev49-3.32.4
      openstack-nova-serialproxy-16.1.9~dev49-3.32.4
      openstack-nova-vncproxy-16.1.9~dev49-3.32.4
      openstack-octavia-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
      openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
      openstack-octavia-api-1.0.6~dev3-4.21.3
      openstack-octavia-health-manager-1.0.6~dev3-4.21.3
      openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
      openstack-octavia-worker-1.0.6~dev3-4.21.3
      openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
      openstack-sahara-7.0.5~dev4-3.12.4
      openstack-sahara-api-7.0.5~dev4-3.12.4
      openstack-sahara-doc-7.0.5~dev4-3.12.3
      openstack-sahara-engine-7.0.5~dev4-3.12.4
      openstack-trove-8.0.2~dev2-3.12.3
      openstack-trove-api-8.0.2~dev2-3.12.3
      openstack-trove-conductor-8.0.2~dev2-3.12.3
      openstack-trove-doc-8.0.2~dev2-3.12.3
      openstack-trove-guestagent-8.0.2~dev2-3.12.3
      openstack-trove-taskmanager-8.0.2~dev2-3.12.3
      python-cinder-11.2.3~dev23-3.24.4
      python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3
      python-congressclient-1.8.1-3.3.4
      python-designateclient-2.7.1-3.3.4
      python-designateclient-doc-2.7.1-3.3.4
      python-freezegun-0.3.9-1.3.3
      python-heat-9.0.8~dev22-3.27.4
      python-horizon-12.0.5~dev2-3.23.4
      python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      python-ironic-9.1.8~dev8-3.24.4
      python-ironic-lib-2.10.2-3.3.3
      python-keystone-12.0.4~dev5-5.30.4
      python-monasca-agent-2.2.5~dev5-3.15.2
      python-networking-cisco-6.1.1~dev65-3.3.3
      python-networking-vsphere-2.0.1~dev133-3.12.3
      python-neutron-11.0.9~dev60-3.27.4
      python-neutron-gbp-7.3.1~dev72-3.12.3
      python-nova-16.1.9~dev49-3.32.4
      python-octavia-1.0.6~dev3-4.21.3
      python-osc-lib-1.7.1-3.3.3
      python-oslo.context-2.17.2-3.3.3
      python-oslo.rootwrap-5.9.3-3.3.3
      python-oslo.serialization-2.20.3-3.3.3
      python-oslo.service-1.25.2-3.3.3
      python-sahara-7.0.5~dev4-3.12.4
      python-stevedore-1.25.2-3.3.3
      python-taskflow-2.14.2-3.3.3
      python-trove-8.0.2~dev2-3.12.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2
      venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2
      venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2
      venv-openstack-horizon-x86_64-12.0.5~dev2-14.28.2
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2
      venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2
      venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2
      venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2
      venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2
      venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3
      venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2

   - HPE Helion Openstack 8 (noarch):

      ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3
      ardana-cobbler-8.0+git.1575037115.0326803-3.41.3
      ardana-designate-8.0+git.1573597788.15b7984-3.17.3
      ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3
      ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4
      ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3
      ardana-heat-8.0+git.1571777596.14dce6a-3.15.3
      ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3
      ardana-ironic-8.0+git.1571845225.006843d-3.9.3
      ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3
      ardana-logging-8.0+git.1572452293.e65d714-3.21.3
      ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3
      ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3
      ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3
      ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3
      ardana-nova-8.0+git.1571846125.584d988-3.38.3
      ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3
      ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3
      ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3
      mariadb-errormessages-10.2.31-4.17.3
      openstack-cinder-11.2.3~dev23-3.24.4
      openstack-cinder-api-11.2.3~dev23-3.24.4
      openstack-cinder-backup-11.2.3~dev23-3.24.4
      openstack-cinder-doc-11.2.3~dev23-3.24.3
      openstack-cinder-scheduler-11.2.3~dev23-3.24.4
      openstack-cinder-volume-11.2.3~dev23-3.24.4
      openstack-dashboard-12.0.5~dev2-3.23.4
      openstack-heat-9.0.8~dev22-3.27.4
      openstack-heat-api-9.0.8~dev22-3.27.4
      openstack-heat-api-cfn-9.0.8~dev22-3.27.4
      openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
      openstack-heat-doc-9.0.8~dev22-3.27.3
      openstack-heat-engine-9.0.8~dev22-3.27.4
      openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
      openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
      openstack-heat-test-9.0.8~dev22-3.27.4
      openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      openstack-ironic-9.1.8~dev8-3.24.4
      openstack-ironic-api-9.1.8~dev8-3.24.4
      openstack-ironic-conductor-9.1.8~dev8-3.24.4
      openstack-ironic-doc-9.1.8~dev8-3.24.3
      openstack-keystone-12.0.4~dev5-5.30.4
      openstack-keystone-doc-12.0.4~dev5-5.30.3
      openstack-monasca-agent-2.2.5~dev5-3.15.2
      openstack-neutron-11.0.9~dev60-3.27.4
      openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
      openstack-neutron-doc-11.0.9~dev60-3.27.3
      openstack-neutron-gbp-7.3.1~dev72-3.12.3
      openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
      openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
      openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
      openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
      openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
      openstack-neutron-server-11.0.9~dev60-3.27.4
      openstack-neutron-vsphere-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
      openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
      openstack-nova-16.1.9~dev49-3.32.4
      openstack-nova-api-16.1.9~dev49-3.32.4
      openstack-nova-cells-16.1.9~dev49-3.32.4
      openstack-nova-compute-16.1.9~dev49-3.32.4
      openstack-nova-conductor-16.1.9~dev49-3.32.4
      openstack-nova-console-16.1.9~dev49-3.32.4
      openstack-nova-consoleauth-16.1.9~dev49-3.32.4
      openstack-nova-doc-16.1.9~dev49-3.32.3
      openstack-nova-novncproxy-16.1.9~dev49-3.32.4
      openstack-nova-placement-api-16.1.9~dev49-3.32.4
      openstack-nova-scheduler-16.1.9~dev49-3.32.4
      openstack-nova-serialproxy-16.1.9~dev49-3.32.4
      openstack-nova-vncproxy-16.1.9~dev49-3.32.4
      openstack-octavia-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
      openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
      openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
      openstack-octavia-api-1.0.6~dev3-4.21.3
      openstack-octavia-health-manager-1.0.6~dev3-4.21.3
      openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
      openstack-octavia-worker-1.0.6~dev3-4.21.3
      openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
      openstack-sahara-7.0.5~dev4-3.12.4
      openstack-sahara-api-7.0.5~dev4-3.12.4
      openstack-sahara-doc-7.0.5~dev4-3.12.3
      openstack-sahara-engine-7.0.5~dev4-3.12.4
      openstack-trove-8.0.2~dev2-3.12.3
      openstack-trove-api-8.0.2~dev2-3.12.3
      openstack-trove-conductor-8.0.2~dev2-3.12.3
      openstack-trove-doc-8.0.2~dev2-3.12.3
      openstack-trove-guestagent-8.0.2~dev2-3.12.3
      openstack-trove-taskmanager-8.0.2~dev2-3.12.3
      python-cinder-11.2.3~dev23-3.24.4
      python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3
      python-congressclient-1.8.1-3.3.4
      python-designateclient-2.7.1-3.3.4
      python-designateclient-doc-2.7.1-3.3.4
      python-heat-9.0.8~dev22-3.27.4
      python-horizon-12.0.5~dev2-3.23.4
      python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
      python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
      python-ironic-9.1.8~dev8-3.24.4
      python-ironic-lib-2.10.2-3.3.3
      python-keystone-12.0.4~dev5-5.30.4
      python-monasca-agent-2.2.5~dev5-3.15.2
      python-networking-cisco-6.1.1~dev65-3.3.3
      python-networking-vsphere-2.0.1~dev133-3.12.3
      python-neutron-11.0.9~dev60-3.27.4
      python-neutron-gbp-7.3.1~dev72-3.12.3
      python-nova-16.1.9~dev49-3.32.4
      python-octavia-1.0.6~dev3-4.21.3
      python-osc-lib-1.7.1-3.3.3
      python-oslo.context-2.17.2-3.3.3
      python-oslo.rootwrap-5.9.3-3.3.3
      python-oslo.serialization-2.20.3-3.3.3
      python-oslo.service-1.25.2-3.3.3
      python-sahara-7.0.5~dev4-3.12.4
      python-stevedore-1.25.2-3.3.3
      python-taskflow-2.14.2-3.3.3
      python-trove-8.0.2~dev2-3.12.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2
      venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2
      venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2
      venv-openstack-horizon-hpe-x86_64-12.0.5~dev2-14.28.2
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2
      venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2
      venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2
      venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2
      venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2
      venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3
      venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2

   - HPE Helion Openstack 8 (x86_64):

      keepalived-2.0.19-3.6.3
      keepalived-debuginfo-2.0.19-3.6.3
      keepalived-debugsource-2.0.19-3.6.3
      mariadb-10.2.31-4.17.3
      mariadb-client-10.2.31-4.17.3
      mariadb-client-debuginfo-10.2.31-4.17.3
      mariadb-debuginfo-10.2.31-4.17.3
      mariadb-debugsource-10.2.31-4.17.3
      mariadb-galera-10.2.31-4.17.3
      mariadb-tools-10.2.31-4.17.3
      mariadb-tools-debuginfo-10.2.31-4.17.3


References:

   https://www.suse.com/security/cve/CVE-2017-1002201.html
   https://www.suse.com/security/cve/CVE-2018-17954.html
   https://www.suse.com/security/cve/CVE-2019-13117.html
   https://www.suse.com/security/cve/CVE-2019-16770.html
   https://www.suse.com/security/cve/CVE-2019-18901.html
   https://www.suse.com/security/cve/CVE-2019-2737.html
   https://www.suse.com/security/cve/CVE-2019-2739.html
   https://www.suse.com/security/cve/CVE-2019-2740.html
   https://www.suse.com/security/cve/CVE-2019-2758.html
   https://www.suse.com/security/cve/CVE-2019-2805.html
   https://www.suse.com/security/cve/CVE-2019-2938.html
   https://www.suse.com/security/cve/CVE-2019-2974.html
   https://www.suse.com/security/cve/CVE-2020-2574.html
   https://www.suse.com/security/cve/CVE-2020-7595.html
   https://bugzilla.suse.com/1077717
   https://bugzilla.suse.com/1117080
   https://bugzilla.suse.com/1117840
   https://bugzilla.suse.com/1123191
   https://bugzilla.suse.com/1148158
   https://bugzilla.suse.com/1152007
   https://bugzilla.suse.com/1154235
   https://bugzilla.suse.com/1155089
   https://bugzilla.suse.com/1155942
   https://bugzilla.suse.com/1156305
   https://bugzilla.suse.com/1156669
   https://bugzilla.suse.com/1156914
   https://bugzilla.suse.com/1157028
   https://bugzilla.suse.com/1157206
   https://bugzilla.suse.com/1157482
   https://bugzilla.suse.com/1158675
   https://bugzilla.suse.com/1160048
   https://bugzilla.suse.com/1160878
   https://bugzilla.suse.com/1160883
   https://bugzilla.suse.com/1160895
   https://bugzilla.suse.com/1160912
   https://bugzilla.suse.com/1161351
   https://bugzilla.suse.com/1161517
   https://bugzilla.suse.com/1162388



More information about the sle-security-updates mailing list