SUSE-SU-2019:3068-1: moderate: Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Nov 26 10:11:23 MST 2019
SUSE Security Update: Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:3068-1
Rating: moderate
References: #1153304 #1155942 #1156525
Cross-References: CVE-2019-17134 CVE-2019-18874
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova,
crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican,
openstack-heat-templates, openstack-keystone, openstack-neutron,
openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova,
openstack-octavia, openstack-sahara, python-psutil,
release-notes-suse-openstack-cloud fixes the following issues:
Security fix for openstack-octavia:
- CVE-2019-17134: Fixed an issue where Octavia Amphora-Agent not requiring
Client-Certificate (bsc#1153304).
Security fix for python-psutil:
- CVE-2019-18874: Fixed a double-free vulnerability occured during
converting system data into a Python object (bsc#1155089).
- Update to version 9.0+git.1572311426.a6dc2fd:
* Align Crowbar and Ardana MariaDB configs (SOC-10094)
- Update to version 9.0+git.1573069087.15ffd1c:
* enable debug and insecure_debug on demand (SOC-10934)
- Update to version 9.0+git.1572019823.6650494:
* Correctly setup ardana_notify_... fact (SOC-10902)
- Update to version 9.0+git.1572618171.4460843:
* Update gerrit FQDN in .gitreview (SOC-9140)
- Update to version 6.0+git.1573825081.b1caf60f1:
* Update the testsuite for new upgrade method (SOC-10761)
* upgrade: cold start nova before live migration (SOC-10761)
- Update to version 6.0+git.1573131992.3c660b413:
* [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942)
- Update to version 6.0+git.1573051151.3495e0e94:
* Allow enabling bpdu-forwarding on OVS bridges (SOC-9172)
- Update to version 6.0+git.1573754820.dd036ef77:
* neutron: use octavia-api admin VIP URI for lbaasv2 (SOC-10906)
* octavia: handle certificate ownership in barclamp (SOC-10906)
* octavia: add SSL support to octavia-api (SOC-10906)
- Update to version 6.0+git.1573174019.9965ae9b8:
* designate: change default configuration (SOC-10899)
- Update to version 6.0+git.1572855359.8efafea01:
* Make sure the input file with ssh key exists (SOC-10133)
- Update to version 6.0+git.1572636244.e12406629:
* Change order of Octavia to 102 (SOC-10289)
- Update to version 6.0+git.1572470261.49c0affe1:
* designate: move keystone resource lookup to convergence (SOC-10887)
- Update to version 1.3.0+git.1572871359.50fc6087:
* Add title for XEN compute nodes precheck (SOC-10495)
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- Update to version barbican-7.0.1.dev21:
* Fix duplicate paths in secret hrefs
* Fix the bug of pep8 and building api-guide
* OpenDev Migration Patch
- remove 0001-Fix-duplicate-paths-in-secret-hrefs.patch as it had landed
upstream
- Replace openstack.org git:// URLs with https://
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version keystone-14.1.1.dev28:
* Allows to use application credentials through group membership
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version neutron-13.0.6.dev8:
* Retry creating iptables managers and adding metering rules
- Update to version neutron-13.0.6.dev6:
* Increase timeout when waiting for dnsmasq enablement
- Update to version neutron-13.0.6.dev4:
* Log OVS firewall conjunction creation
- Update to version group-based-policy-5.0.1.dev476:
* Provide a control knob to use the internal EP interface
* Send port notifications when host\_route is getting updated
- Update to version group-based-policy-5.0.1.dev473:
* Fix pep8 failures seen on submitted patches
- Update to version neutron-lbaas-13.0.1.dev16:
* "lbaas delete l7 rule" Parameter Passing Error
- Update to version neutron-lbaas-13.0.1.dev16:
* "lbaas delete l7 rule" Parameter Passing Error
- Update to version nova-18.2.4.dev22:
* Revert "openstack server create" to "nova boot" in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version nova-18.2.4.dev22:
* Revert "openstack server create" to "nova boot" in nova docs
* doc: fix and clarify --block-device usage in user docs
- Update to version nova-18.2.4.dev20:
* Avoid error 500 on shelve task\_state race
- Update to version nova-18.2.4.dev19:
* libvirt: Ignore volume exceptions during post\_live\_migration
- Update to version octavia-3.2.1.dev3:
* Improve the error message for bad pkcs12 bundles
- Update to version octavia-3.2.1.dev2:
* ipvsadm '--exact' arg to ensure outputs are ints
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version sahara-9.0.2.dev14:
* Fixing image creation
* Check MariaDB installation
- Update to version 9.20191025:
* support OpenID Connect (SOC-10510)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-3068=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2019-3068=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
crowbar-core-6.0+git.1573825081.b1caf60f1-3.16.1
crowbar-core-branding-upstream-6.0+git.1573825081.b1caf60f1-3.16.1
python-psutil-5.4.6-3.3.1
python-psutil-debuginfo-5.4.6-3.3.1
python-psutil-debugsource-5.4.6-3.3.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-openstack-6.0+git.1573754820.dd036ef77-3.16.1
crowbar-ui-1.3.0+git.1572871359.50fc6087-14.1
openstack-barbican-7.0.1~dev21-3.3.1
openstack-barbican-api-7.0.1~dev21-3.3.1
openstack-barbican-keystone-listener-7.0.1~dev21-3.3.1
openstack-barbican-retry-7.0.1~dev21-3.3.1
openstack-barbican-worker-7.0.1~dev21-3.3.1
openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3.1
openstack-keystone-14.1.1~dev28-3.16.1
openstack-neutron-13.0.6~dev8-3.16.2
openstack-neutron-dhcp-agent-13.0.6~dev8-3.16.2
openstack-neutron-gbp-5.0.1~dev476-3.13.1
openstack-neutron-ha-tool-13.0.6~dev8-3.16.2
openstack-neutron-l3-agent-13.0.6~dev8-3.16.2
openstack-neutron-lbaas-13.0.1~dev16-3.13.1
openstack-neutron-lbaas-agent-13.0.1~dev16-3.13.1
openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16.2
openstack-neutron-macvtap-agent-13.0.6~dev8-3.16.2
openstack-neutron-metadata-agent-13.0.6~dev8-3.16.2
openstack-neutron-metering-agent-13.0.6~dev8-3.16.2
openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16.2
openstack-neutron-server-13.0.6~dev8-3.16.2
openstack-nova-18.2.4~dev22-3.16.2
openstack-nova-api-18.2.4~dev22-3.16.2
openstack-nova-cells-18.2.4~dev22-3.16.2
openstack-nova-compute-18.2.4~dev22-3.16.2
openstack-nova-conductor-18.2.4~dev22-3.16.2
openstack-nova-console-18.2.4~dev22-3.16.2
openstack-nova-novncproxy-18.2.4~dev22-3.16.2
openstack-nova-placement-api-18.2.4~dev22-3.16.2
openstack-nova-scheduler-18.2.4~dev22-3.16.2
openstack-nova-serialproxy-18.2.4~dev22-3.16.2
openstack-nova-vncproxy-18.2.4~dev22-3.16.2
openstack-octavia-3.2.1~dev3-3.16.1
openstack-octavia-amphora-agent-3.2.1~dev3-3.16.1
openstack-octavia-api-3.2.1~dev3-3.16.1
openstack-octavia-health-manager-3.2.1~dev3-3.16.1
openstack-octavia-housekeeping-3.2.1~dev3-3.16.1
openstack-octavia-worker-3.2.1~dev3-3.16.1
openstack-sahara-9.0.2~dev14-3.6.1
openstack-sahara-api-9.0.2~dev14-3.6.1
openstack-sahara-engine-9.0.2~dev14-3.6.1
python-barbican-7.0.1~dev21-3.3.1
python-keystone-14.1.1~dev28-3.16.1
python-neutron-13.0.6~dev8-3.16.2
python-neutron-gbp-5.0.1~dev476-3.13.1
python-neutron-lbaas-13.0.1~dev16-3.13.1
python-nova-18.2.4~dev22-3.16.2
python-octavia-3.2.1~dev3-3.16.1
python-sahara-9.0.2~dev14-3.6.1
release-notes-suse-openstack-cloud-9.20191025-3.15.1
- SUSE OpenStack Cloud 9 (x86_64):
python-psutil-5.4.6-3.3.1
python-psutil-debuginfo-5.4.6-3.3.1
python-psutil-debugsource-5.4.6-3.3.1
- SUSE OpenStack Cloud 9 (noarch):
ardana-db-9.0+git.1572311426.a6dc2fd-3.13.1
ardana-keystone-9.0+git.1573069087.15ffd1c-3.13.1
ardana-neutron-9.0+git.1572019823.6650494-3.16.1
ardana-nova-9.0+git.1572618171.4460843-3.13.1
openstack-barbican-7.0.1~dev21-3.3.1
openstack-barbican-api-7.0.1~dev21-3.3.1
openstack-barbican-keystone-listener-7.0.1~dev21-3.3.1
openstack-barbican-retry-7.0.1~dev21-3.3.1
openstack-barbican-worker-7.0.1~dev21-3.3.1
openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3.1
openstack-keystone-14.1.1~dev28-3.16.1
openstack-neutron-13.0.6~dev8-3.16.2
openstack-neutron-dhcp-agent-13.0.6~dev8-3.16.2
openstack-neutron-gbp-5.0.1~dev476-3.13.1
openstack-neutron-ha-tool-13.0.6~dev8-3.16.2
openstack-neutron-l3-agent-13.0.6~dev8-3.16.2
openstack-neutron-lbaas-13.0.1~dev16-3.13.1
openstack-neutron-lbaas-agent-13.0.1~dev16-3.13.1
openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16.2
openstack-neutron-macvtap-agent-13.0.6~dev8-3.16.2
openstack-neutron-metadata-agent-13.0.6~dev8-3.16.2
openstack-neutron-metering-agent-13.0.6~dev8-3.16.2
openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16.2
openstack-neutron-server-13.0.6~dev8-3.16.2
openstack-nova-18.2.4~dev22-3.16.2
openstack-nova-api-18.2.4~dev22-3.16.2
openstack-nova-cells-18.2.4~dev22-3.16.2
openstack-nova-compute-18.2.4~dev22-3.16.2
openstack-nova-conductor-18.2.4~dev22-3.16.2
openstack-nova-console-18.2.4~dev22-3.16.2
openstack-nova-novncproxy-18.2.4~dev22-3.16.2
openstack-nova-placement-api-18.2.4~dev22-3.16.2
openstack-nova-scheduler-18.2.4~dev22-3.16.2
openstack-nova-serialproxy-18.2.4~dev22-3.16.2
openstack-nova-vncproxy-18.2.4~dev22-3.16.2
openstack-octavia-3.2.1~dev3-3.16.1
openstack-octavia-amphora-agent-3.2.1~dev3-3.16.1
openstack-octavia-api-3.2.1~dev3-3.16.1
openstack-octavia-health-manager-3.2.1~dev3-3.16.1
openstack-octavia-housekeeping-3.2.1~dev3-3.16.1
openstack-octavia-worker-3.2.1~dev3-3.16.1
openstack-sahara-9.0.2~dev14-3.6.1
openstack-sahara-api-9.0.2~dev14-3.6.1
openstack-sahara-engine-9.0.2~dev14-3.6.1
python-barbican-7.0.1~dev21-3.3.1
python-keystone-14.1.1~dev28-3.16.1
python-neutron-13.0.6~dev8-3.16.2
python-neutron-gbp-5.0.1~dev476-3.13.1
python-neutron-lbaas-13.0.1~dev16-3.13.1
python-nova-18.2.4~dev22-3.16.2
python-octavia-3.2.1~dev3-3.16.1
python-sahara-9.0.2~dev14-3.6.1
release-notes-suse-openstack-cloud-9.20191025-3.15.1
venv-openstack-barbican-x86_64-7.0.1~dev21-3.13.1
venv-openstack-cinder-x86_64-13.0.8~dev8-3.13.1
venv-openstack-designate-x86_64-7.0.1~dev22-3.13.1
venv-openstack-heat-x86_64-11.0.3~dev23-3.13.1
venv-openstack-keystone-x86_64-14.1.1~dev28-3.13.1
venv-openstack-magnum-x86_64-7.1.1~dev28-4.13.1
venv-openstack-manila-x86_64-7.3.1~dev15-3.13.1
venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.13.1
venv-openstack-neutron-x86_64-13.0.6~dev8-6.13.1
venv-openstack-nova-x86_64-18.2.4~dev22-3.13.1
venv-openstack-octavia-x86_64-3.2.1~dev3-4.13.1
venv-openstack-sahara-x86_64-9.0.2~dev14-3.13.1
References:
https://www.suse.com/security/cve/CVE-2019-17134.html
https://www.suse.com/security/cve/CVE-2019-18874.html
https://bugzilla.suse.com/1153304
https://bugzilla.suse.com/1155942
https://bugzilla.suse.com/1156525
More information about the sle-security-updates
mailing list