SUSE-SU-2020:3896-1: important: Security update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Dec 21 10:16:13 MST 2020
- Previous message: SUSE-SU-2020:14584-1: critical: Security update for MozillaFirefox
- Next message: SUSE-SU-2020:3897-1: important: Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
SUSE Security Update: Security update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:3896-1
Rating: important
References: #1117080 #1125815 #1132174 #1132323 #1178243
#1178988 #1179161 SOC-11240
Cross-References: CVE-2016-10745 CVE-2018-17954 CVE-2019-10906
CVE-2019-20933 CVE-2019-8341 CVE-2020-24303
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
An update that solves 6 vulnerabilities, contains one
feature and has one errata is now available.
Description:
This update for crowbar-core, crowbar-openstack, grafana, influxdb,
openstack-heat-templates, openstack-nova, python-Jinja2 fixes the
following issues:
Security fixes included in this request:
grafana:
- CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243)
influxdb:
- CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988)
python-Jinja2:
- CVE-2019-10906, CVE-2019-8341, CVE-2016-10745: "SandboxedEnvironment"
securely handles "str.format_map" in order to prevent code execution
through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174)
Non-security fixes included in this request:
Changes in crowbar-core.SUSE_SLE-12-SP3_Update_Products_Cloud8:
- Update to version 5.0+git.1606840757.839a64745:
* ntp: Do not use rate-limiting (bsc#1179161)
Changes in crowbar-openstack.SUSE_SLE-12-SP3_Update_Products_Cloud8:
- Update to version 5.0+git.1604938523.ded915845:
* rabbitmq: Fix crm running check (SOC-11240)
Changes in grafana.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update:
- Fix bsc#1178243 CVE-2020-24303 by adding
25401-Fix-XSS-vulnerability-with-series-overrides.patch
Changes in influxdb.SUSE_SLE-12-SP3_Update_Products_Cloud8:
- Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to fix
authentication bypass
- Declare license files correctly
Changes in
openstack-heat-templates.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update:
- Update to version 0.0.0+git.1605509190.64f020b:
* Fix software config on rdo
* optimize size and time using --no-cache-dir
* add template for servers using Octavia
- Update to version 0.0.0+git.1604032742.c5733ee:
* Move heat-templates-check job to zuul v3
Changes in
openstack-nova-doc.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update:
- Update to version nova-16.1.9.dev77:
* Follow up for cherry-pick check for merge patch
Changes in openstack-nova.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update:
- Update to version nova-16.1.9.dev77:
* Follow up for cherry-pick check for merge patch
Changes in python-Jinja2.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update:
- add 0001-sandbox-str.format_map.patch (bsc#1132323, CVE-2019-10906,
bsc#1125815, CVE-2019-8341)
* "SandboxedEnvironment" securely handles "str.format_map" in order to
prevent code execution through untrusted format strings. The sandbox
already handled "str.format".
- add 0001-SECURITY-support-sandboxing-in-format-expressions.patch
(bsc#1132174, CVE-2016-10745)
- Allows Recommends and Suggest in Fedora
- Recommends only for SUSE
Changes in rubygem-crowbar-client:
- Update to 3.9.3
- Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3896=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3896=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2020-3896=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
crowbar-openstack-5.0+git.1604938523.ded915845-4.46.1
openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1
openstack-nova-16.1.9~dev77-3.42.1
openstack-nova-api-16.1.9~dev77-3.42.1
openstack-nova-cells-16.1.9~dev77-3.42.1
openstack-nova-compute-16.1.9~dev77-3.42.1
openstack-nova-conductor-16.1.9~dev77-3.42.1
openstack-nova-console-16.1.9~dev77-3.42.1
openstack-nova-consoleauth-16.1.9~dev77-3.42.1
openstack-nova-doc-16.1.9~dev77-3.42.1
openstack-nova-novncproxy-16.1.9~dev77-3.42.1
openstack-nova-placement-api-16.1.9~dev77-3.42.1
openstack-nova-scheduler-16.1.9~dev77-3.42.1
openstack-nova-serialproxy-16.1.9~dev77-3.42.1
openstack-nova-vncproxy-16.1.9~dev77-3.42.1
python-Jinja2-2.9.6-3.3.1
python-nova-16.1.9~dev77-3.42.1
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
crowbar-core-5.0+git.1606840757.839a64745-3.47.1
crowbar-core-branding-upstream-5.0+git.1606840757.839a64745-3.47.1
grafana-6.7.4-4.15.1
grafana-debuginfo-6.7.4-4.15.1
influxdb-1.3.4-4.3.1
influxdb-debuginfo-1.3.4-4.3.1
influxdb-debugsource-1.3.4-4.3.1
ruby2.1-rubygem-crowbar-client-3.9.3-3.15.1
- SUSE OpenStack Cloud 8 (noarch):
openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1
openstack-nova-16.1.9~dev77-3.42.1
openstack-nova-api-16.1.9~dev77-3.42.1
openstack-nova-cells-16.1.9~dev77-3.42.1
openstack-nova-compute-16.1.9~dev77-3.42.1
openstack-nova-conductor-16.1.9~dev77-3.42.1
openstack-nova-console-16.1.9~dev77-3.42.1
openstack-nova-consoleauth-16.1.9~dev77-3.42.1
openstack-nova-doc-16.1.9~dev77-3.42.1
openstack-nova-novncproxy-16.1.9~dev77-3.42.1
openstack-nova-placement-api-16.1.9~dev77-3.42.1
openstack-nova-scheduler-16.1.9~dev77-3.42.1
openstack-nova-serialproxy-16.1.9~dev77-3.42.1
openstack-nova-vncproxy-16.1.9~dev77-3.42.1
python-Jinja2-2.9.6-3.3.1
python-nova-16.1.9~dev77-3.42.1
venv-openstack-aodh-x86_64-5.1.1~dev7-12.30.1
venv-openstack-barbican-x86_64-5.0.2~dev3-12.31.1
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.28.1
venv-openstack-cinder-x86_64-11.2.3~dev29-14.32.1
venv-openstack-designate-x86_64-5.0.3~dev7-12.29.1
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.26.1
venv-openstack-glance-x86_64-15.0.3~dev3-12.29.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.31.1
venv-openstack-ironic-x86_64-9.1.8~dev8-12.31.1
venv-openstack-keystone-x86_64-12.0.4~dev11-11.32.1
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.30.1
venv-openstack-manila-x86_64-5.1.1~dev5-12.35.1
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.26.1
venv-openstack-monasca-x86_64-2.2.2~dev1-11.26.1
venv-openstack-murano-x86_64-4.0.2~dev2-12.26.1
venv-openstack-neutron-x86_64-11.0.9~dev69-13.34.1
venv-openstack-nova-x86_64-16.1.9~dev77-11.32.1
venv-openstack-octavia-x86_64-1.0.6~dev3-12.31.1
venv-openstack-sahara-x86_64-7.0.5~dev4-11.30.1
venv-openstack-trove-x86_64-8.0.2~dev2-11.30.1
- SUSE OpenStack Cloud 8 (x86_64):
grafana-6.7.4-4.15.1
grafana-debuginfo-6.7.4-4.15.1
influxdb-1.3.4-4.3.1
influxdb-debuginfo-1.3.4-4.3.1
influxdb-debugsource-1.3.4-4.3.1
- HPE Helion Openstack 8 (noarch):
openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1
openstack-nova-16.1.9~dev77-3.42.1
openstack-nova-api-16.1.9~dev77-3.42.1
openstack-nova-cells-16.1.9~dev77-3.42.1
openstack-nova-compute-16.1.9~dev77-3.42.1
openstack-nova-conductor-16.1.9~dev77-3.42.1
openstack-nova-console-16.1.9~dev77-3.42.1
openstack-nova-consoleauth-16.1.9~dev77-3.42.1
openstack-nova-doc-16.1.9~dev77-3.42.1
openstack-nova-novncproxy-16.1.9~dev77-3.42.1
openstack-nova-placement-api-16.1.9~dev77-3.42.1
openstack-nova-scheduler-16.1.9~dev77-3.42.1
openstack-nova-serialproxy-16.1.9~dev77-3.42.1
openstack-nova-vncproxy-16.1.9~dev77-3.42.1
python-Jinja2-2.9.6-3.3.1
python-nova-16.1.9~dev77-3.42.1
venv-openstack-aodh-x86_64-5.1.1~dev7-12.30.1
venv-openstack-barbican-x86_64-5.0.2~dev3-12.31.1
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.28.1
venv-openstack-cinder-x86_64-11.2.3~dev29-14.32.1
venv-openstack-designate-x86_64-5.0.3~dev7-12.29.1
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.26.1
venv-openstack-glance-x86_64-15.0.3~dev3-12.29.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.31.1
venv-openstack-ironic-x86_64-9.1.8~dev8-12.31.1
venv-openstack-keystone-x86_64-12.0.4~dev11-11.32.1
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.30.1
venv-openstack-manila-x86_64-5.1.1~dev5-12.35.1
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.26.1
venv-openstack-monasca-x86_64-2.2.2~dev1-11.26.1
venv-openstack-murano-x86_64-4.0.2~dev2-12.26.1
venv-openstack-neutron-x86_64-11.0.9~dev69-13.34.1
venv-openstack-nova-x86_64-16.1.9~dev77-11.32.1
venv-openstack-octavia-x86_64-1.0.6~dev3-12.31.1
venv-openstack-sahara-x86_64-7.0.5~dev4-11.30.1
venv-openstack-trove-x86_64-8.0.2~dev2-11.30.1
- HPE Helion Openstack 8 (x86_64):
grafana-6.7.4-4.15.1
grafana-debuginfo-6.7.4-4.15.1
influxdb-1.3.4-4.3.1
influxdb-debuginfo-1.3.4-4.3.1
influxdb-debugsource-1.3.4-4.3.1
References:
https://www.suse.com/security/cve/CVE-2016-10745.html
https://www.suse.com/security/cve/CVE-2018-17954.html
https://www.suse.com/security/cve/CVE-2019-10906.html
https://www.suse.com/security/cve/CVE-2019-20933.html
https://www.suse.com/security/cve/CVE-2019-8341.html
https://www.suse.com/security/cve/CVE-2020-24303.html
https://bugzilla.suse.com/1117080
https://bugzilla.suse.com/1125815
https://bugzilla.suse.com/1132174
https://bugzilla.suse.com/1132323
https://bugzilla.suse.com/1178243
https://bugzilla.suse.com/1178988
https://bugzilla.suse.com/1179161
- Previous message: SUSE-SU-2020:14584-1: critical: Security update for MozillaFirefox
- Next message: SUSE-SU-2020:3897-1: important: Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the sle-security-updates
mailing list