SUSE-SU-2015:2064-1: moderate: Security update for openstack-dashboard
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 20 09:13:13 MST 2015
SUSE Security Update: Security update for openstack-dashboard
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2064-1
Rating: moderate
References: #928891 #931437 #933607 #933722 #935442 #936059
#936368 #945052 #945515
Cross-References: CVE-2015-3219 CVE-2015-3988
Affected Products:
SUSE OpenStack Cloud 5
______________________________________________________________________________
An update that solves two vulnerabilities and has 7 fixes
is now available.
Description:
This update provides fixes and enhancements for openstack-dashboard,
crowbar-barclamp-nova_dashboard and python-django_openstack_auth.
openstack-dashboard:
- Reset flavors for other than "Boot from Image" source type. (bsc#945515)
- Add deactivated status for glance image.
- Fix TemplateSyntaxError at hypervisors view.
- Fix addition of plugin panel to panel group.
- Remove admin role name 'admin' hardcode. (bsc#935442)
- Escape the description param from heat template. (bsc#933722,
CVE-2015-3219)
- Enhance policy rules to workflow actions and identity project.
- Sanitation of metadata passed from Django to avoid persistent XSS.
(bsc#931437, CVE-2015-3988)
- Fix Terminate Instance on network topology page.
- Show ports from shared nets in floating IP assoc.
- Fix incorrect ca arguments for calling ceilometer client.
- Fix dynamic select layout when help block is displayed.
- Pass correct project ID to get tenant_usages. (bsc#928891)
crowbar-barclamp-nova_dashboard:
- Allow switching on multidomain support. (bsc#945052)
- Fix quoting of supported_provider_types. (bsc#936368)
- Enable the POLICY_FILES setting configuration.
- Fix attribute being fetched from wrong node. (bsc#936059)
python-django_openstack_auth:
- Remove admin role name 'admin' hardcode in User.is_superuser().
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-openstack-crowbar-dashboard-201510-12220=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
openstack-dashboard-2014.2.4~a0~dev12-13.2
python-django_openstack_auth-1.1.7-11.3
python-horizon-2014.2.4~a0~dev12-13.2
- SUSE OpenStack Cloud 5 (noarch):
crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3
References:
https://www.suse.com/security/cve/CVE-2015-3219.html
https://www.suse.com/security/cve/CVE-2015-3988.html
https://bugzilla.suse.com/928891
https://bugzilla.suse.com/931437
https://bugzilla.suse.com/933607
https://bugzilla.suse.com/933722
https://bugzilla.suse.com/935442
https://bugzilla.suse.com/936059
https://bugzilla.suse.com/936368
https://bugzilla.suse.com/945052
https://bugzilla.suse.com/945515
More information about the sle-security-updates
mailing list