SUSE-SU-2019:2867-1: moderate: Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Oct 30 14:16:09 MDT 2019


   SUSE Security Update: Security update for ardana-ansible, ardana-glance, ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone, openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs, python-pysaml2, python-python-engineio, python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6, venv-openstack-keystone
______________________________________________________________________________

Announcement ID:    SUSE-SU-2019:2867-1
Rating:             moderate
References:         #1019074 #1096985 #1106515 #1115960 #1116846 
                    #1118900 #1120657 #1125893 #1126088 #1132593 
                    #1132666 #1136035 #1141121 #1141676 #1143215 
                    #1145796 #1146578 #1148158 #1148383 #1150895 
                    #917802 
Cross-References:   CVE-2015-3448 CVE-2016-10127 CVE-2018-15727
                    CVE-2018-19039 CVE-2018-558213 CVE-2019-13611
                    CVE-2019-15043 CVE-2019-2614 CVE-2019-2627
                    CVE-2019-2628 CVE-2019-5477
Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 11 vulnerabilities and has 10 fixes
   is now available.

Description:

   This update for ardana-ansible, ardana-glance, ardana-horizon,
   ardana-input-model, ardana-manila, ardana-neutron, ardana-nova,
   ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha,
   crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb,
   mariadb-connector-c, novnc, openstack-cinder, openstack-glance,
   openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui,
   openstack-keystone, openstack-monasca-installer, openstack-neutron,
   openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova,
   python-amqp, python-ovs, python-pysaml2, python-python-engineio,
   python-urllib3, release-notes-suse-openstack-cloud, rubygem-easy_diff,
   rubygem-rest-client-1_6, venv-openstack-keystone contains the following
   fixes:

   - Update to version 8.0+git.1566374355.c509923:
     * Use raw image format when using SES backend on Nova (SOC-9285)

   - Update to version 8.0+git.1566376789.be0fe01:
     * Configure glance image_direct_url/multiple_locations (SOC-9285)

   - Update to version 8.0+git.1565816064.5d4f73f:
     * Removed None condition from rule (SOC-10003)

   - Update to version 8.0+git.1566517401.98450e6:
     * Add neutron-fwaas.json when neutron-l3-agent is deployed (SOC-10280)

   - Update to version 8.0+git.1568835837.2452e7a:
     * Ensure Manila services don't auto start on reboot (SOC-10641)

   - Update to version 8.0+git.1568220097.74ee4b4:
     * API extension paths separated by colon (SOC-10447)

   - Update to version 8.0+git.1567555448.5ecd5b0:
     * Add dependent services to neutron services (SOC-8746)

   - Update to version 8.0+git.1566517377.f2a8c54:
     * Add policy.d/neutron-fwaas.json.j2 (SOC-10280)

   - Update to version 8.0+git.1566902754.c58ff69:
     * Install libosinfo package (SOC-10295)

   - Update to version 8.0+git.1565946419.a76c00e:
     * Set diskcachemode and disk discard when using RBD (SOC-10182)

   - Update to version 8.0+git.1568373448.bcaee7e:
     * Make octavia heartbeat frequency options configurable (SOC-9285)

   - Update to version 8.0+git.1566374572.a3c91d9:
     * Include SES variables when configuring image (SOC-9285)

   - Update to version 8.0+git.1566208257.5213d93:
     * Use default values for amphora connection retries/timeout (SOC-9285)

   - Update to version 8.0+git.1566471887.fd2fec7:
     * Delete existing run filter before deploying it (SOC-10287)

   - Update to version 5.0+git.1569597589.1f025c557:
     * barclamp_lib: Sync timeout with other barclamps (SOC-10513, SOC-10011)

   - Update to version 5.0+git.1569231378.ac645b753:
     * Revert "batch: Use easy_merge for merging (SOC-10505)"

   - Update to version 5.0+git.1569103607.ee4a6cbc9:
     * upgrade: Fix pie chart colors on dashboard (SOC-10619)

   - Update to version 5.0+git.1568983947.70c39b8c7:
     * batch: Use easy_merge for merging (SOC-10505)

   - Update to version 5.0+git.1568317972.dfb856def:
     * upgrade: Fix pre-checks tests (SOC-9868)
     * Allow designate rndc for all nodes (SOC-10339)

   - Update to version 5.0+git.1568210854.4f87b86f8:
     * gems: Update easy_diff to 1.0.0 (SOC-10505)

   - Update to version 5.0+git.1567531836.e06d68030:
     * Public ips for dns nodes when designate integration is in use
       (SOC-9635)

   - Update to version 5.0+git.1567513044.e9ef28b03:
     * crowbar: Do not read /etc/crowbar.install.key in non-SUSE init script
     * transition.sh: Do not read /etc/crowbar.install.key
     * gather_logs: Make it a bit useful again
     * gather_logs: Do not read /etc/crowbar.install.key
     * network: Check existing upper layers before bond setup  (bsc#1120657)
     * network: never plug two interface into the same ovs bridge
       (bsc#1120657)
     * network: Avoid plugging the same interface to two ovs bridges
       (bsc#1120657)
     * nic library: some helper for identifying base interface (bsc#1120657)
     * network: Rework the vlan port replugging code (bsc#1120657)
     * network: DRY out "kill_nic_files" (noref)

   - Update to version 5.0+git.1567161136.fa34ac9f2:
     * Add CVE-2019-5477 the to travis ignore list (SOC-9635)

   - Update to version 5.0+git.1567094388.48f2be817:
     * upgrade: Add more prechecks for 8->9 (SOC-9868)

   - Update to version 5.0+git.1567673535.607aada:
     * Fix typo in error message

   - add cirros-0.4.0-x86_64-disk.img (SOC-9298, SOC-10844)
   * the disk img is required to run the barbican tempest test

   - Update to version 5.0+git.1570141351.058c8bd44:
     * tempest:install designate tempest plugin for SOC8 (SOC-10288)

   - Update to version 5.0+git.1569972328.9d475ceb9:
     * [5.0] Designate: Add dns_domain_ports config (SOC-10740)

   - Update to version 5.0+git.1569933916.d38d07e2d:
     * Install barbican tempest plugin for SOC8 (SOC-10191)
     * Designate: Filter out the admin node (SOC-10658)

   - Update to version 5.0+git.1569885207.573f090bd:
     * 5.0: designate: Fix the keys syntax error on migrations (SOC-10660)

   - Update to version 5.0+git.1569620621.21c6c5459:
     * helper:move config_for_role_exists from horizon to
       crowbar-openstack(SOC-10191)

   - Update to version 5.0+git.1569431597.02675553d:
     * tempest: don't rely on service catalogue (SOC-10633)
     * glance: don't reuse sync mark names (SOC-10348)
     * enable LDAP chase_referrals configuration (SOC-7364)
     * nova: set default attribute for max_threads_per_process

   - Update to version 5.0+git.1569053854.bb65c0fd1:
     * Make ovs of_inactivity_probe configurable from neutron barclamp

   - Update to version 5.0+git.1568904694.4d6e71fd1:
     * Revert "designate: Mark as user managed (SOC-10233)"

   - Update to version 5.0+git.1568762121.5889ee9c4:
     * Octavia: Hide UI until complete (SOC-10550)

   - Update to version 5.0+git.1568721569.5927d34b8:
     * designate: Mark as user managed (SOC-10233)

   - Update to version 5.0+git.1568593066.8a7e963dd:
     * designate: cleanup producer HA deployment (SOC-9766)

   - Update to version 5.0+git.1568373930.d508e93f7:
     * designate: Correct missing variable (SOC-10549)

   - Update to version 5.0+git.1568323106.c080edcc1:
     * neutron: Add 'insecure' to old cli calls (SOC-10453)

   - Update to version 5.0+git.1568303804.bd258bef6:
     * designate: No longer care about master/slave (SOC-10456)

   - Update to version 5.0+git.1568173760.4a32699b1:
     * nova: raise neutron client timeout to 5 minutes
     * neutron: Small cleanup to neutron_lbaas.conf template

   - Update to version 5.0+git.1568117991.15d77c6ea:
     * Designate default Bind9 pool config (SOC-10339)

   - Update to version 5.0+git.1568034797.254b8fb85:
     * tempest: Skip manila and ceilometer tests (SOC-9799)

   - Update to version 5.0+git.1567660321.885064382:
     * nova: Don't put nova-compute roles on monasca node (SOC-10373)

   - Update to version 5.0+git.1567513535.f2939eeed:
     * designate: Update ns_records with all nameservers (SOC-9636)
     * designate: Deploy producer on a server node (SOC-9766)

   - Update to version 5.0+git.1567165725.8d5b4fa26:
     * horizon: fix Grafana in HA clouds (bsc#1116846)

   - Update to version 5.0+git.1567094879.c918a5e23:
     * Fix barbican SSL support (SOC-9298)
     * Add/fix run_filters
     * Add tempest filters based on services (SOC-9298)

   - Update to version 5.0+git.1566858336.891ddbf31:
     * Fix magnum tempest tests (SOC-9298)
     * tempest: only assign creator role if needed
     * database: Hardcode ruby version for package installation (SOC-10010)

   - Update to version 5.0+git.1566838653.efe3b147d:
     * memcache: lookup memcached servers port only on local node (SOC-10173)
     * designate: initialize email in default designate proposal
     * horizon: Install designate plugin when configured (SOC-9695)

   - Update to version 5.0+git.1566629404.88dae370a:
     * Designate: Update DB pools configuration (SOC-9767)

   - Update to version 5.0+git.1566256160.59ebd76c0:
     * designate: Configure resource settings (SOC-9633)

   - Update to version 1.2.0+git.1568396400.0344a727:
     * upgrade: Add missing precheck titles

   - Update to 25.3.25:
     * A new Galera configuration parameter cert.optimistic_pa was added. If
       the parameter value is set to true, full parallellization in applying
       write sets is allowed as determined by certification algorithm. If set
       to false, no more parallellism is allowed in applying than seen on the
       master.
     * Support for ECDH OpenSSL engines on CentOS 6 (galera#520)
     * Fixed compilation on Debian testing and unstable (galera#516,
       galera#528)

   - Add unescape_IPv6_bind_ip.patch
     *
   https://github.com/dciabrin/galera-1/commit/0f6f8aeeb09809280c956514cfd5844
       b8acad4f9

   - Add CVE-2019-15043.patch (SOC-10357)
     * Adds authentication to a few rest endpoints see:
       https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5

   - Update to version 4.6.5:
     * release 4.6.5 CVE-2018-19039 (jsc#SOC-9976) File Exfiltration
       vulnerability Security fix
     * Updated version to 4.6.4. CVE-2018-558213/CVE-2018-558213
       (jsc#SOC-9980) Important fix for LDAP & OAuth login vulnerability
     * Updated version to 4.6.4.
     * sql: added code migration type
     * release 4.6.3
     * fix default alias
     * fixes broken alert eval when first condition is using OR
     * fix: alert list panel now works correctly after adding manual
       annotation on dashboard, fixes #9951
     * fix: fix for avatar images when gzip is turned on, fixes #5952
     * sets version to 4.6.2
     * prom: add support for default step param (#9866)
     * build: fixed jshint error
     * fix: Html escaping caused issue in InfluxDB query editor,  could not
       pick greater than or less then operators, fixes #9871
     * heatmap: fix tooltip in "Time series bucket" mode, #9332 (#9867)
     * fix cloudwatch ec2_instance_attribute (#9718)
     * colorpicker: fix color string change #9769 (#9780)
     * changes version to 4.6.1
     * fix: panel view now wraps, no scrolling required, fixes #9746
     * plugins: fix for loading external plugins behind auth proxy, fixes
       #9509
     * fix: color picker bug at series overrides page, #9715 (#9738)
     * tech: switch to golang 1.9.2
     * tech: add missing include
     * save as should only delete threshold for panels with alerts
     * fix: graphite annotation tooltip included undefined, fixes #9707
     * build: updated version to v4.6.0
     * plugins: added backward compatible path for rxjs
     * ux: updated singlestat default colors
     * prometheus: fixed unsaved changes warning when changing time range due
       to step option on query model was changed in datasource.query code,
       fixes #9675
     * fix: firefox can now create region annotations, fixes #9638
     * alerting: only editors can pause rules
     * fix: another fix for playlist view state, #9639
     * fix: fixed playlist controls and view state, fixes #9639
     * prom: adds pre built grafana dashboard
     * bump version for publish_testing.sh
     * update version to 4.6.0-beta3
     * plugins: expose dashboard impression store
     * modify $__timeGroup macro so it can be used in select clause (#9527)
     * plugins: fixes path issue on Windows
     * prometheus: enable gzip for /metrics endpoint
     * fix: fixed save to file button in export modal, fixes #9586
     * mysql: add usage stats for mysql
     * pluginloader: esModule true for systemjs config
     * Fix heatmap Y axis rendering (#9580)
     * fix vector range
     * prometheus: add builtin template variable as range vectors
     * fix: fixed prometheus step issue that caused browser crash, fixes #9575
     * fix: getting started panel and mark adding data source as done, fixes
       #9568
     * Fixes for annotations API (#9577)
     * bump packagecloud script
     * build: added imports of rxjs utility functions
     * prepare for v4.6.0-beta2 release
     * fix template variable expanding
     * annotations: quote reserved fields (#9550)
     * ux: align alert and btn colors
     * fix: fixed color pickers that were broken in minified builds, fixes
       #9549
     * textpanel: fixes #9491
     * csv: fix import for saveAs shim
     * plugins: expose more util and flot dependencies
     * alert_tab: clear test result when testing rules
     * (cloudwatch) fix cloudwatch query error over 24h (#9536)
     * show error message when cloudwatch datasource can't add
     * update packagecloud script for 4.6.0-beta1
     * changelog: adds note about closing #9516
     * alerting: add count_non_null reducer
     * Update rpm.md
     * fix: can now remove annotation tags without popover closing
     * tech: add backward compatibility for <spectrum-picker> directive
       (#9510)
     * fix: fixed links on new 404 page, fixes #9493
     * logging: dont use cli logger in http_server
     * oauth: raise error if session state is missing
     * oauth: provide more logging for failed oauth requests
     * prepare for 4.6.0-beta1 release
     * docs: updated whats new article
     * docs: initial draft release v46
     * graph: fix y-axis decimalTick check. Fixes #9405
     * minor docs update
     * docs: annotation docs update
     * changelog: adds note about closing #7104
     * changelog: adds note about closing #9373
     * metrics: disable gzip for /metrics endpoint (#9468)
     * Annotation docs (#9506)
     * Update CHANGELOG.md
     * Update PLUGIN_DEV.md
     * Update PLUGIN_DEV.md
     * Update README.md
     * Fixed link issue in CHANGELOG
     * Create PLUGIN_DEV.md
     * changelog: adds note about closing #9371,#5334,#8812
     * ds_edit: placeholder should only be cert header
     * fixed minor styling issus (#9497)
     * fix: alert api limit param did not work and caused SQL syntax error,
       fixes #9492
     * annotations: add endpoint for writing graphite-like events (#9495)
     * Update unsaved_changes_modal.ts
     * fix: set lastSeenAt date when creating users to then years in past
       insteasd of empty date, fixes #9260
     * ux: minor ux fix
     * Retain old name for TLS client auth
     * Return error if datasource TLS CA not parsed
     * Datasource settings: Make HTTP all caps
     * Datasource HTTP settings: Add TLS skip verify
     * Make URL capitalisation consistent in UI
     * Alias macron package in app_routes.go
     * Verify datasource TLS and split client auth and CA
     * Tidy spacing in datasource TLS settings
     * Tests: Clarify what InsecureSkipVerify does
     * postgres: add missing ngInject decorator
     * docs: initial docs for new annotation features, #9483
     * Adds note for #9209 to changelog
     * Postgres Data Source  (#9475)
     * tech: expose more to plugins, closes #9456
     * Fix NaN handling (#9469)
     * snapshots: improve snapshot listing performance, #9314 (#9477)
     * mysql: fix interpolation for numbers in temp vars
     * Added docs for Kafka alerting
     * Fixed failing go tests
     * gofmt fixes
     * Added tests
     * Kafka REST Proxy works with Grafana
     * added insrtuctions for oauth2 okta bitbucket (#9471)
     * Unified Color picker fixes (#9466)
     * Show min interval query option for mixed datasource (#9467)
     * gzip: plugin readme content set explicitly
     * ignore pattern for vendored libs
     * fix: escape metric segment auto complete, fixes #9423
     * Corrected a PostgreSQL SELECT statement. (#9460)
     * tests: found the unhandled promise issue in the dash import tests
     * testing: fixing tests
     * annotations: minor change to default/edit annotation color
     * Create annotations (#8197)
     * OAuth: Rename sslcli
     * OAuth: Separate TLS client auth and CA config
     * OAuth: Check both TLS client cert and key
     * Always verify TLS unless explicitly told otherwise
     * fix: threshold's colors in table panels (#9445) (#9453)
     * singlestat: fix sizing bug #9337 (#9448)
     * Revert "Fix coloring in singlestat if null value (#9438)" (#9443)
     * Fix coloring in singlestat if null value (#9438)
     * fix: missing semicolon
     * changed jsontree to use jsonexplorer (#9416)
     * docs page for authproxy (#9420)
     * Update codebox (#9430)
     * Series color picker fix (#9442)
     * fix type in readme
     * removed commented line
     * changelog: adds note about closing #9110
     * Fixed typo
     * Change empty string checks and improve logging
     * changelog: adds note about closing #9208
     * Fix spelling on 404 page.
     * Lint fix
     * Update kbn.js
     * Add Norwegian Krone denominator for currency
     * fixed layout for column options, changed dropdown for date format kept
       old code
     * build: add noUnusedLocals to tsc parameters
     * build: install go based on env variable
     * changes go version to 1.9.1
     * changelog: adds note about closing #9226
     * changelog: add note about closing #9429
     * changelog: adds note about closing #9399
     * Fix formatting issue
     * Add milliseconds format in table panel's config
     * support for s3 path (#9151)
     * Remove apparently unnecessary .flush() calls.
     * Fix empty message and toolong attribute names Use default state
       message if no message is provided by the user Slice attribute name to
       maximum of 50 chars
     * Address review comments.
     * changelog: add note about closing #7175
     * plugin_loader: expose app_events to plugins
     * Add the missing comma
     * colorpicker: refactoring the new unififed colorpicker, #9347
     * Unified colorpicker (#9347)
     * fix missing column headers in excel export (#9413)
     * build: remove clean plugin from dev build
     * build: fixed broken elastic unit test
     * shore: cleanup unused stuff in common.d.ts
     * Build URL for close alert request differently
     * some restyling (#9409)
     * Docs text fixes (#9408)
     * Checkbox fixes (#9400)
     * fix: ensure panel.datasource is null as default
     * plugibs: expose more to plugins
     * properly parse & pass upload image bool from config
     * break out slack upload into separate function
     * tech: minor npm scripts update
     * build: fixed build
     * refactoring: minor refactoring of PR #8916
     * Update script to make it use OpsGenie's REST API
     * docs: minor docs fix
     * Merge branch 'master' of github.com:grafana/grafana
     * build: minor webpack fix
     * docs: updated building from source docs
     * playlist: play and edit should use same width
     * shore: fixed html indentation, #9368
     * tech: updated yarn.lock
     * shore: minor cleanup
     * Webpack (#9391)
     * fixing json for CI
     * adding support for token-based slack file.upload API call for posting
       images to slack
     * changelog: adds note about closing #8479
     * changelog: adds note about closing #8050
     * changelog: adds note about closing #9386
     * change pdiff to percent_diff for conditions
     * panel: rename label on csv export modal
     * add diff and pdiff for conditions
     * fix, add targetContainsTemplate()
     * fix cloudwatch alert bug
     * add debug log
     * move extend statistics handling code to backend
     * fix assume role
     * improve cloudwatch tsdb
     * refactor cloudwatch code
     * remove obsolete code
     * move cloudwatch crendential related code
     * remove old handler
     * fix annotation query
     * fix time
     * fix dimension convertion
     * re-implement annotation query
     * fix parameter format
     * fix alert feature
     * fix parameter format
     * refactor cloudwatch to support new tsdb interface
     * refactor cloudwatch frontend code
     * refactor cloudwatch frontend code
     * fix test
     * re-implement dimension_values()
     * fix error message
     * remove performEC2DescribeInstances()
     * re-implement ec2_instance_attribute()
     * re-implement ebs_volume_ids()
     * import the change, https://github.com/grafana/grafana/pull/9268
     * fix conflict
     * fix test
     * remove obsolete GetMetricStatistics()
     * fix test
     * move test code
     * fix conflict
     * porting other suggestion
     * re-implement get regions
     * move the metric find query code
     * (cloudwatch) move query parameter to 'parameters'
     * parse duration
     * remove offset for startTime
     * cache creds for keys/credentials auth type
     * fix test
     * fix invalid query filter
     * count up metrics
     * (cloudwatch) alerting
     * add brazil currency
     * tech: upgrade of systemjs to 0.20.x working
     * tech: reverted to systemjs
     * tech: migrating elasticsearch to typescript
     * changelog: add note about using golang 1.9
     * change go version to 1.9
     * changelog: adds note about closing #9367
     * tech: systemjs upgrade
     * made a text-panel page, maybe we don't need it
     * cleaned up html/sass and added final touches
     * Enable dualstack in every net.Dialer, fixes #9364
     * jaeger: capitalize tracer name
     * jaeger: logging improvement
     * tech: systemjs upgrade
     * Have  include intervalFactor in its calculation, so always equal to
       the step query parameter.
     * alertlist: toggle play/pause button
     * updated css and html for recent state changes for alert lists
     * Fix export_modal message (#9353)
     * s3: minor fix for PR #9223
     * internal metrics: add grafana version
     * changelog: adds note about closing 5765
     * Update latest.json
     * typescript: stricter typescript option
     * prom_docker: give targets correct job name
     * testdata: add bucket scenarios for heatmap
     * dev-docker: add grafana as target
     * changelog: add note ablout closing #9319
     * introduce smtp config option for EHLO identity
     * changelog: note about closing #9250
     * go fmt
     * new page for text, needs more work
     * replaced img in graph, created alert list page
     * docs: update docs
     * Update CHANGELOG.md
     * changelog: adds note about closing #5873
     * replaced image
     * Docs new updates (#9324)
     * Update CHANGELOG.md
     * Update latest.json
     * cleanup: removed unused file
     * tech: remove bower and moved remaining bower dependencies to npm
     * tech: cleanup and fixed build issue
     * tech: upgraded angularjs and moved dependency from bower to npm,
       closes #9327
     * follow go idiom and return error as second param
     * tech: updated tsconfig
     * docker: adds alertmanager to prometheus fig
     * tech: more tslint rules
     * another img update
     * tech: removing unused variables from typescript files, and making
       tslint rules more strict
     * deleted old shortcuts instruction
     * text uppdates for dashlist and singlestat(+img). updated the keyboard
       shortcuts
     * context is reserved for go's context
     * make ds a param for Query
     * remove batch abstraction
     * rename executor into tsdbqueryendpoint
     * remove unused structs
     * refactor response flow
     * tech: removed test component
     * ux: minor singlestat update
     * singlestat: minor change
     * Update CHANGELOG.md
     * Singlestat time (#9298)
     * tech: progress on react poc
     * adds note about closing #9213
     * Update _navbar.scss
     * replaced images, updating text(not finished)
     * fix: close for 'Unsaved Changes' modal, #9284 (#9313)
     * Initial graphite tags support (#9239)
     * tech: initial react poc
     * Make details more clean in PD description
     * bug: enable HEAD requests again
     * Add `DbClusterIdentifier` to CloudWatch dimensions (#9297)
     * templating: fix dependent variable updating (#9306)
     * Fix adhoc filters restoration (#9303)
     * Explicitly refer to Github 'OAuth' applications
     * config bucket and region for s3 uploader
     * fixes bug introduced with prom namespaces
     * fixing spelling of millesecond -> millisecond
     * fixing spelling of millesecond -> millisecond
     * Remove duplicate bus.AddHandler() (#9289)
     * Update CHANGELOG.md
     * use same key as mt
     * tag alert queries that return no_data
     * updated error page html+css, added ds_store to ignore (#9285)
     * public/app/plugins/panel/graph/specs/graph_specs.ts: relax tests to be
       "within" instead of "equal", so they won't fail on i686 (#9286)
     * Fix path to icon (#9276)
     * adds note about fix in v4.5.2
     * skip NaN values when writing to graphite
     * addded mass units, #9265 (#9273)
     * Fully fill out nulls in cloudfront data source (#9268)
     * make it possible to configure sampler type
     * mark >=400 responses as error
     * change port for jaeger dev container
     * logwrapper for jaeger
     * make samplerconfig.param configurable
     * adds custom tags from settings
     * use route as span name
     * add trace headers for outgoing requests
     * docker file for running jaeger
     * better formating for error trace
     * attach context with span to *http.Request
     * add traces for datasource reverse proxy requests
     * trace failed executions
     * use tags instead of logs
     * use opentracing ext package when possible
     * set example port to zipkin default
     * adds codahale to vendor
     * makes jaeger tracing configurable
     * add trace parameters for outgoing requests
     * adds basic traces using open traces
     * require dashboard panels to have id
     * fix: jsonData should not be allowed to be null, fixes #9258
     * packaging: reduce package size
     * Update upgrading.md (#9263)
     * Added --pluginUrl option to grafana-cli for local network plugin
       installation
     * adds note about closing #1395
     * add locale format
     * update changelog
     * fixes broken tests :boom:
     * minor code adjusetments
     * pass context to image uploaders
     * remove unused deps
     * Reduced OAuth scope to read_write
     * GCS support via JSON API
     * gofmt fixes
     * Added GCS support #8370
     * move more known datasources from others
     * Remove alert thresholds on panel duplicate, issue #9178 (#9257)
     * 4.5.1 docs + update version to 5.0.0-pre1
     * publish_both.sh update for 4.5.1
     * Update CHANGELOG.md
     * docs: updated changelog
     * packaging: reducing package size be only including public vendor stuff
       we need
     * docs: update download links
     * allow ssl renegotiation for datasources
     * check args for query
     * add test for completer
     * fix
     * follow token name change
     * (prometheus) support label value completion
     * (prometheus) support label name completion
     * get s3 url via aws-sdk-go, fix #9189
     * Prometheus: Rework the interaction between auto interval (computed
       based on graph resolution), min interval (where specified, per query)
       and intervalFactor (AKA resolution, where specified, per query). As a
       bonus, have  and  reflect the actual interval (not the auto interval),
       taking into account min interval and Prometheus' 11k data points limit.
     * minor fix
     * (prometheus) support instant query for table format, use checkbox to
       switch query type
     * (prometheus) instant query support
     * Add thumbnail to card
     * Add values to the hipchat card
     * Reorder editorconfig
     * Enable datasources to be able to round off to a UTC day properly
     * Include triggering metrics to pagerduty alerts

   - Add 0001-fix-XSS-vulnerabilities-in-dashboard-links.patch (bsc#1096985)
   - adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it
     checks both ping response and the pid in a process list as it can take
     some time till the process is terminated. Otherwise it can lead to
     "found left-over process" situation when regular mariadb is started
     [bsc#1143215]
   - update suse_skipped_tests.list

   - remove client_ed25519.so plugin because it's shipped in
     mariadb-connector-c package (libmariadb_plugins)
   - update suse_skipped_tests.list

   - update to 10.2.25 GA
     * Fixes for the following security vulnerabilities:
       * 10.2.23: none
       * 10.2.24: CVE-2019-2628, CVE-2019-2627, CVE-2019-2614
       * 10.2.25: none
     * release notes and changelog:
       https://mariadb.com/kb/en/library/mariadb-10223-release-notes
       https://mariadb.com/kb/en/library/mariadb-10223-changelog
       https://mariadb.com/kb/en/library/mariadb-10224-release-notes
       https://mariadb.com/kb/en/library/mariadb-10224-changelog
       https://mariadb.com/kb/en/library/mariadb-10225-release-notes
       https://mariadb.com/kb/en/library/mariadb-10225-changelog
   - remove mariadb-10.2.22-fix_path.patch that was applied upstream in
     mariadb 10.2.23
   - remove caching_sha2_password.so because it's shipped in
     mariadb-connector-c package (libmariadb_plugins)
   - remove xtrabackup scripts as it was replaced by mariabackup (we already
     removed xtrabackup requires in the first phase)
   - fix reading options for multiple instances if my${INSTANCE}.cnf is used.
     Also remove "umask 077" from mysql-systemd-helper that causes that new
     datadirs are created with wrong permissions. Set correct permissions for
     files created by us (mysql_upgrade_info, .run-mysql_upgrade)
     [bsc#1132666]
   - fix build comment to not refer to openSUSE
   - tracker bug [bsc#1136035]

   - New upstream version 3.1.2 [bsc#1136035]
     * CONC-383: client plugins can't be loaded due to missing prefix
     * Fixed version setting in GnuTLS by moving "NORMAL" at the end
       of priority string
     * CONC-386: Added support for pem files which contain certificate and
       private key.
     * Replication/Binlog API: The main mechanism used in replication is the
       binary log.
     * CONC-395: Dashes and underscores are not interchangeable in
       options in my.cnf
     * CONC-384: Incorrect packet when a connection attribute name or value
       is equal to or greater than 251
     * CONC-388: field->def_length is always set to 0
     * Getter should get and the setter should set
       CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS
     * Disable LOAD DATA LOCAL INFILE suport by default and auto-enable it
       for the duration of one query, if the query string starts with the
       word "load". In all other cases the application should enable LOAD
       DATA LOCAL INFILE support explicitly.
     * Changed return code for mysql_optionv/mysql_get_optionv to 1 (was -1)
       and added CR_NOT_IMPLEMENTED error message if a option is unknown
       or not supported.
     * mingw fix: use lowercase names for include files
     * CONC-375: Fixed handshake errors when mixing TLSv1.3 cipher suites
       with cipher suites from other TLS protocols
     * CONC-312: Added new caching_sha2_password authentication plugin for
       authentication with MySQL 8.0
   - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and
     private_library.patch
   - pack caching_sha2_password.so and client_ed25519.so
   - move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for
     x86_64 [bsc#1126088]

   - Fixes bugs bsc#1145796: Add tightPNG encoding
     * Apply novnc-1.0.0-add-encoding-support-for-TightPNG.patch This patch
       cherry-picks commit 2c813a33f to novnc 1.0.0 to enable tightPNG
       encoding. This encoding is needed to allow noVNC to work with
       instances that run on ESX hypervisors. It is not possible to update
       the Pike package to noVNC 1.1.0 as that version is not supported with
       openstack-nova until Rocky.

   - Update to version cinder-11.2.3.dev16:
     * RBD: remove redundant exception log to reduce noise

   - Update to version cinder-11.2.3.dev14:
     * Fix NFS volume retype with migrate

   - Update to version cinder-11.2.3.dev12:
     * Remove Sheepdog tests from zuul config
     * NetApp: Return all iSCSI targets-portals

   - Update to version cinder-11.2.3.dev8:
     * Remove experimental openSUSE 42.3 job

   - Update to version cinder-11.2.3.dev16:
     * RBD: remove redundant exception log to reduce noise

   - Update to version cinder-11.2.3.dev14:
     * Fix NFS volume retype with migrate

   - Update to version cinder-11.2.3.dev12:
     * Remove Sheepdog tests from zuul config
     * NetApp: Return all iSCSI targets-portals

   - Update to version cinder-11.2.3.dev8:
     * Remove experimental openSUSE 42.3 job

   - Update to version glance-15.0.3.dev3:
     * Remove experimental openSUSE 42.3 job

   - Update to version glance-15.0.3.dev3:
     * Remove experimental openSUSE 42.3 job

   - Update to version heat-9.0.8.dev13:
     * Unlimited cinder quotas throws exception

   - Update to version heat-9.0.8.dev12:
     * Do not perform the tenant stack limit check for admin user

   - Update to version heat-9.0.8.dev13:
     * Unlimited cinder quotas throws exception

   - Update to version heat-9.0.8.dev12:
     * Do not perform the tenant stack limit check for admin user

   - don't exclude pyc files to fix update/upgrade (SOC-9339)

   - Update to version keystone-12.0.4.dev4:
     * Remove experimental openSUSE 42.3 job
     * Cap bandit

   - Update to version keystone-12.0.4.dev4:
     * Remove experimental openSUSE 42.3 job
     * Cap bandit

   - Update to version keystone-12.0.4.dev4:
     * Remove experimental openSUSE 42.3 job
     * Cap bandit

   - Update to version keystone-12.0.4.dev4:
     * Remove experimental openSUSE 42.3 job
     * Cap bandit

   - Update to version Build_20190923_16.32 (bsc#1148158)
     * Create path.repo directory for Elasticseach

   - Update to version neutron-11.0.9.dev51:
     * Check for agent restarted after checking for DVR port

   - Update to version neutron-11.0.9.dev49:
     * Allow first address in an IPv6 subnet as valid unicast

   - Update to version neutron-11.0.9.dev47:
     * Remove experimental openSUSE 42.3 job

   - Update to version neutron-11.0.9.dev45:
     * Clear skb mark on encapsulating packets
     * fix update port bug

   - Update to version neutron-11.0.9.dev51:
     * Check for agent restarted after checking for DVR port

   - Update to version neutron-11.0.9.dev49:
     * Allow first address in an IPv6 subnet as valid unicast

   - Update to version neutron-11.0.9.dev47:
     * Remove experimental openSUSE 42.3 job

   - Update to version neutron-11.0.9.dev45:
     * Clear skb mark on encapsulating packets
     * fix update port bug

   - Update to version group-based-policy-7.3.1.dev56:
     * [AIM] Fix HAIP RPC query

   - Update to version group-based-policy-7.3.1.dev55:
     * Fix implicit ICMPv6 Security Group Rules

   - Update to version group-based-policy-7.3.1.dev54:
     * Fixed snat port status to be ACTIVE and UP

   - Update to version group-based-policy-7.3.1.dev53:
     * Verify aim\_epg exists before proceeding
     * Revert "Make DHCP provisioning blocks conditional"
     * Some refactoring regarding merge aim statuses

   - Update to version group-based-policy-7.3.1.dev47:
     * Bulk extension support for routers

   - Update to version group-based-policy-7.3.1.dev46:
     * [AIM] Eliminate redundant router extension content

   - add 0001-Remove-DDT-tests-from-tempest-plugin.patch

   - add 0001-Fix-unable-to-delete-subnet-in-API-tests.patch

   - Update to version nova-16.1.9.dev7:
     * Remove experimental job on openSUSE 42.3

   - Update to version nova-16.1.9.dev6:
     * Fix misuse of nova.objects.base.obj\_equal\_prims

   - Update to version nova-16.1.9.dev5:
     * Replace non-nova server fault message

   - Allow to attach more than 26 volumes (bsc#1118900)
     * This is a forward port from SOC7
     * Add 0001-Add-method-to-generate-device-names-universally.patch
     * Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch
     * Add 0003-Add-configuration-of-maximum-disk-devices-to-attach.patch

   - Update to version nova-16.1.9.dev7:
     * Remove experimental job on openSUSE 42.3

   - Update to version nova-16.1.9.dev6:
     * Fix misuse of nova.objects.base.obj\_equal\_prims

   - Update to version nova-16.1.9.dev5:
     * Replace non-nova server fault message

   - add
   0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patc
     h (SOC-9144)

   - update to 2.7.2:
     * includes fix for controller connection over SSL
     * enable build against openvswitch-devel to get C extensions enabled
       (bsc#1141121)

   - Added fix-xxe-in-xml-parsing.patch (CVE-2016-10127, bsc#1019074)

   - Add patch CVE-2019-13611.patch (SOC-9989, bsc#1141676)
     * python-python-engineio: An issue was discovered in python-engineio
       through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH)
       vulnerability that allows attackers to make WebSocket connections to a
       server

   - Add missing dependency on python-six (bsc#1150895)

   - Update to version 8.20190911:
     * Fixing broken markup (noref)

   - Update to version 8.20190909:
     * Adding networking loop known issue (SOC-10150)
     * add Keystone default is still UUID (noref)
     * remove Known Issue-WebSSO not working (bsc#1132593)
     * Remove de-de from the URL again.
     * transfer C8 revision history from MF wiki (SCRD-7737)
     * Typo/grammar fixes + URL fix
     * remove Crowbar deprecation date (bsc#1125893)
     *  remove comment that ovsvapp is not functional

   - Update to version 8.20190909:
     * Adding networking loop known issue (SOC-10150)
     * add Keystone default is still UUID (noref)
     * remove Known Issue-WebSSO not working (bsc#1132593)

   - Add python-defusedxml (bsc#1019074)

   rubygem-easy_diff, rubygem-rest-client-1_6:
   - CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802)

   Non-security issue fixed:

   - rubygem-easy_diff was updated to version 1.0.0.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2867=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2867=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2019-2867=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      crowbar-ha-5.0+git.1567673535.607aada-3.26.2
      crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2
      crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3
      mariadb-errormessages-10.2.25-4.14.2
      novnc-1.0.0-3.6.3
      openstack-cinder-11.2.3~dev16-3.21.4
      openstack-cinder-api-11.2.3~dev16-3.21.4
      openstack-cinder-backup-11.2.3~dev16-3.21.4
      openstack-cinder-doc-11.2.3~dev16-3.21.3
      openstack-cinder-scheduler-11.2.3~dev16-3.21.4
      openstack-cinder-volume-11.2.3~dev16-3.21.4
      openstack-glance-15.0.3~dev3-3.12.4
      openstack-glance-api-15.0.3~dev3-3.12.4
      openstack-glance-doc-15.0.3~dev3-3.12.3
      openstack-glance-registry-15.0.3~dev3-3.12.4
      openstack-heat-9.0.8~dev13-3.24.4
      openstack-heat-api-9.0.8~dev13-3.24.4
      openstack-heat-api-cfn-9.0.8~dev13-3.24.4
      openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
      openstack-heat-doc-9.0.8~dev13-3.24.3
      openstack-heat-engine-9.0.8~dev13-3.24.4
      openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
      openstack-heat-test-9.0.8~dev13-3.24.4
      openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      openstack-keystone-12.0.4~dev4-5.27.4
      openstack-keystone-doc-12.0.4~dev4-5.27.3
      openstack-monasca-installer-20190923_16.32-3.9.3
      openstack-neutron-11.0.9~dev51-3.24.5
      openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
      openstack-neutron-doc-11.0.9~dev51-3.24.4
      openstack-neutron-gbp-7.3.1~dev56-3.9.4
      openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
      openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
      openstack-neutron-lbaas-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
      openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
      openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
      openstack-neutron-server-11.0.9~dev51-3.24.5
      openstack-nova-16.1.9~dev7-3.29.3
      openstack-nova-api-16.1.9~dev7-3.29.3
      openstack-nova-cells-16.1.9~dev7-3.29.3
      openstack-nova-compute-16.1.9~dev7-3.29.3
      openstack-nova-conductor-16.1.9~dev7-3.29.3
      openstack-nova-console-16.1.9~dev7-3.29.3
      openstack-nova-consoleauth-16.1.9~dev7-3.29.3
      openstack-nova-doc-16.1.9~dev7-3.29.3
      openstack-nova-novncproxy-16.1.9~dev7-3.29.3
      openstack-nova-placement-api-16.1.9~dev7-3.29.3
      openstack-nova-scheduler-16.1.9~dev7-3.29.3
      openstack-nova-serialproxy-16.1.9~dev7-3.29.3
      openstack-nova-vncproxy-16.1.9~dev7-3.29.3
      python-amqp-2.2.2-3.6.3
      python-cinder-11.2.3~dev16-3.21.4
      python-glance-15.0.3~dev3-3.12.4
      python-heat-9.0.8~dev13-3.24.4
      python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      python-keystone-12.0.4~dev4-5.27.4
      python-neutron-11.0.9~dev51-3.24.5
      python-neutron-gbp-7.3.1~dev56-3.9.4
      python-neutron-lbaas-11.0.4~dev6-3.15.4
      python-nova-16.1.9~dev7-3.29.3
      python-pysaml2-4.0.2-5.3.3
      python-urllib3-1.22-5.9.3
      release-notes-suse-openstack-cloud-8.20190911-3.20.3

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      crowbar-core-5.0+git.1569597589.1f025c557-3.32.2
      crowbar-core-branding-upstream-5.0+git.1569597589.1f025c557-3.32.2
      galera-3-debuginfo-25.3.25-4.6.3
      galera-3-debugsource-25.3.25-4.6.3
      galera-3-wsrep-provider-25.3.25-4.6.3
      galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
      grafana-4.6.5-4.6.3
      grafana-debuginfo-4.6.5-4.6.3
      grafana-debugsource-4.6.5-4.6.3
      libmariadb3-3.1.2-3.12.3
      libmariadb3-debuginfo-3.1.2-3.12.3
      mariadb-10.2.25-4.14.2
      mariadb-client-10.2.25-4.14.2
      mariadb-client-debuginfo-10.2.25-4.14.2
      mariadb-connector-c-debugsource-3.1.2-3.12.3
      mariadb-debuginfo-10.2.25-4.14.2
      mariadb-debugsource-10.2.25-4.14.2
      mariadb-galera-10.2.25-4.14.2
      mariadb-tools-10.2.25-4.14.2
      mariadb-tools-debuginfo-10.2.25-4.14.2
      python-ovs-2.7.2-3.6.1
      ruby2.1-rubygem-easy_diff-1.0.0-3.4.2

   - SUSE OpenStack Cloud 8 (x86_64):

      galera-3-debuginfo-25.3.25-4.6.3
      galera-3-debugsource-25.3.25-4.6.3
      galera-3-wsrep-provider-25.3.25-4.6.3
      galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
      grafana-4.6.5-4.6.3
      grafana-debuginfo-4.6.5-4.6.3
      grafana-debugsource-4.6.5-4.6.3
      libmariadb3-3.1.2-3.12.3
      libmariadb3-debuginfo-3.1.2-3.12.3
      mariadb-10.2.25-4.14.2
      mariadb-client-10.2.25-4.14.2
      mariadb-client-debuginfo-10.2.25-4.14.2
      mariadb-connector-c-debugsource-3.1.2-3.12.3
      mariadb-debuginfo-10.2.25-4.14.2
      mariadb-debugsource-10.2.25-4.14.2
      mariadb-galera-10.2.25-4.14.2
      mariadb-tools-10.2.25-4.14.2
      mariadb-tools-debuginfo-10.2.25-4.14.2
      python-ovs-2.7.2-3.6.1

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-ansible-8.0+git.1566374355.c509923-3.67.3
      ardana-glance-8.0+git.1566376789.be0fe01-3.17.3
      ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3
      ardana-input-model-8.0+git.1566517401.98450e6-3.33.3
      ardana-manila-8.0+git.1568835837.2452e7a-1.21.3
      ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3
      ardana-nova-8.0+git.1566902754.c58ff69-3.35.3
      ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3
      ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3
      mariadb-errormessages-10.2.25-4.14.2
      novnc-1.0.0-3.6.3
      openstack-cinder-11.2.3~dev16-3.21.4
      openstack-cinder-api-11.2.3~dev16-3.21.4
      openstack-cinder-backup-11.2.3~dev16-3.21.4
      openstack-cinder-doc-11.2.3~dev16-3.21.3
      openstack-cinder-scheduler-11.2.3~dev16-3.21.4
      openstack-cinder-volume-11.2.3~dev16-3.21.4
      openstack-glance-15.0.3~dev3-3.12.4
      openstack-glance-api-15.0.3~dev3-3.12.4
      openstack-glance-doc-15.0.3~dev3-3.12.3
      openstack-glance-registry-15.0.3~dev3-3.12.4
      openstack-heat-9.0.8~dev13-3.24.4
      openstack-heat-api-9.0.8~dev13-3.24.4
      openstack-heat-api-cfn-9.0.8~dev13-3.24.4
      openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
      openstack-heat-doc-9.0.8~dev13-3.24.3
      openstack-heat-engine-9.0.8~dev13-3.24.4
      openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
      openstack-heat-test-9.0.8~dev13-3.24.4
      openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      openstack-keystone-12.0.4~dev4-5.27.4
      openstack-keystone-doc-12.0.4~dev4-5.27.3
      openstack-monasca-installer-20190923_16.32-3.9.3
      openstack-neutron-11.0.9~dev51-3.24.5
      openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
      openstack-neutron-doc-11.0.9~dev51-3.24.4
      openstack-neutron-gbp-7.3.1~dev56-3.9.4
      openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
      openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
      openstack-neutron-lbaas-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
      openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
      openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
      openstack-neutron-server-11.0.9~dev51-3.24.5
      openstack-nova-16.1.9~dev7-3.29.3
      openstack-nova-api-16.1.9~dev7-3.29.3
      openstack-nova-cells-16.1.9~dev7-3.29.3
      openstack-nova-compute-16.1.9~dev7-3.29.3
      openstack-nova-conductor-16.1.9~dev7-3.29.3
      openstack-nova-console-16.1.9~dev7-3.29.3
      openstack-nova-consoleauth-16.1.9~dev7-3.29.3
      openstack-nova-doc-16.1.9~dev7-3.29.3
      openstack-nova-novncproxy-16.1.9~dev7-3.29.3
      openstack-nova-placement-api-16.1.9~dev7-3.29.3
      openstack-nova-scheduler-16.1.9~dev7-3.29.3
      openstack-nova-serialproxy-16.1.9~dev7-3.29.3
      openstack-nova-vncproxy-16.1.9~dev7-3.29.3
      python-amqp-2.2.2-3.6.3
      python-cinder-11.2.3~dev16-3.21.4
      python-glance-15.0.3~dev3-3.12.4
      python-heat-9.0.8~dev13-3.24.4
      python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      python-keystone-12.0.4~dev4-5.27.4
      python-neutron-11.0.9~dev51-3.24.5
      python-neutron-gbp-7.3.1~dev56-3.9.4
      python-neutron-lbaas-11.0.4~dev6-3.15.4
      python-nova-16.1.9~dev7-3.29.3
      python-pysaml2-4.0.2-5.3.3
      python-python-engineio-2.0.2-3.3.3
      python-urllib3-1.22-5.9.3
      release-notes-suse-openstack-cloud-8.20190911-3.20.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2
      venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2
      venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2
      venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2
      venv-openstack-horizon-x86_64-12.0.4~dev6-14.26.2
      venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2
      venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2
      venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2
      venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2
      venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3
      venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3
      venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2
      venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2
      venv-openstack-swift-x86_64-2.15.2-11.13.3
      venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2

   - HPE Helion Openstack 8 (x86_64):

      galera-3-debuginfo-25.3.25-4.6.3
      galera-3-debugsource-25.3.25-4.6.3
      galera-3-wsrep-provider-25.3.25-4.6.3
      galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
      grafana-4.6.5-4.6.3
      grafana-debuginfo-4.6.5-4.6.3
      grafana-debugsource-4.6.5-4.6.3
      libmariadb3-3.1.2-3.12.3
      libmariadb3-debuginfo-3.1.2-3.12.3
      mariadb-10.2.25-4.14.2
      mariadb-client-10.2.25-4.14.2
      mariadb-client-debuginfo-10.2.25-4.14.2
      mariadb-connector-c-debugsource-3.1.2-3.12.3
      mariadb-debuginfo-10.2.25-4.14.2
      mariadb-debugsource-10.2.25-4.14.2
      mariadb-galera-10.2.25-4.14.2
      mariadb-tools-10.2.25-4.14.2
      mariadb-tools-debuginfo-10.2.25-4.14.2

   - HPE Helion Openstack 8 (noarch):

      ardana-ansible-8.0+git.1566374355.c509923-3.67.3
      ardana-glance-8.0+git.1566376789.be0fe01-3.17.3
      ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3
      ardana-input-model-8.0+git.1566517401.98450e6-3.33.3
      ardana-manila-8.0+git.1568835837.2452e7a-1.21.3
      ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3
      ardana-nova-8.0+git.1566902754.c58ff69-3.35.3
      ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3
      ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3
      mariadb-errormessages-10.2.25-4.14.2
      novnc-1.0.0-3.6.3
      openstack-cinder-11.2.3~dev16-3.21.4
      openstack-cinder-api-11.2.3~dev16-3.21.4
      openstack-cinder-backup-11.2.3~dev16-3.21.4
      openstack-cinder-doc-11.2.3~dev16-3.21.3
      openstack-cinder-scheduler-11.2.3~dev16-3.21.4
      openstack-cinder-volume-11.2.3~dev16-3.21.4
      openstack-glance-15.0.3~dev3-3.12.4
      openstack-glance-api-15.0.3~dev3-3.12.4
      openstack-glance-doc-15.0.3~dev3-3.12.3
      openstack-glance-registry-15.0.3~dev3-3.12.4
      openstack-heat-9.0.8~dev13-3.24.4
      openstack-heat-api-9.0.8~dev13-3.24.4
      openstack-heat-api-cfn-9.0.8~dev13-3.24.4
      openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
      openstack-heat-doc-9.0.8~dev13-3.24.3
      openstack-heat-engine-9.0.8~dev13-3.24.4
      openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
      openstack-heat-test-9.0.8~dev13-3.24.4
      openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      openstack-keystone-12.0.4~dev4-5.27.4
      openstack-keystone-doc-12.0.4~dev4-5.27.3
      openstack-monasca-installer-20190923_16.32-3.9.3
      openstack-neutron-11.0.9~dev51-3.24.5
      openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
      openstack-neutron-doc-11.0.9~dev51-3.24.4
      openstack-neutron-gbp-7.3.1~dev56-3.9.4
      openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
      openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
      openstack-neutron-lbaas-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
      openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
      openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
      openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
      openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
      openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
      openstack-neutron-server-11.0.9~dev51-3.24.5
      openstack-nova-16.1.9~dev7-3.29.3
      openstack-nova-api-16.1.9~dev7-3.29.3
      openstack-nova-cells-16.1.9~dev7-3.29.3
      openstack-nova-compute-16.1.9~dev7-3.29.3
      openstack-nova-conductor-16.1.9~dev7-3.29.3
      openstack-nova-console-16.1.9~dev7-3.29.3
      openstack-nova-consoleauth-16.1.9~dev7-3.29.3
      openstack-nova-doc-16.1.9~dev7-3.29.3
      openstack-nova-novncproxy-16.1.9~dev7-3.29.3
      openstack-nova-placement-api-16.1.9~dev7-3.29.3
      openstack-nova-scheduler-16.1.9~dev7-3.29.3
      openstack-nova-serialproxy-16.1.9~dev7-3.29.3
      openstack-nova-vncproxy-16.1.9~dev7-3.29.3
      python-amqp-2.2.2-3.6.3
      python-cinder-11.2.3~dev16-3.21.4
      python-glance-15.0.3~dev3-3.12.4
      python-heat-9.0.8~dev13-3.24.4
      python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
      python-keystone-12.0.4~dev4-5.27.4
      python-neutron-11.0.9~dev51-3.24.5
      python-neutron-gbp-7.3.1~dev56-3.9.4
      python-neutron-lbaas-11.0.4~dev6-3.15.4
      python-nova-16.1.9~dev7-3.29.3
      python-pysaml2-4.0.2-5.3.3
      python-python-engineio-2.0.2-3.3.3
      python-urllib3-1.22-5.9.3
      release-notes-hpe-helion-openstack-8.20190911-3.20.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2
      venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2
      venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2
      venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2
      venv-openstack-horizon-hpe-x86_64-12.0.4~dev6-14.26.2
      venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2
      venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2
      venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2
      venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2
      venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3
      venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3
      venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2
      venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2
      venv-openstack-swift-x86_64-2.15.2-11.13.3
      venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2


References:

   https://www.suse.com/security/cve/CVE-2015-3448.html
   https://www.suse.com/security/cve/CVE-2016-10127.html
   https://www.suse.com/security/cve/CVE-2018-15727.html
   https://www.suse.com/security/cve/CVE-2018-19039.html
   https://www.suse.com/security/cve/CVE-2018-558213.html
   https://www.suse.com/security/cve/CVE-2019-13611.html
   https://www.suse.com/security/cve/CVE-2019-15043.html
   https://www.suse.com/security/cve/CVE-2019-2614.html
   https://www.suse.com/security/cve/CVE-2019-2627.html
   https://www.suse.com/security/cve/CVE-2019-2628.html
   https://www.suse.com/security/cve/CVE-2019-5477.html
   https://bugzilla.suse.com/1019074
   https://bugzilla.suse.com/1096985
   https://bugzilla.suse.com/1106515
   https://bugzilla.suse.com/1115960
   https://bugzilla.suse.com/1116846
   https://bugzilla.suse.com/1118900
   https://bugzilla.suse.com/1120657
   https://bugzilla.suse.com/1125893
   https://bugzilla.suse.com/1126088
   https://bugzilla.suse.com/1132593
   https://bugzilla.suse.com/1132666
   https://bugzilla.suse.com/1136035
   https://bugzilla.suse.com/1141121
   https://bugzilla.suse.com/1141676
   https://bugzilla.suse.com/1143215
   https://bugzilla.suse.com/1145796
   https://bugzilla.suse.com/1146578
   https://bugzilla.suse.com/1148158
   https://bugzilla.suse.com/1148383
   https://bugzilla.suse.com/1150895
   https://bugzilla.suse.com/917802



More information about the sle-security-updates mailing list