SUSE-SU-2020:1066-1: moderate: Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Apr 22 10:14:00 MDT 2020


   SUSE Security Update: Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1066-1
Rating:             moderate
References:         #1040519 #1048688 #1077718 #1111180 #1114157 
                    #1114169 #1115904 #1125357 #1129734 #1132852 
                    #1133817 #1135773 #1145498 #1146206 #1148426 
                    #1149110 #1149535 #1151206 #1165402 #1165643 
                    #1166290 #1167240 #144694 
Cross-References:   CVE-2017-5637 CVE-2018-10851 CVE-2018-14626
                    CVE-2019-0201 CVE-2019-11596 CVE-2019-15026
                    CVE-2019-3871 CVE-2020-5247 CVE-2020-9543
                   
Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has 14 fixes is
   now available.

Description:

   This update for ardana-ansible, ardana-barbican, ardana-db,
   ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest,
   crowbar-core, crowbar-ha, crowbar-openstack,
   documentation-suse-openstack-cloud, memcached, openstack-manila,
   openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma,
   zookeeper contains the following fixes:

   Security fix for rubygem-puma:
   - CVE-2020-5247: Fixed an issue where the newlines in headers according to
     Rack spec were not split (bsc#1165402)

   Security fix for openstack-manila:

   - CVE-2020-9543: Fixed an issue where an attacker could view, update,
     delete, or share resources that do not

   Security fixes for memcached:

   - CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() in
     memcached.c (bsc#1149110).
   - CVE-2019-11596: Fixed NULL pointer dereference in process_lru_command()
     in memcached.c (bsc#1133817).

   Security fixes for pdns:

   - CVE-2019-3871: Fixed a denial of service with the HTTP remote backend
     when the attacker can send crafted DNS queries (bsc#1129734).
   - CVE-2018-10851: Fixed a denial of service via crafted zone record
     (bnc#1114157).
   - CVE-2018-14626: Fixed a denial of service by hiding DNSSEC records using
     a crafted DNS query (bsc#1114169).

   Security fixes for zookeeper:

   - CVE-2019-0201: Fixed an information disclosure in the ACL handling
     (bsc#1135773).
   - CVE-2017-5637: Fixed incorrect input validation with wchp/wchc four
     letter words (bsc#1040519).

   Changes in ardana-ansible:
   - Update to version 8.0+git.1583432621.24fa60e:
     * Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)

   Changes in ardana-barbican:
   - Update to version 8.0+git.1585152761.8ef3d61:
     * monitor ardana-node-cert (SOC-10873)

   Changes in ardana-db:
   - Update to version 8.0+git.1583944923.03cca6c:
     * monitor MySQL TLS certificate (SOC-10873)

   Changes in ardana-monasca:
   - Update to version 8.0+git.1583944894.38f023a:
     * Add certificate file check alarm (SOC-10873)

   Changes in ardana-mq:
   - Update to version 8.0+git.1583944811.dc14403:
     * monitor RabbitMQ TLS certificate (SOC-10873)

   Changes in ardana-neutron:
   - Update to version 8.0+git.1584715262.e4ea620:
     * Add symlink for neutron-fwaas.json.j2 (bsc#1166290)

   Changes in ardana-octavia:
   - Update to version 8.0+git.1585171918.418f5cf:
     * Reconfigure monitor if needed (SOC-10873)

   - Update to version 8.0+git.1585168661.135c735:
     * fix Octavia client cert redeploy (SOC-10873)

   - Update to version 8.0+git.1585152502.f15907a:
     * monitor Octavia client certificate (SOC-10873)

   Changes in ardana-tempest:
   - Update to version 8.0+git.1585311051.6ab5488:
     * Enable port-security feature in tempest(SOC-11027)

   Changes in crowbar-core:
   - Update to version 5.0+git.1585575551.16781d00d:
     * upgrade: Point to config dir instead of config file (SOC-11171)
     * upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm
       (SOC-11171)

   - Update to version 5.0+git.1585316726.670746c8c:
     * upgrade: Fix systemd unit listing (trivial)

   - Update to version 5.0+git.1585213241.46f12f9be:
     * upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)

   - Update to version 5.0+git.1585118470.eed9020de:
     * Update the default value of OS version (trivial)
     * Ignore CVE-2020-5267 in CI (bsc#1167240)
     * Ignore CVE-2020-10663 in CI (bsc#1167244)

   - Update to version 5.0+git.1583911121.d6b4b4b1a:
     * ses: Make SES UI safe for unknown options (trivial)
     * ses: Use cinder user for nova (SOC-11119)
     * ses: Added helper for populating cinder volumes (SOC-11117)
     * ses: Add ses cookbook (SOC-11114)
     * ses: Configuration upload (SOC-11115)

   - Update to version 5.0+git.1583309007.e3a8b81e9:
     * Ignore CVE-2020-8130 in CI (bsc#1164804)
     * Ignore CVE-2020-5247 (bsc#1165402)

   Changes in crowbar-ha:
   - Update to version 5.0+git.1585316176.344190f:
     * add ssl termination on haproxy (bsc#1149535)

   Changes in crowbar-openstack:
   - Update to version 5.0+git.1585304226.2164b7895:
     * nova: Fix migration numbers (trivial)

   - Update to version 5.0+git.1584692779.369c58aca:
     * nova: Drop redundant disk_cachemodes (trivial)
     * nova: Add option to disable ephemeral on ceph (SOC-11119)
     * keystone: Register SES RadosGW endpoints (SOC-5270)
     * heat: Increase heat_register syncmark timeout (SOC-11103)
     * heat: Simplify domain registration code (SOC-11103)
     * nova: Setup CEPH secrets later (SOC-11141)
     * nova: Enable ephemeral volumes on SES (SOC-11119)
     * glance: Set SES as default for new deployments (SOC-11118)
     * cinder: Correctly show old internal backends (SOC-11117)
     * nova: SES integration (SOC-11117)
     * nova: Hound fixes (trivial)
     * nova: Better error handling when Cephx auth is failing (noref)
     * nova: delete libvirt secret snippet immediately (noref)
     * nova: reduce nesting of ceph management code (noref)
     * nova: Remove obsolete rbd/ceph attributes (trivial)
     * cinder: SES integration (SOC-11117)
     * cinder: Disable use_crowbar default (SOC-11117)
     * glance: SES integration (SOC-11118)

   Changes in documentation-suse-openstack-cloud:
   - Update to version 8.20200319:
     * Adding ses-integration docs to cloud 8 (noref)
     * Fix bsc-1130532. Add feedback
     * fix bsc-1130532

   - Update to version 8.20200116:
     * Fixing links from suse.com/doc to new URL (noref)

   - Update to version 8.20200224:
     * Designate: add instructions on using PowerDNS backend (SOC-11051)
     * Designate: recommend deploying DNS in a cluster in HA deployment
       (SOC-10636)
     * message to add non-admin node for public network (SOC-10658)
     * update designate deployment (SOC-8739)
     * add designate barclamp (SCRD-8739)
     * remove Designate name server instruction (bsc#1125357,SCRD-7649)

   - Update to version 8.20200130:
     * Add instructions for lbaas v2 loadbalancers (SOC-10980) (#1253)

   - Update to version 8.20191211:
     * Specify that manila-share should be installed on the control node
       (SOC-10938) (#1230)
     * Remove (commented) mention of phrases-decl.ent (trivial)

   - Update to version 8.20191206:
     * Clarify keyring chown instructions for Ceph (bsc#1111180)
     * Clarify VSA/Ceph support in HOS 8 , SOC-10981 (bsc#144694)

   - Update to version 8.20191205:
     * Update incorrect Manila install/setup instructions (SOC-10975)

   - Update to version 8.20191029:
     * Supplement/UAdmin: Group guides on documentation.suse.com (trivial)

   - Update to version 8.20191023:
     * fix instructions for TLS certitificate renewal (SOC-10846)

   - Update to version 8.20191002:
     * Added missing edit (SOC-8480)
     * Adding Carl's second round of edits (SOC-8480)
     * Removing accidentally re-added guilabels (SOC-8480)
     * Applying Carl's edits (SOC-8480)
     * Optimizing PNGs (SOC-8480)
     * Removing guilabel complaint (SOC-8480)
     * Adding xi:include to commit (SOC-8480)
     * Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)
     * Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)

   - Update to version 8.20190923:
     * remove zvm references, only in SOC6 (noref)

   - Update to version 8.20190920:
     * remove workaround, leave description (bsc#1151206)
     * add qos to neutron not supported (bsc#1151206)

   - Update to version 8.20190829:
     * add available clients, dedicated CLM (bsc#1148426)
     * add tempest to service components, dedicated CLM (bsc#1148426)

   - Update to version 8.20190823:
     * Create CC-BY license file (noref)
     * for MariaDB update, db cluster must be running, healthy (bsc#1132852)

   - Update to version 8.20190820:
     * Fix broken URLs (SOC-10109)

   - Update to version 8.20190820:
     * add requirement for dummy entries in servers.yml (bsc#1146206)

   - Update to version 8.20190816:
     * add workaround for partition image resize (bsc#1145498)

   - Update to version 8.20190813:
     * MANAGEMENT network group cannot be changed, is required (SOC-10106)
     * remove NSX references from Crowbar deployment (SOC-10081)

   Changes in memcached:
   - version update to 1.5.17
     * bugfixes fix strncpy call in stats conns to avoid ASAN violation
       (bsc#1149110, CVE-2019-15026) extstore: fix indentation add error
       handling when calling dup function add unlock when item_cachedump
       malloc failed extstore: emulate pread(v) for macOS fix off-by-one in
       logger to allow CAS commands to be logged. use strdup for explicitly
       configured slab sizes move mem_requested from slabs.c to items.c
       (internal cleanup)
     * new features add server address to the "stats conns" output log client
       connection id with fetchers and mutations Add a handler for seccomp
       crashes
   - version update to 1.5.16
     * bugfixes When nsuffix is 0 space for flags hasn't been allocated so
       don't memcpy them.
   - version update to 1.5.15
     * bugfixes Speed up incr/decr by replacing snprintf. Use correct buffer
       size for internal URI encoding. change some links from http to https
       Fix small memory leak in testapp.c. free window_global in
       slab_automove_extstore.c remove inline_ascii_response option
       -Y [filename] for ascii authentication mode fix: idle-timeout wasn't
        compatible with binprot
     * features
       -Y [authfile] enables an authentication mode for ASCII protocol.
   - modified patches % memcached-autofoo.patch (refreshed)

   - version update to 1.5.14
     * update -h output for -I (max item size)
     * fix segfault in "lru" command (bsc#1133817, CVE-2019-11596)
     * fix compile error on centos7
     * extstore: error adjusting page_size after ext_path
     * extstore: fix segfault if page_count is too high.
     * close delete + incr item survival race bug
     * memcached-tool dump fix loss of exp value
     * Fix "qw" in "MemcachedTest.pm" so wait_ext_flush is exported properly
     * Experimental TLS support.
     * Basic implementation of TLS for memcached.
     * Improve Get And Touch documentation
     * fix INCR/DECR refcount leak for invalid items
   - modified patches % memcached-autofoo.patch (refreshed)

   - Version bump to 1.5.11:
     * extstore: balance IO thread queues
   - Drop memcached-fix_test.patch that is present now upstream

   - Add patch to fix aarch64, ppc64* and s390x tests:
     * memcached-fix_test.patch

   - Fix linter errors regarding COPYING

   - update to 1.5.10:
     * disruptive change in extstore: -o ext_page_count= is deprecated and no
       longer works. To specify size: -o ext_path=/d/m/e:500G extstore
       figures out the page count based on your desired page size. M|G|T|P
       supported.
     * extstore: Add basic JBOD support: ext_path can be specified multiple
       times for striping onto simimar devices
     * fix alignment issues on some ARM platforms for chunked items

   - Update to 1.5.9:
     * Bugfix release.
     * Important note: if using --enable-seccomp, privilege dropping is no
       longer on by default. The feature is experimental and many users are
       reporting hard to diagnose problems on varied platforms.
     * Seccomp is now marked EXPERIMENTAL, and must be explicitly enabled by
       adding -o drop_privileges. Once we're more confident with the
       usability of the feature, it will be enabled in -o modern, like any
       other new change. You should only use it if you are willing to
       carefully test it, especially if you're a vendor or distribution.
     * Also important is a crash fix in extstore when using the ASCII
       protocol, large items, and running low on memory.

   - update to 1.5.8:
     * Bugfixes for seccomp and extstore
     * Extstore platform portability has been greatly improved for ARM and
       32bit systems
   - includes changes from 1.5.7:
     * Fix alignment issues for 64bit ARM processors
     * Fix seccomp portability
     * Fix refcount leak with extstore while using binary touch commands

   - turn on the testsuite again, it seems to pass server side, too

   - Home directory shouldn't be world readable bsc#1077718
   - Mention that this stream isn't affected by bsc#1085209, CVE-2018-1000127
     to make the checker bots happy.

   Changes in openstack-manila:
   - Update to version manila-5.1.1.dev5:
     * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
     * share\_networks: enable project\_only API only

   Changes in openstack-manila:
   - Rebased patches:
     + cve-2020-9543-stable-pike.patch dropped (merged upstream)

   - Update to version manila-5.1.1.dev5:
     * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
     * share\_networks: enable project\_only API only

   Changes in openstack-neutron:
   - Update to version neutron-11.0.9.dev63:
     * ovs agent: signal to plugin if tunnel refresh needed
     * Do not initialize snat-ns twice

   Changes in openstack-neutron:
   - Update to version neutron-11.0.9.dev63:
     * ovs agent: signal to plugin if tunnel refresh needed
     * Do not initialize snat-ns twice

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev61:
     * Avoid circular reference during serialization
     * Mask the token used to allow access to consoles
     * Improve metadata server performance with large security groups
     * Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs

   - Update to version nova-16.1.9.dev54:
     * pike-only: remove broken non-voting ceph jobs
     * nova-live-migration: Wait for n-cpu services to come up after
       configuring Ceph
     * rt: only map compute node if we created it

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev61:
     * Avoid circular reference during serialization
     * Mask the token used to allow access to consoles
     * Improve metadata server performance with large security groups
     * Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs

   - Update to version nova-16.1.9.dev54:
     * pike-only: remove broken non-voting ceph jobs
     * nova-live-migration: Wait for n-cpu services to come up after
       configuring Ceph
     * rt: only map compute node if we created it

   Changes in pdns:
   - Add missing "BuildRequires: libmysqlclient-devel" to allow the package
     to build correctly.

   - CVE-2019-3871-auth-4.1.6.patch: fixes insufficient validation in HTTP
     remote backend (bsc#1129734, CVE-2019-3871)

   - CVE-2018-10851-auth-4.1.4.patch: fixes DoS via crafted zone record
     (bnc#1114157, CVE-2018-10851)
   - CVE-2018-14626-auth-4.1.4.patch: fixes an issue allowing a remote user
     to craft a DNS query that will cause an answer without DNSSEC records to
     be inserted into the packet cache and be returned to clients asking for
     DNSSEC records, thus hiding the presence of DNSSEC signatures leading to
     a potential DoS (bsc#1114169, CVE-2018-14626)

   Changes in python-amqp:
   - Make it build for SLE12SP3:
     - remove pytest-sugar build dependency
     - used %doc macro instead of %license
   - Removed patches that are already included in 2.4.2
     -
   0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patc
       h (SOC-9144)
     - 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
       (bsc#1115904)
   - Update to 2.4.2:
     - Added support for the Cygwin platform
     - Correct offset incrementation when parsing bitmaps.
     - Consequent bitmaps are now parsed correctly.
   - Better call of py.test
   - Add versions to dependencies
   - Remove python-sasl from build dependencies
   - Update to version 2.4.1
     * To avoid breaking the API basic_consume() now returns the consumer tag
       instead of a tuple when nowait is True.
     * Fix crash in basic_publish when broker does not support
       connection.blocked capability.
     * read_frame() is now Python 3 compatible for large payloads.
     * Support float read_timeout/write_timeout.
     * Always treat SSLError timeouts as socket timeouts.
     * Treat EWOULDBLOCK as timeout.
   - from 2.4.0
     * Fix inconsistent frame_handler return value. The function returned by
       frame_handler is meant to return True
       once the complete message is received and the callback is called,
        False otherwise. This fixes the return value for messages with a body
        split across multiple frames, and heartbeat frames.
     * Don't default content_encoding to utf-8 for bytes. This is not an
       acceptable default as the content may not be valid utf-8, and even if
       it is, the producer likely does not expect the message to be decoded
       by the consumer.
     * Fix encoding of messages with multibyte characters. Body length was
       previously calculated using string length, which may be less than the
       length of the encoded body when it contains multibyte sequences. This
       caused the body of the frame to be truncated.
     * Respect content_encoding when encoding messages. Previously the
       content_encoding was ignored and messages were always encoded as
       utf-8. This caused messages to be incorrectly decoded if
       content_encoding is properly respected when decoding.
     * Fix AMQP protocol header for AMQP 0-9-1. Previously it was set to a
       different value for unknown reasons.
     * Add support for Python 3.7. Change direct SSLSocket instantiation with
       wrap_socket.
     * Add support for field type "x" (byte array).
     * If there is an exception raised on Connection.connect or
       Connection.close, ensure that the underlying transport socket is
       closed.  Adjust exception message on connection errors as well.
     * TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD
       platforms.
     * Handle negative acknowledgments.
     * Added integration tests.
     * Fix basic_consume() with no consumer_tag provided.
     * Improved empty AMQPError string representation.
     * Drain events before publish. This is needed to capture out of memory
       messages for clients that only publish. Otherwise on_blocked is never
       called.
     * Don't revive channel when connection is closing. When connection is
       closing don't raise error when Channel.Close method is received.

   Changes in zookeeper:
   - Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch This applies the
     patch for ZOOKEEPER-1392 to resolve CVE-2019-0201 Should not allow to
     read ACL when not authorized to read node (bsc#1135773)

   - Various cleanups in spec file

   - Fixed off-by-one in zkCleanTRX.sh and made output more useful
     (bsc#1048688, FATE#323204)

   - Fixed ExecStartPre statment in service file

   - added zkCleanTRX.sh to clean up 0 length transaction logs

   - Update to to zookeeper-3.4.10 (bsc#1040519)
     * Fixes CVE-2017-5637
   - Remove Changes.txt (missing as of 3.4.10)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1066=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1066=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2020-1066=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      crowbar-ha-5.0+git.1585316176.344190f-3.32.1
      crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1
      documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1
      documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1
      documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1
      documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1
      openstack-manila-5.1.1~dev5-3.26.2
      openstack-manila-api-5.1.1~dev5-3.26.2
      openstack-manila-data-5.1.1~dev5-3.26.2
      openstack-manila-doc-5.1.1~dev5-3.26.1
      openstack-manila-scheduler-5.1.1~dev5-3.26.2
      openstack-manila-share-5.1.1~dev5-3.26.2
      openstack-neutron-11.0.9~dev63-3.30.2
      openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
      openstack-neutron-doc-11.0.9~dev63-3.30.1
      openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
      openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
      openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
      openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
      openstack-neutron-server-11.0.9~dev63-3.30.2
      openstack-nova-16.1.9~dev61-3.35.2
      openstack-nova-api-16.1.9~dev61-3.35.2
      openstack-nova-cells-16.1.9~dev61-3.35.2
      openstack-nova-compute-16.1.9~dev61-3.35.2
      openstack-nova-conductor-16.1.9~dev61-3.35.2
      openstack-nova-console-16.1.9~dev61-3.35.2
      openstack-nova-consoleauth-16.1.9~dev61-3.35.2
      openstack-nova-doc-16.1.9~dev61-3.35.1
      openstack-nova-novncproxy-16.1.9~dev61-3.35.2
      openstack-nova-placement-api-16.1.9~dev61-3.35.2
      openstack-nova-scheduler-16.1.9~dev61-3.35.2
      openstack-nova-serialproxy-16.1.9~dev61-3.35.2
      openstack-nova-vncproxy-16.1.9~dev61-3.35.2
      python-amqp-2.4.2-3.9.1
      python-manila-5.1.1~dev5-3.26.2
      python-neutron-11.0.9~dev63-3.30.2
      python-nova-16.1.9~dev61-3.35.2
      zookeeper-server-3.4.10-3.6.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      crowbar-core-5.0+git.1585575551.16781d00d-3.38.1
      crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1
      memcached-1.5.17-3.3.1
      memcached-debuginfo-1.5.17-3.3.1
      memcached-debugsource-1.5.17-3.3.1
      ruby2.1-rubygem-puma-2.16.0-3.6.1
      ruby2.1-rubygem-puma-debuginfo-2.16.0-3.6.1
      rubygem-puma-debugsource-2.16.0-3.6.1

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1
      ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1
      ardana-db-8.0+git.1583944923.03cca6c-3.31.1
      ardana-monasca-8.0+git.1583944894.38f023a-3.24.1
      ardana-mq-8.0+git.1583944811.dc14403-3.19.1
      ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1
      ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1
      ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1
      documentation-suse-openstack-cloud-installation-8.20200319-1.23.1
      documentation-suse-openstack-cloud-operations-8.20200319-1.23.1
      documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1
      documentation-suse-openstack-cloud-planning-8.20200319-1.23.1
      documentation-suse-openstack-cloud-security-8.20200319-1.23.1
      documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1
      documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1
      documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1
      documentation-suse-openstack-cloud-user-8.20200319-1.23.1
      openstack-manila-5.1.1~dev5-3.26.2
      openstack-manila-api-5.1.1~dev5-3.26.2
      openstack-manila-data-5.1.1~dev5-3.26.2
      openstack-manila-doc-5.1.1~dev5-3.26.1
      openstack-manila-scheduler-5.1.1~dev5-3.26.2
      openstack-manila-share-5.1.1~dev5-3.26.2
      openstack-neutron-11.0.9~dev63-3.30.2
      openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
      openstack-neutron-doc-11.0.9~dev63-3.30.1
      openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
      openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
      openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
      openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
      openstack-neutron-server-11.0.9~dev63-3.30.2
      openstack-nova-16.1.9~dev61-3.35.2
      openstack-nova-api-16.1.9~dev61-3.35.2
      openstack-nova-cells-16.1.9~dev61-3.35.2
      openstack-nova-compute-16.1.9~dev61-3.35.2
      openstack-nova-conductor-16.1.9~dev61-3.35.2
      openstack-nova-console-16.1.9~dev61-3.35.2
      openstack-nova-consoleauth-16.1.9~dev61-3.35.2
      openstack-nova-doc-16.1.9~dev61-3.35.1
      openstack-nova-novncproxy-16.1.9~dev61-3.35.2
      openstack-nova-placement-api-16.1.9~dev61-3.35.2
      openstack-nova-scheduler-16.1.9~dev61-3.35.2
      openstack-nova-serialproxy-16.1.9~dev61-3.35.2
      openstack-nova-vncproxy-16.1.9~dev61-3.35.2
      python-amqp-2.4.2-3.9.1
      python-manila-5.1.1~dev5-3.26.2
      python-neutron-11.0.9~dev63-3.30.2
      python-nova-16.1.9~dev61-3.35.2
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1
      venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1
      venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1
      venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1
      venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1
      venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1
      venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1
      venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1
      venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1
      zookeeper-server-3.4.10-3.6.1

   - SUSE OpenStack Cloud 8 (x86_64):

      memcached-1.5.17-3.3.1
      memcached-debuginfo-1.5.17-3.3.1
      memcached-debugsource-1.5.17-3.3.1
      pdns-4.1.2-3.6.1
      pdns-backend-mysql-4.1.2-3.6.1
      pdns-backend-mysql-debuginfo-4.1.2-3.6.1
      pdns-debuginfo-4.1.2-3.6.1
      pdns-debugsource-4.1.2-3.6.1

   - HPE Helion Openstack 8 (x86_64):

      memcached-1.5.17-3.3.1
      memcached-debuginfo-1.5.17-3.3.1
      memcached-debugsource-1.5.17-3.3.1
      pdns-4.1.2-3.6.1
      pdns-backend-mysql-4.1.2-3.6.1
      pdns-backend-mysql-debuginfo-4.1.2-3.6.1
      pdns-debuginfo-4.1.2-3.6.1
      pdns-debugsource-4.1.2-3.6.1

   - HPE Helion Openstack 8 (noarch):

      ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1
      ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1
      ardana-db-8.0+git.1583944923.03cca6c-3.31.1
      ardana-monasca-8.0+git.1583944894.38f023a-3.24.1
      ardana-mq-8.0+git.1583944811.dc14403-3.19.1
      ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1
      ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1
      ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1
      documentation-hpe-helion-openstack-installation-8.20200319-1.23.1
      documentation-hpe-helion-openstack-operations-8.20200319-1.23.1
      documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1
      documentation-hpe-helion-openstack-planning-8.20200319-1.23.1
      documentation-hpe-helion-openstack-security-8.20200319-1.23.1
      documentation-hpe-helion-openstack-user-8.20200319-1.23.1
      openstack-manila-5.1.1~dev5-3.26.2
      openstack-manila-api-5.1.1~dev5-3.26.2
      openstack-manila-data-5.1.1~dev5-3.26.2
      openstack-manila-doc-5.1.1~dev5-3.26.1
      openstack-manila-scheduler-5.1.1~dev5-3.26.2
      openstack-manila-share-5.1.1~dev5-3.26.2
      openstack-neutron-11.0.9~dev63-3.30.2
      openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
      openstack-neutron-doc-11.0.9~dev63-3.30.1
      openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
      openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
      openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
      openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
      openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
      openstack-neutron-server-11.0.9~dev63-3.30.2
      openstack-nova-16.1.9~dev61-3.35.2
      openstack-nova-api-16.1.9~dev61-3.35.2
      openstack-nova-cells-16.1.9~dev61-3.35.2
      openstack-nova-compute-16.1.9~dev61-3.35.2
      openstack-nova-conductor-16.1.9~dev61-3.35.2
      openstack-nova-console-16.1.9~dev61-3.35.2
      openstack-nova-consoleauth-16.1.9~dev61-3.35.2
      openstack-nova-doc-16.1.9~dev61-3.35.1
      openstack-nova-novncproxy-16.1.9~dev61-3.35.2
      openstack-nova-placement-api-16.1.9~dev61-3.35.2
      openstack-nova-scheduler-16.1.9~dev61-3.35.2
      openstack-nova-serialproxy-16.1.9~dev61-3.35.2
      openstack-nova-vncproxy-16.1.9~dev61-3.35.2
      python-amqp-2.4.2-3.9.1
      python-manila-5.1.1~dev5-3.26.2
      python-neutron-11.0.9~dev63-3.30.2
      python-nova-16.1.9~dev61-3.35.2
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1
      venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1
      venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1
      venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1
      venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1
      venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1
      venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1
      venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1
      venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1
      zookeeper-server-3.4.10-3.6.1


References:

   https://www.suse.com/security/cve/CVE-2017-5637.html
   https://www.suse.com/security/cve/CVE-2018-10851.html
   https://www.suse.com/security/cve/CVE-2018-14626.html
   https://www.suse.com/security/cve/CVE-2019-0201.html
   https://www.suse.com/security/cve/CVE-2019-11596.html
   https://www.suse.com/security/cve/CVE-2019-15026.html
   https://www.suse.com/security/cve/CVE-2019-3871.html
   https://www.suse.com/security/cve/CVE-2020-5247.html
   https://www.suse.com/security/cve/CVE-2020-9543.html
   https://bugzilla.suse.com/1040519
   https://bugzilla.suse.com/1048688
   https://bugzilla.suse.com/1077718
   https://bugzilla.suse.com/1111180
   https://bugzilla.suse.com/1114157
   https://bugzilla.suse.com/1114169
   https://bugzilla.suse.com/1115904
   https://bugzilla.suse.com/1125357
   https://bugzilla.suse.com/1129734
   https://bugzilla.suse.com/1132852
   https://bugzilla.suse.com/1133817
   https://bugzilla.suse.com/1135773
   https://bugzilla.suse.com/1145498
   https://bugzilla.suse.com/1146206
   https://bugzilla.suse.com/1148426
   https://bugzilla.suse.com/1149110
   https://bugzilla.suse.com/1149535
   https://bugzilla.suse.com/1151206
   https://bugzilla.suse.com/1165402
   https://bugzilla.suse.com/1165643
   https://bugzilla.suse.com/1166290
   https://bugzilla.suse.com/1167240
   https://bugzilla.suse.com/144694



More information about the sle-security-updates mailing list