SUSE-SU-2016:2143-1: Security update for several openstack-components
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Aug 23 13:14:40 MDT 2016
SUSE Security Update: Security update for several openstack-components
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:2143-1
Rating: low
References: #970258 #982426 #983807 #984442 #984443 #988729
Cross-References: CVE-2016-2140 CVE-2016-4428 CVE-2016-5362
CVE-2016-5363
Affected Products:
SUSE OpenStack Cloud 6
______________________________________________________________________________
An update that solves four vulnerabilities and has two
fixes is now available.
Description:
This update provides the latest code from OpenStack Liberty for
openstack-ceilometer, -cinder,
-dashboard, -glance, -heat, -keystone, -manila, -neutron, -neutron-fwaas,
-neutron-lbaas,-nova,
-resource-agents, python-networking-cisco and python-openstackclient.
Additionally some security-issues have been fixed:
openstack-nova:
- Always copy or recreate disk.info during a migration. (bsc#970258,
CVE-2016-2140)
openstack-dashboard:
- Escape anularjs templating in unsafe HTML. (bsc#983807, CVE-2016-4428)
openstack-neutron:
- Fix bypassing of anti-spoof protection. (bsc#984443, CVE-2016-5363,
bsc#984442, CVE-2016-5362)
For a detailed description of all fixes and improvements, please refer to
the changelog.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 6:
zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1261=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 6 (noarch):
openstack-ceilometer-5.0.4~a0~dev6-6.1
openstack-ceilometer-agent-central-5.0.4~a0~dev6-6.1
openstack-ceilometer-agent-compute-5.0.4~a0~dev6-6.1
openstack-ceilometer-agent-ipmi-5.0.4~a0~dev6-6.1
openstack-ceilometer-agent-notification-5.0.4~a0~dev6-6.1
openstack-ceilometer-alarm-evaluator-5.0.4~a0~dev6-6.1
openstack-ceilometer-alarm-notifier-5.0.4~a0~dev6-6.1
openstack-ceilometer-api-5.0.4~a0~dev6-6.1
openstack-ceilometer-collector-5.0.4~a0~dev6-6.1
openstack-ceilometer-doc-5.0.4~a0~dev6-6.2
openstack-ceilometer-polling-5.0.4~a0~dev6-6.1
openstack-cinder-7.0.3~a0~dev2-7.1
openstack-cinder-api-7.0.3~a0~dev2-7.1
openstack-cinder-backup-7.0.3~a0~dev2-7.1
openstack-cinder-doc-7.0.3~a0~dev2-7.1
openstack-cinder-scheduler-7.0.3~a0~dev2-7.1
openstack-cinder-volume-7.0.3~a0~dev2-7.1
openstack-dashboard-8.0.2~a0~dev34-8.1
openstack-glance-11.0.2~a0~dev13-7.1
openstack-glance-doc-11.0.2~a0~dev13-7.1
openstack-heat-5.0.2~a0~dev93-9.1
openstack-heat-api-5.0.2~a0~dev93-9.1
openstack-heat-api-cfn-5.0.2~a0~dev93-9.1
openstack-heat-api-cloudwatch-5.0.2~a0~dev93-9.1
openstack-heat-doc-5.0.2~a0~dev93-9.3
openstack-heat-engine-5.0.2~a0~dev93-9.1
openstack-heat-plugin-heat_docker-5.0.2~a0~dev93-9.1
openstack-keystone-8.1.1~a0~dev13-3.1
openstack-keystone-doc-8.1.1~a0~dev13-3.2
openstack-manila-1.0.2~a0~dev11-9.1
openstack-manila-api-1.0.2~a0~dev11-9.1
openstack-manila-doc-1.0.2~a0~dev11-9.2
openstack-manila-scheduler-1.0.2~a0~dev11-9.1
openstack-manila-share-1.0.2~a0~dev11-9.1
openstack-neutron-7.1.2~a0~dev29-10.1
openstack-neutron-dhcp-agent-7.1.2~a0~dev29-10.1
openstack-neutron-doc-7.1.2~a0~dev29-10.1
openstack-neutron-fwaas-7.1.2~a0~dev1-6.1
openstack-neutron-fwaas-doc-7.1.2~a0~dev1-6.1
openstack-neutron-ha-tool-7.1.2~a0~dev29-10.1
openstack-neutron-l3-agent-7.1.2~a0~dev29-10.1
openstack-neutron-lbaas-7.1.2~a0~dev1-6.1
openstack-neutron-lbaas-agent-7.1.2~a0~dev1-6.1
openstack-neutron-lbaas-doc-7.1.2~a0~dev1-6.1
openstack-neutron-linuxbridge-agent-7.1.2~a0~dev29-10.1
openstack-neutron-metadata-agent-7.1.2~a0~dev29-10.1
openstack-neutron-metering-agent-7.1.2~a0~dev29-10.1
openstack-neutron-mlnx-agent-7.1.2~a0~dev29-10.1
openstack-neutron-nvsd-agent-7.1.2~a0~dev29-10.1
openstack-neutron-openvswitch-agent-7.1.2~a0~dev29-10.1
openstack-neutron-restproxy-agent-7.1.2~a0~dev29-10.1
openstack-neutron-server-7.1.2~a0~dev29-10.1
openstack-nova-12.0.5~a0~dev2-7.1
openstack-nova-api-12.0.5~a0~dev2-7.1
openstack-nova-cells-12.0.5~a0~dev2-7.1
openstack-nova-cert-12.0.5~a0~dev2-7.1
openstack-nova-compute-12.0.5~a0~dev2-7.1
openstack-nova-conductor-12.0.5~a0~dev2-7.1
openstack-nova-console-12.0.5~a0~dev2-7.1
openstack-nova-consoleauth-12.0.5~a0~dev2-7.1
openstack-nova-doc-12.0.5~a0~dev2-7.1
openstack-nova-novncproxy-12.0.5~a0~dev2-7.1
openstack-nova-objectstore-12.0.5~a0~dev2-7.1
openstack-nova-scheduler-12.0.5~a0~dev2-7.1
openstack-nova-serialproxy-12.0.5~a0~dev2-7.1
openstack-nova-vncproxy-12.0.5~a0~dev2-7.1
openstack-resource-agents-1.0+git.1467079370.4f2c49d-7.1
python-ceilometer-5.0.4~a0~dev6-6.1
python-cinder-7.0.3~a0~dev2-7.1
python-glance-11.0.2~a0~dev13-7.1
python-heat-5.0.2~a0~dev93-9.1
python-horizon-8.0.2~a0~dev34-8.1
python-keystone-8.1.1~a0~dev13-3.1
python-manila-1.0.2~a0~dev11-9.1
python-networking-cisco-2.1.1-6.1
python-neutron-7.1.2~a0~dev29-10.1
python-neutron-fwaas-7.1.2~a0~dev1-6.1
python-neutron-lbaas-7.1.2~a0~dev1-6.1
python-nova-12.0.5~a0~dev2-7.1
python-openstackclient-1.7.2-4.1
References:
https://www.suse.com/security/cve/CVE-2016-2140.html
https://www.suse.com/security/cve/CVE-2016-4428.html
https://www.suse.com/security/cve/CVE-2016-5362.html
https://www.suse.com/security/cve/CVE-2016-5363.html
https://bugzilla.suse.com/970258
https://bugzilla.suse.com/982426
https://bugzilla.suse.com/983807
https://bugzilla.suse.com/984442
https://bugzilla.suse.com/984443
https://bugzilla.suse.com/988729
More information about the sle-security-updates
mailing list