SUSE-SU-2016:2143-1: Security update for several openstack-components

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Aug 23 13:14:40 MDT 2016


   SUSE Security Update: Security update for several openstack-components
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:2143-1
Rating:             low
References:         #970258 #982426 #983807 #984442 #984443 #988729 
                    
Cross-References:   CVE-2016-2140 CVE-2016-4428 CVE-2016-5362
                    CVE-2016-5363
Affected Products:
                    SUSE OpenStack Cloud 6
______________________________________________________________________________

   An update that solves four vulnerabilities and has two
   fixes is now available.

Description:


   This update provides the latest code from OpenStack Liberty for
   openstack-ceilometer, -cinder,
   -dashboard, -glance, -heat, -keystone, -manila, -neutron, -neutron-fwaas,
    -neutron-lbaas,-nova,
   -resource-agents, python-networking-cisco and python-openstackclient.

   Additionally some security-issues have been fixed:

   openstack-nova:

   - Always copy or recreate disk.info during a migration. (bsc#970258,
     CVE-2016-2140)

   openstack-dashboard:

   - Escape anularjs templating in unsafe HTML. (bsc#983807, CVE-2016-4428)

   openstack-neutron:

   - Fix bypassing of anti-spoof protection. (bsc#984443, CVE-2016-5363,
     bsc#984442, CVE-2016-5362)

   For a detailed description of all fixes and improvements, please refer to
   the changelog.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 6:

      zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1261=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 6 (noarch):

      openstack-ceilometer-5.0.4~a0~dev6-6.1
      openstack-ceilometer-agent-central-5.0.4~a0~dev6-6.1
      openstack-ceilometer-agent-compute-5.0.4~a0~dev6-6.1
      openstack-ceilometer-agent-ipmi-5.0.4~a0~dev6-6.1
      openstack-ceilometer-agent-notification-5.0.4~a0~dev6-6.1
      openstack-ceilometer-alarm-evaluator-5.0.4~a0~dev6-6.1
      openstack-ceilometer-alarm-notifier-5.0.4~a0~dev6-6.1
      openstack-ceilometer-api-5.0.4~a0~dev6-6.1
      openstack-ceilometer-collector-5.0.4~a0~dev6-6.1
      openstack-ceilometer-doc-5.0.4~a0~dev6-6.2
      openstack-ceilometer-polling-5.0.4~a0~dev6-6.1
      openstack-cinder-7.0.3~a0~dev2-7.1
      openstack-cinder-api-7.0.3~a0~dev2-7.1
      openstack-cinder-backup-7.0.3~a0~dev2-7.1
      openstack-cinder-doc-7.0.3~a0~dev2-7.1
      openstack-cinder-scheduler-7.0.3~a0~dev2-7.1
      openstack-cinder-volume-7.0.3~a0~dev2-7.1
      openstack-dashboard-8.0.2~a0~dev34-8.1
      openstack-glance-11.0.2~a0~dev13-7.1
      openstack-glance-doc-11.0.2~a0~dev13-7.1
      openstack-heat-5.0.2~a0~dev93-9.1
      openstack-heat-api-5.0.2~a0~dev93-9.1
      openstack-heat-api-cfn-5.0.2~a0~dev93-9.1
      openstack-heat-api-cloudwatch-5.0.2~a0~dev93-9.1
      openstack-heat-doc-5.0.2~a0~dev93-9.3
      openstack-heat-engine-5.0.2~a0~dev93-9.1
      openstack-heat-plugin-heat_docker-5.0.2~a0~dev93-9.1
      openstack-keystone-8.1.1~a0~dev13-3.1
      openstack-keystone-doc-8.1.1~a0~dev13-3.2
      openstack-manila-1.0.2~a0~dev11-9.1
      openstack-manila-api-1.0.2~a0~dev11-9.1
      openstack-manila-doc-1.0.2~a0~dev11-9.2
      openstack-manila-scheduler-1.0.2~a0~dev11-9.1
      openstack-manila-share-1.0.2~a0~dev11-9.1
      openstack-neutron-7.1.2~a0~dev29-10.1
      openstack-neutron-dhcp-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-doc-7.1.2~a0~dev29-10.1
      openstack-neutron-fwaas-7.1.2~a0~dev1-6.1
      openstack-neutron-fwaas-doc-7.1.2~a0~dev1-6.1
      openstack-neutron-ha-tool-7.1.2~a0~dev29-10.1
      openstack-neutron-l3-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-lbaas-7.1.2~a0~dev1-6.1
      openstack-neutron-lbaas-agent-7.1.2~a0~dev1-6.1
      openstack-neutron-lbaas-doc-7.1.2~a0~dev1-6.1
      openstack-neutron-linuxbridge-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-metadata-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-metering-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-mlnx-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-nvsd-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-openvswitch-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-restproxy-agent-7.1.2~a0~dev29-10.1
      openstack-neutron-server-7.1.2~a0~dev29-10.1
      openstack-nova-12.0.5~a0~dev2-7.1
      openstack-nova-api-12.0.5~a0~dev2-7.1
      openstack-nova-cells-12.0.5~a0~dev2-7.1
      openstack-nova-cert-12.0.5~a0~dev2-7.1
      openstack-nova-compute-12.0.5~a0~dev2-7.1
      openstack-nova-conductor-12.0.5~a0~dev2-7.1
      openstack-nova-console-12.0.5~a0~dev2-7.1
      openstack-nova-consoleauth-12.0.5~a0~dev2-7.1
      openstack-nova-doc-12.0.5~a0~dev2-7.1
      openstack-nova-novncproxy-12.0.5~a0~dev2-7.1
      openstack-nova-objectstore-12.0.5~a0~dev2-7.1
      openstack-nova-scheduler-12.0.5~a0~dev2-7.1
      openstack-nova-serialproxy-12.0.5~a0~dev2-7.1
      openstack-nova-vncproxy-12.0.5~a0~dev2-7.1
      openstack-resource-agents-1.0+git.1467079370.4f2c49d-7.1
      python-ceilometer-5.0.4~a0~dev6-6.1
      python-cinder-7.0.3~a0~dev2-7.1
      python-glance-11.0.2~a0~dev13-7.1
      python-heat-5.0.2~a0~dev93-9.1
      python-horizon-8.0.2~a0~dev34-8.1
      python-keystone-8.1.1~a0~dev13-3.1
      python-manila-1.0.2~a0~dev11-9.1
      python-networking-cisco-2.1.1-6.1
      python-neutron-7.1.2~a0~dev29-10.1
      python-neutron-fwaas-7.1.2~a0~dev1-6.1
      python-neutron-lbaas-7.1.2~a0~dev1-6.1
      python-nova-12.0.5~a0~dev2-7.1
      python-openstackclient-1.7.2-4.1


References:

   https://www.suse.com/security/cve/CVE-2016-2140.html
   https://www.suse.com/security/cve/CVE-2016-4428.html
   https://www.suse.com/security/cve/CVE-2016-5362.html
   https://www.suse.com/security/cve/CVE-2016-5363.html
   https://bugzilla.suse.com/970258
   https://bugzilla.suse.com/982426
   https://bugzilla.suse.com/983807
   https://bugzilla.suse.com/984442
   https://bugzilla.suse.com/984443
   https://bugzilla.suse.com/988729



More information about the sle-security-updates mailing list