SUSE-SU-2018:3924-1: moderate: Security update for python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, python-oslo.service, python-oslo.utils, python-oslo.versionedobjects, python-oslo.vmware, python-oslotest

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Nov 27 10:10:08 MST 2018


   SUSE Security Update: Security update for python-oslo.cache, python-oslo.concurrency, python-oslo.db, python-oslo.log, python-oslo.messaging, python-oslo.middleware, python-oslo.serialization, python-oslo.service, python-oslo.utils, python-oslo.versionedobjects, python-oslo.vmware, python-oslotest
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3924-1
Rating:             moderate
References:         #1022043 #1109756 
Cross-References:   CVE-2017-2592
Affected Products:
                    SUSE OpenStack Cloud 7
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:

   This update for python-oslo.cache, python-oslo.concurrency,
   python-oslo.db, python-oslo.log, python-oslo.messaging,
   python-oslo.middleware, python-oslo.serialization, python-oslo.service,
   python-oslo.utils, python-oslo.versionedobjects, python-oslo.vmware,
   python-oslotest fixes the following issues:

   python-oslo.cache was updated to 1.14.1:

   - use stable/newton constraints

   python-oslo.concurrency was updated to version 3.14.1:

   - Ignore prlimit argument on Windows
   - Update .gitreview for stable/newton

   python-oslo.db was updated to version 4.13.6:

   - Fix marker checking when value is None

   python-oslo.log was updated to version 3.16.1:

   - Fix races in unit tests

   python-oslo.messaging was updated to fix:

   - Skip logging sensitive information to avoid credential leak
   - Avoid reconnect to the same AMQP server while trying to error handle the
     original server error (bsc#1109756)

   python-oslo.middleware was updated to version 3.19.1:

   - Filter token data out of catch_errors middleware (CVE-2017-2592
     bsc#1022043)

   python-oslo.serialization was updated to version 2.13.2:

   - Don't iterate through addresses in netaddr.IPNetwork

   python-oslo.service was updated to version 1.16.1:

   - Fix race condition with fast threads

   python-oslo.utils was updated to version 3.16.1:

   - Updated from global requirements

   python-oslo.versionedobjects was updated to version 1.17.1:

   - update from global requirements

   python-oslo.vmware was updated to version 2.14.1:

   - Updated from global requirements

   python-oslotest was updated to version 2.10.1:

   - Updated from global requirements


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-2796=1



Package List:

   - SUSE OpenStack Cloud 7 (noarch):

      python-oslo.cache-1.14.1-3.3.3
      python-oslo.concurrency-3.14.1-3.3.3
      python-oslo.db-4.13.6-3.3.3
      python-oslo.log-3.16.1-3.3.3
      python-oslo.messaging-5.10.2-3.6.3
      python-oslo.middleware-3.19.1-4.3.4
      python-oslo.serialization-2.13.2-3.3.3
      python-oslo.service-1.16.1-3.3.1
      python-oslo.utils-3.16.1-3.3.3
      python-oslo.versionedobjects-1.17.1-3.3.1
      python-oslo.vmware-2.14.1-3.3.1
      python-oslotest-2.10.1-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-2592.html
   https://bugzilla.suse.com/1022043
   https://bugzilla.suse.com/1109756



More information about the sle-security-updates mailing list