SUSE-SU-2020:1066-1: moderate: Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Apr 22 10:14:00 MDT 2020
SUSE Security Update: Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:1066-1
Rating: moderate
References: #1040519 #1048688 #1077718 #1111180 #1114157
#1114169 #1115904 #1125357 #1129734 #1132852
#1133817 #1135773 #1145498 #1146206 #1148426
#1149110 #1149535 #1151206 #1165402 #1165643
#1166290 #1167240 #144694
Cross-References: CVE-2017-5637 CVE-2018-10851 CVE-2018-14626
CVE-2019-0201 CVE-2019-11596 CVE-2019-15026
CVE-2019-3871 CVE-2020-5247 CVE-2020-9543
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 14 fixes is
now available.
Description:
This update for ardana-ansible, ardana-barbican, ardana-db,
ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest,
crowbar-core, crowbar-ha, crowbar-openstack,
documentation-suse-openstack-cloud, memcached, openstack-manila,
openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma,
zookeeper contains the following fixes:
Security fix for rubygem-puma:
- CVE-2020-5247: Fixed an issue where the newlines in headers according to
Rack spec were not split (bsc#1165402)
Security fix for openstack-manila:
- CVE-2020-9543: Fixed an issue where an attacker could view, update,
delete, or share resources that do not
Security fixes for memcached:
- CVE-2019-15026: Fixed a stack-based buffer over-read in conn_to_str() in
memcached.c (bsc#1149110).
- CVE-2019-11596: Fixed NULL pointer dereference in process_lru_command()
in memcached.c (bsc#1133817).
Security fixes for pdns:
- CVE-2019-3871: Fixed a denial of service with the HTTP remote backend
when the attacker can send crafted DNS queries (bsc#1129734).
- CVE-2018-10851: Fixed a denial of service via crafted zone record
(bnc#1114157).
- CVE-2018-14626: Fixed a denial of service by hiding DNSSEC records using
a crafted DNS query (bsc#1114169).
Security fixes for zookeeper:
- CVE-2019-0201: Fixed an information disclosure in the ACL handling
(bsc#1135773).
- CVE-2017-5637: Fixed incorrect input validation with wchp/wchc four
letter words (bsc#1040519).
Changes in ardana-ansible:
- Update to version 8.0+git.1583432621.24fa60e:
* Upgrade pre-checks in Cloud 8 and Cloud 9 (SOC-10300)
Changes in ardana-barbican:
- Update to version 8.0+git.1585152761.8ef3d61:
* monitor ardana-node-cert (SOC-10873)
Changes in ardana-db:
- Update to version 8.0+git.1583944923.03cca6c:
* monitor MySQL TLS certificate (SOC-10873)
Changes in ardana-monasca:
- Update to version 8.0+git.1583944894.38f023a:
* Add certificate file check alarm (SOC-10873)
Changes in ardana-mq:
- Update to version 8.0+git.1583944811.dc14403:
* monitor RabbitMQ TLS certificate (SOC-10873)
Changes in ardana-neutron:
- Update to version 8.0+git.1584715262.e4ea620:
* Add symlink for neutron-fwaas.json.j2 (bsc#1166290)
Changes in ardana-octavia:
- Update to version 8.0+git.1585171918.418f5cf:
* Reconfigure monitor if needed (SOC-10873)
- Update to version 8.0+git.1585168661.135c735:
* fix Octavia client cert redeploy (SOC-10873)
- Update to version 8.0+git.1585152502.f15907a:
* monitor Octavia client certificate (SOC-10873)
Changes in ardana-tempest:
- Update to version 8.0+git.1585311051.6ab5488:
* Enable port-security feature in tempest(SOC-11027)
Changes in crowbar-core:
- Update to version 5.0+git.1585575551.16781d00d:
* upgrade: Point to config dir instead of config file (SOC-11171)
* upgrade: Do not call neutron-evacuate-lbaasv2-agent with use_crm
(SOC-11171)
- Update to version 5.0+git.1585316726.670746c8c:
* upgrade: Fix systemd unit listing (trivial)
- Update to version 5.0+git.1585213241.46f12f9be:
* upgrade: Remove the assignement of crowbar-upgrade role (SOC-11166)
- Update to version 5.0+git.1585118470.eed9020de:
* Update the default value of OS version (trivial)
* Ignore CVE-2020-5267 in CI (bsc#1167240)
* Ignore CVE-2020-10663 in CI (bsc#1167244)
- Update to version 5.0+git.1583911121.d6b4b4b1a:
* ses: Make SES UI safe for unknown options (trivial)
* ses: Use cinder user for nova (SOC-11119)
* ses: Added helper for populating cinder volumes (SOC-11117)
* ses: Add ses cookbook (SOC-11114)
* ses: Configuration upload (SOC-11115)
- Update to version 5.0+git.1583309007.e3a8b81e9:
* Ignore CVE-2020-8130 in CI (bsc#1164804)
* Ignore CVE-2020-5247 (bsc#1165402)
Changes in crowbar-ha:
- Update to version 5.0+git.1585316176.344190f:
* add ssl termination on haproxy (bsc#1149535)
Changes in crowbar-openstack:
- Update to version 5.0+git.1585304226.2164b7895:
* nova: Fix migration numbers (trivial)
- Update to version 5.0+git.1584692779.369c58aca:
* nova: Drop redundant disk_cachemodes (trivial)
* nova: Add option to disable ephemeral on ceph (SOC-11119)
* keystone: Register SES RadosGW endpoints (SOC-5270)
* heat: Increase heat_register syncmark timeout (SOC-11103)
* heat: Simplify domain registration code (SOC-11103)
* nova: Setup CEPH secrets later (SOC-11141)
* nova: Enable ephemeral volumes on SES (SOC-11119)
* glance: Set SES as default for new deployments (SOC-11118)
* cinder: Correctly show old internal backends (SOC-11117)
* nova: SES integration (SOC-11117)
* nova: Hound fixes (trivial)
* nova: Better error handling when Cephx auth is failing (noref)
* nova: delete libvirt secret snippet immediately (noref)
* nova: reduce nesting of ceph management code (noref)
* nova: Remove obsolete rbd/ceph attributes (trivial)
* cinder: SES integration (SOC-11117)
* cinder: Disable use_crowbar default (SOC-11117)
* glance: SES integration (SOC-11118)
Changes in documentation-suse-openstack-cloud:
- Update to version 8.20200319:
* Adding ses-integration docs to cloud 8 (noref)
* Fix bsc-1130532. Add feedback
* fix bsc-1130532
- Update to version 8.20200116:
* Fixing links from suse.com/doc to new URL (noref)
- Update to version 8.20200224:
* Designate: add instructions on using PowerDNS backend (SOC-11051)
* Designate: recommend deploying DNS in a cluster in HA deployment
(SOC-10636)
* message to add non-admin node for public network (SOC-10658)
* update designate deployment (SOC-8739)
* add designate barclamp (SCRD-8739)
* remove Designate name server instruction (bsc#1125357,SCRD-7649)
- Update to version 8.20200130:
* Add instructions for lbaas v2 loadbalancers (SOC-10980) (#1253)
- Update to version 8.20191211:
* Specify that manila-share should be installed on the control node
(SOC-10938) (#1230)
* Remove (commented) mention of phrases-decl.ent (trivial)
- Update to version 8.20191206:
* Clarify keyring chown instructions for Ceph (bsc#1111180)
* Clarify VSA/Ceph support in HOS 8 , SOC-10981 (bsc#144694)
- Update to version 8.20191205:
* Update incorrect Manila install/setup instructions (SOC-10975)
- Update to version 8.20191029:
* Supplement/UAdmin: Group guides on documentation.suse.com (trivial)
- Update to version 8.20191023:
* fix instructions for TLS certitificate renewal (SOC-10846)
- Update to version 8.20191002:
* Added missing edit (SOC-8480)
* Adding Carl's second round of edits (SOC-8480)
* Removing accidentally re-added guilabels (SOC-8480)
* Applying Carl's edits (SOC-8480)
* Optimizing PNGs (SOC-8480)
* Removing guilabel complaint (SOC-8480)
* Adding xi:include to commit (SOC-8480)
* Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)
* Add SSLCA-SelfSigned cert info to SOC Crowbar documentation (SOC-8480)
- Update to version 8.20190923:
* remove zvm references, only in SOC6 (noref)
- Update to version 8.20190920:
* remove workaround, leave description (bsc#1151206)
* add qos to neutron not supported (bsc#1151206)
- Update to version 8.20190829:
* add available clients, dedicated CLM (bsc#1148426)
* add tempest to service components, dedicated CLM (bsc#1148426)
- Update to version 8.20190823:
* Create CC-BY license file (noref)
* for MariaDB update, db cluster must be running, healthy (bsc#1132852)
- Update to version 8.20190820:
* Fix broken URLs (SOC-10109)
- Update to version 8.20190820:
* add requirement for dummy entries in servers.yml (bsc#1146206)
- Update to version 8.20190816:
* add workaround for partition image resize (bsc#1145498)
- Update to version 8.20190813:
* MANAGEMENT network group cannot be changed, is required (SOC-10106)
* remove NSX references from Crowbar deployment (SOC-10081)
Changes in memcached:
- version update to 1.5.17
* bugfixes fix strncpy call in stats conns to avoid ASAN violation
(bsc#1149110, CVE-2019-15026) extstore: fix indentation add error
handling when calling dup function add unlock when item_cachedump
malloc failed extstore: emulate pread(v) for macOS fix off-by-one in
logger to allow CAS commands to be logged. use strdup for explicitly
configured slab sizes move mem_requested from slabs.c to items.c
(internal cleanup)
* new features add server address to the "stats conns" output log client
connection id with fetchers and mutations Add a handler for seccomp
crashes
- version update to 1.5.16
* bugfixes When nsuffix is 0 space for flags hasn't been allocated so
don't memcpy them.
- version update to 1.5.15
* bugfixes Speed up incr/decr by replacing snprintf. Use correct buffer
size for internal URI encoding. change some links from http to https
Fix small memory leak in testapp.c. free window_global in
slab_automove_extstore.c remove inline_ascii_response option
-Y [filename] for ascii authentication mode fix: idle-timeout wasn't
compatible with binprot
* features
-Y [authfile] enables an authentication mode for ASCII protocol.
- modified patches % memcached-autofoo.patch (refreshed)
- version update to 1.5.14
* update -h output for -I (max item size)
* fix segfault in "lru" command (bsc#1133817, CVE-2019-11596)
* fix compile error on centos7
* extstore: error adjusting page_size after ext_path
* extstore: fix segfault if page_count is too high.
* close delete + incr item survival race bug
* memcached-tool dump fix loss of exp value
* Fix "qw" in "MemcachedTest.pm" so wait_ext_flush is exported properly
* Experimental TLS support.
* Basic implementation of TLS for memcached.
* Improve Get And Touch documentation
* fix INCR/DECR refcount leak for invalid items
- modified patches % memcached-autofoo.patch (refreshed)
- Version bump to 1.5.11:
* extstore: balance IO thread queues
- Drop memcached-fix_test.patch that is present now upstream
- Add patch to fix aarch64, ppc64* and s390x tests:
* memcached-fix_test.patch
- Fix linter errors regarding COPYING
- update to 1.5.10:
* disruptive change in extstore: -o ext_page_count= is deprecated and no
longer works. To specify size: -o ext_path=/d/m/e:500G extstore
figures out the page count based on your desired page size. M|G|T|P
supported.
* extstore: Add basic JBOD support: ext_path can be specified multiple
times for striping onto simimar devices
* fix alignment issues on some ARM platforms for chunked items
- Update to 1.5.9:
* Bugfix release.
* Important note: if using --enable-seccomp, privilege dropping is no
longer on by default. The feature is experimental and many users are
reporting hard to diagnose problems on varied platforms.
* Seccomp is now marked EXPERIMENTAL, and must be explicitly enabled by
adding -o drop_privileges. Once we're more confident with the
usability of the feature, it will be enabled in -o modern, like any
other new change. You should only use it if you are willing to
carefully test it, especially if you're a vendor or distribution.
* Also important is a crash fix in extstore when using the ASCII
protocol, large items, and running low on memory.
- update to 1.5.8:
* Bugfixes for seccomp and extstore
* Extstore platform portability has been greatly improved for ARM and
32bit systems
- includes changes from 1.5.7:
* Fix alignment issues for 64bit ARM processors
* Fix seccomp portability
* Fix refcount leak with extstore while using binary touch commands
- turn on the testsuite again, it seems to pass server side, too
- Home directory shouldn't be world readable bsc#1077718
- Mention that this stream isn't affected by bsc#1085209, CVE-2018-1000127
to make the checker bots happy.
Changes in openstack-manila:
- Update to version manila-5.1.1.dev5:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
* share\_networks: enable project\_only API only
Changes in openstack-manila:
- Rebased patches:
+ cve-2020-9543-stable-pike.patch dropped (merged upstream)
- Update to version manila-5.1.1.dev5:
* Fix manila-tempest-minimal-dsvm-lvm-centos-7 job
* share\_networks: enable project\_only API only
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev63:
* ovs agent: signal to plugin if tunnel refresh needed
* Do not initialize snat-ns twice
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev63:
* ovs agent: signal to plugin if tunnel refresh needed
* Do not initialize snat-ns twice
Changes in openstack-nova:
- Update to version nova-16.1.9.dev61:
* Avoid circular reference during serialization
* Mask the token used to allow access to consoles
* Improve metadata server performance with large security groups
* Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs
- Update to version nova-16.1.9.dev54:
* pike-only: remove broken non-voting ceph jobs
* nova-live-migration: Wait for n-cpu services to come up after
configuring Ceph
* rt: only map compute node if we created it
Changes in openstack-nova:
- Update to version nova-16.1.9.dev61:
* Avoid circular reference during serialization
* Mask the token used to allow access to consoles
* Improve metadata server performance with large security groups
* Remove exp legacy-tempest-dsvm-full-devstack-plugin-nfs
- Update to version nova-16.1.9.dev54:
* pike-only: remove broken non-voting ceph jobs
* nova-live-migration: Wait for n-cpu services to come up after
configuring Ceph
* rt: only map compute node if we created it
Changes in pdns:
- Add missing "BuildRequires: libmysqlclient-devel" to allow the package
to build correctly.
- CVE-2019-3871-auth-4.1.6.patch: fixes insufficient validation in HTTP
remote backend (bsc#1129734, CVE-2019-3871)
- CVE-2018-10851-auth-4.1.4.patch: fixes DoS via crafted zone record
(bnc#1114157, CVE-2018-10851)
- CVE-2018-14626-auth-4.1.4.patch: fixes an issue allowing a remote user
to craft a DNS query that will cause an answer without DNSSEC records to
be inserted into the packet cache and be returned to clients asking for
DNSSEC records, thus hiding the presence of DNSSEC signatures leading to
a potential DoS (bsc#1114169, CVE-2018-14626)
Changes in python-amqp:
- Make it build for SLE12SP3:
- remove pytest-sugar build dependency
- used %doc macro instead of %license
- Removed patches that are already included in 2.4.2
-
0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patc
h (SOC-9144)
- 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
(bsc#1115904)
- Update to 2.4.2:
- Added support for the Cygwin platform
- Correct offset incrementation when parsing bitmaps.
- Consequent bitmaps are now parsed correctly.
- Better call of py.test
- Add versions to dependencies
- Remove python-sasl from build dependencies
- Update to version 2.4.1
* To avoid breaking the API basic_consume() now returns the consumer tag
instead of a tuple when nowait is True.
* Fix crash in basic_publish when broker does not support
connection.blocked capability.
* read_frame() is now Python 3 compatible for large payloads.
* Support float read_timeout/write_timeout.
* Always treat SSLError timeouts as socket timeouts.
* Treat EWOULDBLOCK as timeout.
- from 2.4.0
* Fix inconsistent frame_handler return value. The function returned by
frame_handler is meant to return True
once the complete message is received and the callback is called,
False otherwise. This fixes the return value for messages with a body
split across multiple frames, and heartbeat frames.
* Don't default content_encoding to utf-8 for bytes. This is not an
acceptable default as the content may not be valid utf-8, and even if
it is, the producer likely does not expect the message to be decoded
by the consumer.
* Fix encoding of messages with multibyte characters. Body length was
previously calculated using string length, which may be less than the
length of the encoded body when it contains multibyte sequences. This
caused the body of the frame to be truncated.
* Respect content_encoding when encoding messages. Previously the
content_encoding was ignored and messages were always encoded as
utf-8. This caused messages to be incorrectly decoded if
content_encoding is properly respected when decoding.
* Fix AMQP protocol header for AMQP 0-9-1. Previously it was set to a
different value for unknown reasons.
* Add support for Python 3.7. Change direct SSLSocket instantiation with
wrap_socket.
* Add support for field type "x" (byte array).
* If there is an exception raised on Connection.connect or
Connection.close, ensure that the underlying transport socket is
closed. Adjust exception message on connection errors as well.
* TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD
platforms.
* Handle negative acknowledgments.
* Added integration tests.
* Fix basic_consume() with no consumer_tag provided.
* Improved empty AMQPError string representation.
* Drain events before publish. This is needed to capture out of memory
messages for clients that only publish. Otherwise on_blocked is never
called.
* Don't revive channel when connection is closing. When connection is
closing don't raise error when Channel.Close method is received.
Changes in zookeeper:
- Apply 0002-Apply-patch-to-resolve-CVE-2019-0201.patch This applies the
patch for ZOOKEEPER-1392 to resolve CVE-2019-0201 Should not allow to
read ACL when not authorized to read node (bsc#1135773)
- Various cleanups in spec file
- Fixed off-by-one in zkCleanTRX.sh and made output more useful
(bsc#1048688, FATE#323204)
- Fixed ExecStartPre statment in service file
- added zkCleanTRX.sh to clean up 0 length transaction logs
- Update to to zookeeper-3.4.10 (bsc#1040519)
* Fixes CVE-2017-5637
- Remove Changes.txt (missing as of 3.4.10)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1066=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1066=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2020-1066=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
crowbar-ha-5.0+git.1585316176.344190f-3.32.1
crowbar-openstack-5.0+git.1585304226.2164b7895-4.37.1
documentation-suse-openstack-cloud-deployment-8.20200319-1.23.1
documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1
documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1
documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1
openstack-manila-5.1.1~dev5-3.26.2
openstack-manila-api-5.1.1~dev5-3.26.2
openstack-manila-data-5.1.1~dev5-3.26.2
openstack-manila-doc-5.1.1~dev5-3.26.1
openstack-manila-scheduler-5.1.1~dev5-3.26.2
openstack-manila-share-5.1.1~dev5-3.26.2
openstack-neutron-11.0.9~dev63-3.30.2
openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
openstack-neutron-doc-11.0.9~dev63-3.30.1
openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
openstack-neutron-server-11.0.9~dev63-3.30.2
openstack-nova-16.1.9~dev61-3.35.2
openstack-nova-api-16.1.9~dev61-3.35.2
openstack-nova-cells-16.1.9~dev61-3.35.2
openstack-nova-compute-16.1.9~dev61-3.35.2
openstack-nova-conductor-16.1.9~dev61-3.35.2
openstack-nova-console-16.1.9~dev61-3.35.2
openstack-nova-consoleauth-16.1.9~dev61-3.35.2
openstack-nova-doc-16.1.9~dev61-3.35.1
openstack-nova-novncproxy-16.1.9~dev61-3.35.2
openstack-nova-placement-api-16.1.9~dev61-3.35.2
openstack-nova-scheduler-16.1.9~dev61-3.35.2
openstack-nova-serialproxy-16.1.9~dev61-3.35.2
openstack-nova-vncproxy-16.1.9~dev61-3.35.2
python-amqp-2.4.2-3.9.1
python-manila-5.1.1~dev5-3.26.2
python-neutron-11.0.9~dev63-3.30.2
python-nova-16.1.9~dev61-3.35.2
zookeeper-server-3.4.10-3.6.1
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
crowbar-core-5.0+git.1585575551.16781d00d-3.38.1
crowbar-core-branding-upstream-5.0+git.1585575551.16781d00d-3.38.1
memcached-1.5.17-3.3.1
memcached-debuginfo-1.5.17-3.3.1
memcached-debugsource-1.5.17-3.3.1
ruby2.1-rubygem-puma-2.16.0-3.6.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-3.6.1
rubygem-puma-debugsource-2.16.0-3.6.1
- SUSE OpenStack Cloud 8 (noarch):
ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1
ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1
ardana-db-8.0+git.1583944923.03cca6c-3.31.1
ardana-monasca-8.0+git.1583944894.38f023a-3.24.1
ardana-mq-8.0+git.1583944811.dc14403-3.19.1
ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1
ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1
ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1
documentation-suse-openstack-cloud-installation-8.20200319-1.23.1
documentation-suse-openstack-cloud-operations-8.20200319-1.23.1
documentation-suse-openstack-cloud-opsconsole-8.20200319-1.23.1
documentation-suse-openstack-cloud-planning-8.20200319-1.23.1
documentation-suse-openstack-cloud-security-8.20200319-1.23.1
documentation-suse-openstack-cloud-supplement-8.20200319-1.23.1
documentation-suse-openstack-cloud-upstream-admin-8.20200319-1.23.1
documentation-suse-openstack-cloud-upstream-user-8.20200319-1.23.1
documentation-suse-openstack-cloud-user-8.20200319-1.23.1
openstack-manila-5.1.1~dev5-3.26.2
openstack-manila-api-5.1.1~dev5-3.26.2
openstack-manila-data-5.1.1~dev5-3.26.2
openstack-manila-doc-5.1.1~dev5-3.26.1
openstack-manila-scheduler-5.1.1~dev5-3.26.2
openstack-manila-share-5.1.1~dev5-3.26.2
openstack-neutron-11.0.9~dev63-3.30.2
openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
openstack-neutron-doc-11.0.9~dev63-3.30.1
openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
openstack-neutron-server-11.0.9~dev63-3.30.2
openstack-nova-16.1.9~dev61-3.35.2
openstack-nova-api-16.1.9~dev61-3.35.2
openstack-nova-cells-16.1.9~dev61-3.35.2
openstack-nova-compute-16.1.9~dev61-3.35.2
openstack-nova-conductor-16.1.9~dev61-3.35.2
openstack-nova-console-16.1.9~dev61-3.35.2
openstack-nova-consoleauth-16.1.9~dev61-3.35.2
openstack-nova-doc-16.1.9~dev61-3.35.1
openstack-nova-novncproxy-16.1.9~dev61-3.35.2
openstack-nova-placement-api-16.1.9~dev61-3.35.2
openstack-nova-scheduler-16.1.9~dev61-3.35.2
openstack-nova-serialproxy-16.1.9~dev61-3.35.2
openstack-nova-vncproxy-16.1.9~dev61-3.35.2
python-amqp-2.4.2-3.9.1
python-manila-5.1.1~dev5-3.26.2
python-neutron-11.0.9~dev63-3.30.2
python-nova-16.1.9~dev61-3.35.2
venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1
venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1
venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1
venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1
venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1
venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1
venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1
venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1
venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1
venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1
venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1
venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1
venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1
venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1
zookeeper-server-3.4.10-3.6.1
- SUSE OpenStack Cloud 8 (x86_64):
memcached-1.5.17-3.3.1
memcached-debuginfo-1.5.17-3.3.1
memcached-debugsource-1.5.17-3.3.1
pdns-4.1.2-3.6.1
pdns-backend-mysql-4.1.2-3.6.1
pdns-backend-mysql-debuginfo-4.1.2-3.6.1
pdns-debuginfo-4.1.2-3.6.1
pdns-debugsource-4.1.2-3.6.1
- HPE Helion Openstack 8 (x86_64):
memcached-1.5.17-3.3.1
memcached-debuginfo-1.5.17-3.3.1
memcached-debugsource-1.5.17-3.3.1
pdns-4.1.2-3.6.1
pdns-backend-mysql-4.1.2-3.6.1
pdns-backend-mysql-debuginfo-4.1.2-3.6.1
pdns-debuginfo-4.1.2-3.6.1
pdns-debugsource-4.1.2-3.6.1
- HPE Helion Openstack 8 (noarch):
ardana-ansible-8.0+git.1583432621.24fa60e-3.70.1
ardana-barbican-8.0+git.1585152761.8ef3d61-4.33.1
ardana-db-8.0+git.1583944923.03cca6c-3.31.1
ardana-monasca-8.0+git.1583944894.38f023a-3.24.1
ardana-mq-8.0+git.1583944811.dc14403-3.19.1
ardana-neutron-8.0+git.1584715262.e4ea620-3.39.1
ardana-octavia-8.0+git.1585171918.418f5cf-3.26.1
ardana-tempest-8.0+git.1585311051.6ab5488-3.33.1
documentation-hpe-helion-openstack-installation-8.20200319-1.23.1
documentation-hpe-helion-openstack-operations-8.20200319-1.23.1
documentation-hpe-helion-openstack-opsconsole-8.20200319-1.23.1
documentation-hpe-helion-openstack-planning-8.20200319-1.23.1
documentation-hpe-helion-openstack-security-8.20200319-1.23.1
documentation-hpe-helion-openstack-user-8.20200319-1.23.1
openstack-manila-5.1.1~dev5-3.26.2
openstack-manila-api-5.1.1~dev5-3.26.2
openstack-manila-data-5.1.1~dev5-3.26.2
openstack-manila-doc-5.1.1~dev5-3.26.1
openstack-manila-scheduler-5.1.1~dev5-3.26.2
openstack-manila-share-5.1.1~dev5-3.26.2
openstack-neutron-11.0.9~dev63-3.30.2
openstack-neutron-dhcp-agent-11.0.9~dev63-3.30.2
openstack-neutron-doc-11.0.9~dev63-3.30.1
openstack-neutron-ha-tool-11.0.9~dev63-3.30.2
openstack-neutron-l3-agent-11.0.9~dev63-3.30.2
openstack-neutron-linuxbridge-agent-11.0.9~dev63-3.30.2
openstack-neutron-macvtap-agent-11.0.9~dev63-3.30.2
openstack-neutron-metadata-agent-11.0.9~dev63-3.30.2
openstack-neutron-metering-agent-11.0.9~dev63-3.30.2
openstack-neutron-openvswitch-agent-11.0.9~dev63-3.30.2
openstack-neutron-server-11.0.9~dev63-3.30.2
openstack-nova-16.1.9~dev61-3.35.2
openstack-nova-api-16.1.9~dev61-3.35.2
openstack-nova-cells-16.1.9~dev61-3.35.2
openstack-nova-compute-16.1.9~dev61-3.35.2
openstack-nova-conductor-16.1.9~dev61-3.35.2
openstack-nova-console-16.1.9~dev61-3.35.2
openstack-nova-consoleauth-16.1.9~dev61-3.35.2
openstack-nova-doc-16.1.9~dev61-3.35.1
openstack-nova-novncproxy-16.1.9~dev61-3.35.2
openstack-nova-placement-api-16.1.9~dev61-3.35.2
openstack-nova-scheduler-16.1.9~dev61-3.35.2
openstack-nova-serialproxy-16.1.9~dev61-3.35.2
openstack-nova-vncproxy-16.1.9~dev61-3.35.2
python-amqp-2.4.2-3.9.1
python-manila-5.1.1~dev5-3.26.2
python-neutron-11.0.9~dev63-3.30.2
python-nova-16.1.9~dev61-3.35.2
venv-openstack-aodh-x86_64-5.1.1~dev7-12.24.1
venv-openstack-barbican-x86_64-5.0.2~dev3-12.25.1
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.22.1
venv-openstack-cinder-x86_64-11.2.3~dev23-14.25.1
venv-openstack-designate-x86_64-5.0.3~dev7-12.23.1
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.20.1
venv-openstack-glance-x86_64-15.0.3~dev3-12.23.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.25.1
venv-openstack-ironic-x86_64-9.1.8~dev8-12.25.1
venv-openstack-keystone-x86_64-12.0.4~dev5-11.26.1
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.24.1
venv-openstack-manila-x86_64-5.1.1~dev5-12.29.1
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.20.1
venv-openstack-murano-x86_64-4.0.2~dev2-12.20.1
venv-openstack-neutron-x86_64-11.0.9~dev63-13.28.1
venv-openstack-nova-x86_64-16.1.9~dev61-11.26.1
venv-openstack-octavia-x86_64-1.0.6~dev3-12.25.1
venv-openstack-sahara-x86_64-7.0.5~dev4-11.24.1
venv-openstack-trove-x86_64-8.0.2~dev2-11.24.1
zookeeper-server-3.4.10-3.6.1
References:
https://www.suse.com/security/cve/CVE-2017-5637.html
https://www.suse.com/security/cve/CVE-2018-10851.html
https://www.suse.com/security/cve/CVE-2018-14626.html
https://www.suse.com/security/cve/CVE-2019-0201.html
https://www.suse.com/security/cve/CVE-2019-11596.html
https://www.suse.com/security/cve/CVE-2019-15026.html
https://www.suse.com/security/cve/CVE-2019-3871.html
https://www.suse.com/security/cve/CVE-2020-5247.html
https://www.suse.com/security/cve/CVE-2020-9543.html
https://bugzilla.suse.com/1040519
https://bugzilla.suse.com/1048688
https://bugzilla.suse.com/1077718
https://bugzilla.suse.com/1111180
https://bugzilla.suse.com/1114157
https://bugzilla.suse.com/1114169
https://bugzilla.suse.com/1115904
https://bugzilla.suse.com/1125357
https://bugzilla.suse.com/1129734
https://bugzilla.suse.com/1132852
https://bugzilla.suse.com/1133817
https://bugzilla.suse.com/1135773
https://bugzilla.suse.com/1145498
https://bugzilla.suse.com/1146206
https://bugzilla.suse.com/1148426
https://bugzilla.suse.com/1149110
https://bugzilla.suse.com/1149535
https://bugzilla.suse.com/1151206
https://bugzilla.suse.com/1165402
https://bugzilla.suse.com/1165643
https://bugzilla.suse.com/1166290
https://bugzilla.suse.com/1167240
https://bugzilla.suse.com/144694
More information about the sle-security-updates
mailing list