SUSE-SU-2019:2906-1: important: Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Nov 6 07:16:06 MST 2019


   SUSE Security Update: Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:2906-1
Rating:             important
References:         #1129734 #1148383 
Cross-References:   CVE-2019-15043 CVE-2019-3871
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for ardana-ansible, ardana-horizon, ardana-keystone,
   ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana,
   openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui,
   openstack-keystone, openstack-manila, openstack-neutron,
   openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova,
   openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1,
   python-keystonemiddleware, python-octaviaclient, python-os-brick,
   python-oslo.cache, python-oslo.messaging fixes the following issues:

   Security issues fixed:

   - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back
     end (pdns, bsc#1129734).
   - CVE-2019-15043: Added authentication to a few REST endpoints (Grafana,
     SOC-10357, bsc#1148383).

   Non-security issues fixed:

   - Update to version 9.0+git.1568821007.4e73730:
     * Include manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609)

   - Update to version 9.0+git.1569869028.8edfc22:
     * Added command to minify the django compressed css files (SOC-10305)

   - Update to version 9.0+git.1570035317.78077ac:
     * support OpenID Connect WebSSO (SOC-10509)

   - Update to version 9.0+git.1569444107.add6a40:
     * Manila parallelised upgrade workflow enhancements (SOC-10609)

   - Update to version 9.0+git.1571328680.3a89cb8:
     * Add neutron-common role dependencies (SOC-10875)

   - Update to version 6.0+git.1571412352.8da4d261f:
     * upgrade: Reload repo config in repochecks (SOC-10718)

   - Update to version 6.0+git.1571210108.12bd2ffa3:
     * crowbar: Give more time for reboot for physical hardware reboots

   - Update to version 6.0+git.1570004730.b56b8983b:
     * Revert "Use block-migration when needed" (SOC-10133)

   - Update to version 6.0+git.1569911671.d44b0035c:
     * Designate: Don't add the admin node to the public network (SOC-10658)

   - Update to version 6.0+git.1572264221.3826a58b8:
     * Octavia: account for long ops in HA deployments (SOC-9894)
     * Octavia: use correct IP addresses for listening (SOC-9894)
     * Octavia: fix subnet creation race condition (SOC-9894)
     * Updated copyright notices (SOC-9894)
     * Octavia: Follow up patch addressing comments from last PR (SOC-9894)

   - Update to version 6.0+git.1571986150.c5b827b7a:
     * Fix the migration that tried to access Array as a Hash (SOC-10896)

   - Update to version 6.0+git.1571731423.957dcfecd:
     * mysql: fix WSREP sync race (SOC-10717)

   - Update to version 6.0+git.1571660392.997fee49d:
     * mysql: stop service for mysql_install_db (SOC-10717)

   - Update to version 6.0+git.1571241502.2f673d0a9:
     * rabbitmq: fix migration 200 (SOC-10623)
     * Changes to integrate with ACI 4.1 and new packages (SOC-10403)

   - Update to version 6.0+git.1570143515.9b1546ed3:
     * No rndc key if no public DNS server (SOC-10835)

   - Update to version 6.0+git.1570048281.815e06ff3:
     * create watcher barclamp (SOC-4183)

   - Update to version 6.0+git.1569942913.15b24bec5:
     * monasca: Fix restore condition (SOC-9772)
     * database: really fix migration 102 (SOC-10717)

   - Update to version 6.0+git.1569823669.91f267e96:
     * Designate: Filter out the admin node (SOC-10658)

   - Create plugin directory and clean up (create in %install, add to %files)
     handling of /var/lib/grafana/* and
   - Update to version cinder-13.0.8.dev8:
     * Extend timeout for database migration tests 13.0.7
     * Add context to cloning snapshots in remotefs driver

   - Update to version cinder-13.0.7.dev22:
     * Add retry to LVM deactivation
     * Fix DetachedInstanceError for VolumeAttachment
     * Don't allow retype to encrypted+multiattach type

   - Update to version cinder-13.0.8.dev8:
     * Extend timeout for database migration tests 13.0.7
     * Add context to cloning snapshots in remotefs driver

   - Update to version cinder-13.0.7.dev22:
     * Add retry to LVM deactivation
     * Fix DetachedInstanceError for VolumeAttachment
     * Don't allow retype to encrypted+multiattach type

   - Update to version horizon-14.0.5.dev1:
     * Fix aes-xts key length in Horizon Admin Guide / Manage Volumes 14.0.4

   - Add python-csscompressor as a requirement
     * python-csscompressor will be used to minify compressed css files

   - Update to version horizon-14.0.4.dev17:
     * Remove the check which causes plugin's quotas update failure

   - Update to version horizon-14.0.4.dev16:
     * Add Allowed Address Pair/Delete buttons are only visible to admin

   - Update to version horizon-14.0.4.dev14:
     * Updated max-width to be dynamic for .member class

   - Update to version horizon-14.0.4.dev13:
     * Avoid forced logout when 403 error encountered

   - Update to version manila-ui-2.16.2.dev2:
     * Updated to get quotas data for Modify Quotas dialog Share tab
     * OpenDev Migration Patch 2.16.1

   - Update to version keystone-14.1.1.dev26:
     * Make system tokens work with domain-specific drivers

   - Update to version keystone-14.1.1.dev24:
     * Add test case for expanding implied roles in system tokens

   - Update to version keystone-14.1.1.dev22:
     * Add retry for DBDeadlock in credential delete

   - Update to version keystone-14.1.1.dev20:
     * Import LDAP job into project
     * Update broken links to dogpile.cache docs

   - Update to version keystone-14.1.1.dev26:
     * Make system tokens work with domain-specific drivers

   - Update to version keystone-14.1.1.dev24:
     * Add test case for expanding implied roles in system tokens

   - Update to version keystone-14.1.1.dev22:
     * Add retry for DBDeadlock in credential delete

   - Update to version keystone-14.1.1.dev20:
     * Import LDAP job into project
     * Update broken links to dogpile.cache docs

   - Update to version manila-7.3.1.dev15:
     * Fix [Unity] verification and convert mgmt ipv6

   - Update to version manila-7.3.1.dev14:
     * Adding documentation for User Messages in Manila Documentation

   - Update to version manila-7.3.1.dev12:
     * [NetApp] Allow extension/shrinking of NetApp replicated share

   - Update to version manila-7.3.1.dev11:
     * Fix pagination does not speed up queries bug

   - Update to version manila-7.3.1.dev9:
     * Remove backend spec from share type while creating replica

   - Update to version manila-7.3.1.dev8:
     * Check NetApp SnapRestore license for pools

   - Update to version manila-7.3.1.dev7:
     * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job

   - Update to version manila-7.3.1.dev15:
     * Fix [Unity] verification and convert mgmt ipv6

   - Update to version manila-7.3.1.dev14:
     * Adding documentation for User Messages in Manila Documentation

   - Update to version manila-7.3.1.dev12:
     * [NetApp] Allow extension/shrinking of NetApp replicated share

   - Update to version manila-7.3.1.dev11:
     * Fix pagination does not speed up queries bug

   - Update to version manila-7.3.1.dev9:
     * Remove backend spec from share type while creating replica

   - Update to version manila-7.3.1.dev8:
     * Check NetApp SnapRestore license for pools

   - Update to version manila-7.3.1.dev7:
     * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job

   - Update to version neutron-13.0.6.dev3:
     * Add radvd\_user config option
     * Fix mismatch of tags in dnsmasq options 13.0.5

   - Update to version neutron-13.0.5.dev55:
     * Handle ports assigned to routers without routerports

   - Update to version neutron-13.0.5.dev54:
     * fixed\_configured=True when Add/Remove port IPs

   - Update to version neutron-13.0.5.dev53:
     * raise priority of dead vlan drop
     * OVS flows for custom ethertypes must be on EGRESS

   - Update to version neutron-13.0.6.dev3:
     * Add radvd\_user config option
     * Fix mismatch of tags in dnsmasq options 13.0.5

   - Update to version neutron-13.0.5.dev55:
     * Handle ports assigned to routers without routerports

   - Update to version neutron-13.0.5.dev54:
     * fixed\_configured=True when Add/Remove port IPs

   - Update to version neutron-13.0.5.dev53:
     * raise priority of dead vlan drop
     * OVS flows for custom ethertypes must be on EGRESS

   - Update to version neutron-fwaas-13.0.3.dev2:
     * Fix AttributeError with third-party L3 service plugins

   - Update to version neutron-fwaas-13.0.3.dev1:
     * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
       13.0.2

   - Update to version neutron-fwaas-13.0.3.dev2:
     * Fix AttributeError with third-party L3 service plugins

   - Update to version neutron-fwaas-13.0.3.dev1:
     * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host
       13.0.2

   - Update to version neutron-lbaas-13.0.1.dev15:
     * Fix lb stats model

   - Update to version neutron-lbaas-13.0.1.dev15:
     * Fix lb stats model

   - Update to version nova-18.2.4.dev18:
     * Error out interrupted builds
     * Functional reproduce for bug 1833581
     * Prevent init\_host test to interfere with other tests
     * Add functional test for resize crash compute restart revert
     * cleanup evacuated instances not on hypervisor

   - Update to version nova-18.2.4.dev8:
     * Fix unit of hw\_rng:rate\_period
     * Fix exception translation when creating volume
     * Skip test\_parallel\_evacuate\_with\_server\_group until fixed
     * Handle get\_host\_availability\_zone error during reschedule
     * Noop CantStartEngineError in targets\_cell if API DB not configured

   - Update to version nova-18.2.4.dev1:
     * Stop sending bad values from libosinfo to libvirt 18.2.3

   - Update to version nova-18.2.3.dev25:
     * Add useful error log when \_determine\_version\_cap raises DBNotAllowed

   - Update to version nova-18.2.3.dev23:
     * Reduce scope of 'path' query parameter to noVNC consoles

   - Update to version nova-18.2.4.dev18:
     * Error out interrupted builds
     * Functional reproduce for bug 1833581
     * Prevent init\_host test to interfere with other tests
     * Add functional test for resize crash compute restart revert
     * cleanup evacuated instances not on hypervisor

   - Update to version nova-18.2.4.dev8:
     * Fix unit of hw\_rng:rate\_period
     * Fix exception translation when creating volume
     * Skip test\_parallel\_evacuate\_with\_server\_group until fixed
     * Handle get\_host\_availability\_zone error during reschedule
     * Noop CantStartEngineError in targets\_cell if API DB not configured

   - Update to version nova-18.2.4.dev1:
     * Stop sending bad values from libosinfo to libvirt 18.2.3

   - Update to version nova-18.2.3.dev25:
     * Add useful error log when \_determine\_version\_cap raises DBNotAllowed

   - Update to version nova-18.2.3.dev23:
     * Reduce scope of 'path' query parameter to noVNC consoles

   - Move tempest tests into the python-octavia package (SOC-9455)

   - Update to version octavia-3.2.1.dev1: 3.2.0
     * loadbalancer vip-network-id IP availability check

   - Update to version octavia-3.1.2.dev46:
     * Fix urgent amphora two-way auth security bug

   Update image to 0.1.1 to include latest changes in openstack-octavia:
   - Update to include version octavia-3.2.1.dev1:
     * loadbalancer vip-network-id IP availability check
     * Fix urgent amphora two-way auth security bug
     * Fix member API handling of None/null updates
     * Validate server\_certs\_key\_passphrase is 32 chars
     * Work around strptime threading issue
     * Fix base (VRRP) port abandoned on revert
     * Do not run non-voting jobs in gate
     * Fix l7rule API handling of None updates
     * Fix template that generates vrrp check script
     * elements: add arch property for \`\`open-vm-tools\`\`
     * Prevent UDP LBs to use different IP protocol versions in amphora driver
     * Fixed down server issue after reloading keepalived
     * Fixed pool and members status with UDP loadbalancers
     * Add support for monitor\_{address,port} in UDP members
     * Fix auto setup Barbican's ACL in the legacy driver
     * Fix L7 repository create methods
     * Add warning log if auth\_strategy is not keystone
     * Add failover logging to show the amphora details
     * Revert "Use the infra pypi mirror for DIB"
     * Use the infra pypi mirror for DIB
     * only rollback DB when we have a connection to the DB
     * Add octavia-v2-dsvm jobs to the gate queue
     * Fix for utils LB DM transformation function
     * Update amphora-agent to report UDP listener health
     * Update tox.ini for new upper constraints strategy
     * Add bindep.txt for Octavia
     * Fix allocate\_and\_associate DB deadlock
     * Treat null admin\_state\_up as False
     * Performance improvement for non-udp health checks
     * Bandit test exclusions syntax change
     * Fix IPv6 in Active/Standby topology on CentOS
     * Fix listener API handling of None/null updates
     * OpenDev Migration Patch
     * Fix a lifecycle bug with child objects
     * Fix the amphora base port coming up
     * Fix setting of VIP QoS policy
     * Fix VIP plugging on CentOS-based amphorae
     * Fix possible state machine hole in failover
     * Add missing import octavia/opts.py
     * Fix the loss of access to barbican secrets
     * Fix initialization of Barbican client
     * Replace openstack.org git:// URLs with https://
     * Fix prefix for vip\_ipv6
     * Fix ifup failures on member interfaces with IPv6
     * Adds server\_certs\_key\_passphrase to octavia.conf
     * Fix LB failover when in ERROR
     * Resolve amphora agent read timeout issue
     * Fix performance of housekeeping DB clean up
     * Encrypt certs and keys
     * Enable debug for Octavia services in grenade job
     * Fix oslo messaging connection leakage
     * Simplify keepalived lvsquery parsing for UDP
     * Fix functional tests under Python >= 3.6
     * Fix check redirect pool for creating a fully populated load balancer
     * Fix missing print format error
   - Remove superfluous octavia-db-manage invocation from service file
   - Incorporate the patch from https://review.openstack.org/#/c/541811/9.

   - Update to 4.1.8
     * #7604: Correctly interpret an empty AXFR response to an IXFR query,
     * #7610: Fix replying from ANY address for non-standard port,
     * #7609: Fix rectify for ENT records in narrow zones,
     * #7607: Do not compress the root,
     * #7608: Fix dot stripping in `setcontent()`,
     * #7605: Fix invalid SOA record in MySQL which prevented the
       authoritative server from starting,
     * #7603: Prevent leak of file descriptor if running out of ports for
       incoming AXFR,
     * #7602: Fix API search failed with “Commands out of sync; you can’t
       run this command now”,
     * #7509: Plug `mysql_thread_init` memory leak,
     * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations.
     * Prevent more than one CNAME/SOA record in the same RRset

   - Update to 1.11.24:
     * Fixed crash of KeyTransform() for JSONField and HStoreField when using
       on expressions with params (#30672).

   - update to version 5.2.1
     - Update .gitreview for stable/rocky
     - Update UPPER_CONSTRAINTS_FILE for stable/rocky
     - OpenDev Migration Patch
     - Remove tox_install.sh
     - import zuul job settings from project-config
     - Skip the services with no endpoints when parsing service catalog

   - update to version 1.6.1
     - Update UPPER_CONSTRAINTS_FILE for stable/rocky
     - OpenDev Migration Patch
     - import zuul job settings from project-config
     - Update .gitreview for stable/rocky
     - Make sure we always requests JSON responses

   - update to version 2.5.8
     - FC: Ignore some HBAs from map for single WWNN
     - OpenDev Migration Patch
     - Improve iSCSI device detection speed

   - update to version 1.30.4
     - Update UPPER_CONSTRAINTS_FILE for stable/rocky
     - Fix memcache pool client in monkey-patched environments
     - OpenDev Migration Patch
     - Pass `flush_on_reconnect` to memcache pooled backend

   - update to version 8.1.4
     - Replace openstack.org git:// URLs with https://
     - Cap Bandit below 1.6.0 and update Sphinx requirement
     - Retry to declare a queue after internal error
     - Add release note for amqp library TLS/SSL error
     - Fix switch connection destination when a rabbitmq cluster node
       disappear
     - Mark telemetry tests nv and remove from gate
     - OpenDev Migration Patch
     - Issue blocking ACK for RPC requests from the consumer thread
     - fix typos


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2906=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2906=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3
      openstack-cinder-13.0.8~dev8-3.13.5
      openstack-cinder-api-13.0.8~dev8-3.13.5
      openstack-cinder-backup-13.0.8~dev8-3.13.5
      openstack-cinder-scheduler-13.0.8~dev8-3.13.5
      openstack-cinder-volume-13.0.8~dev8-3.13.5
      openstack-dashboard-14.0.5~dev1-3.9.4
      openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
      openstack-keystone-14.1.1~dev26-3.13.4
      openstack-manila-7.3.1~dev15-4.13.4
      openstack-manila-api-7.3.1~dev15-4.13.4
      openstack-manila-data-7.3.1~dev15-4.13.4
      openstack-manila-scheduler-7.3.1~dev15-4.13.4
      openstack-manila-share-7.3.1~dev15-4.13.4
      openstack-neutron-13.0.6~dev3-3.13.4
      openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
      openstack-neutron-fwaas-13.0.3~dev2-3.6.3
      openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
      openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
      openstack-neutron-lbaas-13.0.1~dev15-3.10.3
      openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
      openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
      openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
      openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
      openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
      openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
      openstack-neutron-server-13.0.6~dev3-3.13.4
      openstack-nova-18.2.4~dev18-3.13.5
      openstack-nova-api-18.2.4~dev18-3.13.5
      openstack-nova-cells-18.2.4~dev18-3.13.5
      openstack-nova-compute-18.2.4~dev18-3.13.5
      openstack-nova-conductor-18.2.4~dev18-3.13.5
      openstack-nova-console-18.2.4~dev18-3.13.5
      openstack-nova-novncproxy-18.2.4~dev18-3.13.5
      openstack-nova-placement-api-18.2.4~dev18-3.13.5
      openstack-nova-scheduler-18.2.4~dev18-3.13.5
      openstack-nova-serialproxy-18.2.4~dev18-3.13.5
      openstack-nova-vncproxy-18.2.4~dev18-3.13.5
      openstack-octavia-3.2.1~dev1-3.13.3
      openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
      openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
      openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
      openstack-octavia-api-3.2.1~dev1-3.13.3
      openstack-octavia-health-manager-3.2.1~dev1-3.13.3
      openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
      openstack-octavia-worker-3.2.1~dev1-3.13.3
      python-Django1-1.11.24-3.12.3
      python-cinder-13.0.8~dev8-3.13.5
      python-horizon-14.0.5~dev1-3.9.4
      python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
      python-keystone-14.1.1~dev26-3.13.4
      python-keystonemiddleware-5.2.1-11.4
      python-manila-7.3.1~dev15-4.13.4
      python-neutron-13.0.6~dev3-3.13.4
      python-neutron-fwaas-13.0.3~dev2-3.6.3
      python-neutron-lbaas-13.0.1~dev15-3.10.3
      python-nova-18.2.4~dev18-3.13.5
      python-octavia-3.2.1~dev1-3.13.3
      python-octaviaclient-1.6.1-3.3.3
      python-openstack_auth-14.0.5~dev1-3.9.4
      python-os-brick-2.5.8-3.6.3
      python-os-brick-common-2.5.8-3.6.3
      python-oslo.cache-1.30.4-3.3.3
      python-oslo.messaging-8.1.4-3.3.3

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3
      crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13.3
      grafana-6.2.5-3.9.3
      grafana-debuginfo-6.2.5-3.9.3

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-ansible-9.0+git.1568821007.4e73730-3.13.3
      ardana-horizon-9.0+git.1569869028.8edfc22-3.10.3
      ardana-keystone-9.0+git.1570035317.78077ac-3.10.3
      ardana-manila-9.0+git.1569444107.add6a40-3.9.3
      ardana-neutron-9.0+git.1571328680.3a89cb8-3.13.3
      openstack-cinder-13.0.8~dev8-3.13.5
      openstack-cinder-api-13.0.8~dev8-3.13.5
      openstack-cinder-backup-13.0.8~dev8-3.13.5
      openstack-cinder-scheduler-13.0.8~dev8-3.13.5
      openstack-cinder-volume-13.0.8~dev8-3.13.5
      openstack-dashboard-14.0.5~dev1-3.9.4
      openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
      openstack-keystone-14.1.1~dev26-3.13.4
      openstack-manila-7.3.1~dev15-4.13.4
      openstack-manila-api-7.3.1~dev15-4.13.4
      openstack-manila-data-7.3.1~dev15-4.13.4
      openstack-manila-scheduler-7.3.1~dev15-4.13.4
      openstack-manila-share-7.3.1~dev15-4.13.4
      openstack-neutron-13.0.6~dev3-3.13.4
      openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
      openstack-neutron-fwaas-13.0.3~dev2-3.6.3
      openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
      openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
      openstack-neutron-lbaas-13.0.1~dev15-3.10.3
      openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
      openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
      openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
      openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
      openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
      openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
      openstack-neutron-server-13.0.6~dev3-3.13.4
      openstack-nova-18.2.4~dev18-3.13.5
      openstack-nova-api-18.2.4~dev18-3.13.5
      openstack-nova-cells-18.2.4~dev18-3.13.5
      openstack-nova-compute-18.2.4~dev18-3.13.5
      openstack-nova-conductor-18.2.4~dev18-3.13.5
      openstack-nova-console-18.2.4~dev18-3.13.5
      openstack-nova-novncproxy-18.2.4~dev18-3.13.5
      openstack-nova-placement-api-18.2.4~dev18-3.13.5
      openstack-nova-scheduler-18.2.4~dev18-3.13.5
      openstack-nova-serialproxy-18.2.4~dev18-3.13.5
      openstack-nova-vncproxy-18.2.4~dev18-3.13.5
      openstack-octavia-3.2.1~dev1-3.13.3
      openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
      openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
      openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
      openstack-octavia-api-3.2.1~dev1-3.13.3
      openstack-octavia-health-manager-3.2.1~dev1-3.13.3
      openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
      openstack-octavia-worker-3.2.1~dev1-3.13.3
      python-Django1-1.11.24-3.12.3
      python-cinder-13.0.8~dev8-3.13.5
      python-horizon-14.0.5~dev1-3.9.4
      python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
      python-keystone-14.1.1~dev26-3.13.4
      python-keystonemiddleware-5.2.1-11.4
      python-manila-7.3.1~dev15-4.13.4
      python-neutron-13.0.6~dev3-3.13.4
      python-neutron-fwaas-13.0.3~dev2-3.6.3
      python-neutron-lbaas-13.0.1~dev15-3.10.3
      python-nova-18.2.4~dev18-3.13.5
      python-octavia-3.2.1~dev1-3.13.3
      python-octaviaclient-1.6.1-3.3.3
      python-openstack_auth-14.0.5~dev1-3.9.4
      python-os-brick-2.5.8-3.6.3
      python-os-brick-common-2.5.8-3.6.3
      python-oslo.cache-1.30.4-3.3.3
      python-oslo.messaging-8.1.4-3.3.3
      venv-openstack-barbican-x86_64-7.0.1~dev18-3.11.3
      venv-openstack-cinder-x86_64-13.0.8~dev8-3.11.3
      venv-openstack-designate-x86_64-7.0.1~dev22-3.11.3
      venv-openstack-glance-x86_64-17.0.1~dev30-3.11.3
      venv-openstack-heat-x86_64-11.0.3~dev23-3.11.3
      venv-openstack-horizon-x86_64-14.0.5~dev1-4.11.3
      venv-openstack-keystone-x86_64-14.1.1~dev26-3.11.3
      venv-openstack-magnum-x86_64-7.1.1~dev28-4.11.3
      venv-openstack-manila-x86_64-7.3.1~dev15-3.11.3
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.11.3
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.11.3
      venv-openstack-neutron-x86_64-13.0.6~dev3-6.11.3
      venv-openstack-nova-x86_64-18.2.4~dev18-3.11.3
      venv-openstack-octavia-x86_64-3.2.1~dev1-4.11.3
      venv-openstack-sahara-x86_64-9.0.2~dev12-3.11.3
      venv-openstack-swift-x86_64-2.19.2~dev1-2.8.3

   - SUSE OpenStack Cloud 9 (x86_64):

      grafana-6.2.5-3.9.3
      grafana-debuginfo-6.2.5-3.9.3
      pdns-4.1.8-3.3.3
      pdns-backend-mysql-4.1.8-3.3.3
      pdns-backend-mysql-debuginfo-4.1.8-3.3.3
      pdns-debuginfo-4.1.8-3.3.3
      pdns-debugsource-4.1.8-3.3.3


References:

   https://www.suse.com/security/cve/CVE-2019-15043.html
   https://www.suse.com/security/cve/CVE-2019-3871.html
   https://bugzilla.suse.com/1129734
   https://bugzilla.suse.com/1148383



More information about the sle-security-updates mailing list