SUSE-RU-2013:0020-1: Recommended update for crowbar components
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Tue Jan 8 10:08:36 MST 2013
SUSE Recommended Update: Recommended update for crowbar components
______________________________________________________________________________
Announcement ID: SUSE-RU-2013:0020-1
Rating: low
References: #772230 #773041 #776901 #780406 #782053 #782275
#784345 #784494 #784857 #785469 #785689 #787344
Affected Products:
SUSE Cloud 1.0
______________________________________________________________________________
An update that solves one vulnerability and has 11 fixes is
now available.
Description:
This update to the crowbar components of SUSE Cloud 1.0
provides the following fixes:
crowbar: * 784494: Add more stringent checks that
/srv/tftpboot/repos are set up correctly
crowbar-barclamp-provisioner: * 785689: Fix TFTP server not
running because xinetd was not reloaded
crowbar-barclamp-crowbar: * 782275: forgotten nodes remain
in proposals * 784857: Fix crowbar server production.log
permissions (CVE-2012-0434) * 784345: With default
setting, nova scheduler will over-commit memory * 773041:
Usability: crowbar: do not allow allocate before node is
in discovered state * 772230: CSS file reverences fonts
from google server
crowbar-barclamp-database: * 782053: postgresql can run out
of connections
crowbar-barclamp-nova: * 780406: postgresql: grant
privileges tuple concurrently updated * 776901:
barclamp-nova: deploy of nova in default mode fails,
because open-iscsi init script returns with 6 on start
crowbar-barclamp-dns: * Expose nameservers chef attribute
to crowbar proposals * Fix wrong /etc/bind/named.conf
template * 785469: Provide "allow_transfer" proposal /
chef attribute * 787344: explicitly do not run chrooted
After installation of this update you might experience
temporary error messages in various SUSE Cloud components
that stop after a few minutes. This occurs when several
services have to recover from a potential restart of the
database. In order to be safe, please schedule a short
downtime window.
Security Issues:
* CVE-2012-0434
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0434
>
Contraindications:
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 1.0:
zypper in -t patch sleclo10sp2-crowbar-7210
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 1.0 (noarch):
crowbar-1.2+git.1352980051.583e159-0.5.3
crowbar-barclamp-crowbar-1.2+git.1352636706.f1e4834-0.5.13
crowbar-barclamp-database-1.2+git.1349690639.d8910c3-0.5.13
crowbar-barclamp-dns-1.2+git.1352726499.fd6eca8-0.5.13
crowbar-barclamp-nova-1.2+git.1352206743.6cc2eeb-0.5.13
crowbar-barclamp-provisioner-1.2+git.1355744933.0c1d40d-0.5.13
References:
http://support.novell.com/security/cve/CVE-2012-0434.html
https://bugzilla.novell.com/772230
https://bugzilla.novell.com/773041
https://bugzilla.novell.com/776901
https://bugzilla.novell.com/780406
https://bugzilla.novell.com/782053
https://bugzilla.novell.com/782275
https://bugzilla.novell.com/784345
https://bugzilla.novell.com/784494
https://bugzilla.novell.com/784857
https://bugzilla.novell.com/785469
https://bugzilla.novell.com/785689
https://bugzilla.novell.com/787344
http://download.novell.com/patch/finder/?keywords=fddc2ea1e02124a2dde6085dc52cb9f4
More information about the sle-updates
mailing list