SUSE-SU-2020:3897-1: important: Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Mon Dec 21 10:17:48 MST 2020


   SUSE Security Update: Security update for ardana-cassandra, ardana-mq, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb, openstack-cinder, openstack-heat, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, python-Jinja2, python-pysaml2, python-pytest, python-urllib3, release-notes-suse-openstack-cloud, spark
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3897-1
Rating:             important
References:         #1125815 #1132174 #1132323 #1160851 #1177120 
                    #1177611 #1178243 #1178988 SCRD-8681 SOC-11184 
                    SOC-11240 SOC-11391 SOC-7751 SOC-8764 SOC-9178 
                    SOC-9781 
Cross-References:   CVE-2016-10745 CVE-2019-10906 CVE-2019-20933
                    CVE-2019-8341 CVE-2020-24303 CVE-2020-26137
                    CVE-2020-5390
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that solves 7 vulnerabilities, contains 8
   features and has one errata is now available.

Description:

   This update for ardana-cassandra, ardana-mq, ardana-osconfig,
   ardana-tempest, crowbar-core, crowbar-openstack, grafana, influxdb,
   openstack-cinder, openstack-heat, openstack-heat-gbp,
   openstack-heat-templates, openstack-horizon-plugin-gbp-ui,
   openstack-ironic-python-agent, openstack-manila, openstack-neutron,
   openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova,
   python-Jinja2, python-pysaml2, python-pytest, python-urllib3,
   release-notes-suse-openstack-cloud, spark fixes the following issues:

   Security changes included on this update:

   grafana:
   - CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243)

   influxdb:
   - CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988)

   python-Jinja2:
   - CVE-2019-10906,CVE-2019-8341,CVE-2016-10745: "SandboxedEnvironment"
     securely handles "str.format_map" in order to prevent code execution
     through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174)

   python-pysaml2:
   - CVE-2020-5390: Fixed an issue where there was no check that the
     signature in a SAML document is enveloped. (bsc#1160851)

   python-urllib3:
   - CVE-2020-26137: Fixed a CRLF injection via HTTP request method.
     (bsc#1177120)

   Non-security changes included in this update:

   Changes in ardana-cassandra:
   - Update to version 9.0+git.1600802664.7e480a2:
     * Remove freezer related backup/restore code (SOC-7751)

   Changes in ardana-mq:
   - Update to version 9.0+git.1605174486.a78ddce:
     * Re-enable mirroring of fanout and reply queues (bsc#1177611)

   Changes in ardana-osconfig:
   - Update to version 9.0+git.1601621747.a87e5a0:
     * HOS8 check needs to be a shell rather than command (SOC-11184)

   Changes in ardana-tempest:
   - Update to version 9.0+git.1603378983.fc0bca9:
     * Enable VPNaaS testing (SOC-8764)

   - Update to version 9.0+git.1599855218.875b2f3:
     * unblacklist some revert tests (SOC-9178)

   Changes in crowbar-core:
   - Update to version 6.0+git.1606314264.bf9ada813:
     * ntp: Do not use rate-limiting (bsc#1179161)

   - Update to version 6.0+git.1600414599.150832ca2:
     * Ignore CVE-2020-15169 (SOC-11391)

   Changes in crowbar-openstack:
   - Update to version 6.0+git.1604573541.bb18c172d:
     * rabbitmq: Fix crm running check (SOC-11240)

   - Update to version 6.0+git.1604491402.b4dbba849:
     * Remove aspiers from CODEOWNERS
     * Remove cmurphy from CODEOWNERS

   Changes in grafana:
   - Fix bsc#1178243 CVE-2020-24303 by adding
     25401-Fix-XSS-vulnerability-with-series-overrides.patch

   Changes in influxdb:
   - Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to fix
     authentication bypass
   - Declare license files correctly

   Changes in openstack-cinder:
   - Update to version cinder-13.0.10.dev20:
     * PowerMax Driver - Legacy volumes fail to live migrate

   - Update to version cinder-13.0.10.dev19:
     * RBD: Cleanup temporary file during exception

   - Update to version cinder-13.0.10.dev17:
     * Remove experimental job legacy-tempest-dsvm-zeromq-multibackend

   Changes in openstack-cinder:
   - Update to version cinder-13.0.10.dev20:
     * PowerMax Driver - Legacy volumes fail to live migrate

   - Update to version cinder-13.0.10.dev19:
     * RBD: Cleanup temporary file during exception

   - Update to version cinder-13.0.10.dev17:
     * Remove experimental job legacy-tempest-dsvm-zeromq-multibackend

   Changes in openstack-heat:
   - Update to version openstack-heat-11.0.4.dev4:
     * Check external resources after creation

   - Update to version openstack-heat-11.0.4.dev2:
     * Don't store signal\_url for ec2 signaling of deployments
     * Allow scale-down of ASG as part of update 11.0.3

   Changes in openstack-heat:
   - Update to version openstack-heat-11.0.4.dev4:
     * Check external resources after creation

   - Update to version openstack-heat-11.0.4.dev2:
     * Don't store signal\_url for ec2 signaling of deployments
     * Allow scale-down of ASG as part of update 11.0.3

   Changes in openstack-heat-gbp:
   - Update to version group-based-policy-automation-12.0.1.dev2:
     * Add support for victoria

   - Update to version group-based-policy-automation-12.0.1.dev1:
     * Add network\_id field for L2 Policy Heat Extensions 12.0.0
     * Add support for ussuri
     * Fix master/train gate
     * Add support for train 10.0.0
     * Upgrade for stable/stein branch 9.0.0
     * Updated with 'stable/rocky' branch
     * Replace openstack.org URLs with 'git+https://'
     * OpenDev Migration Patch

   Changes in openstack-heat-templates:
   - Update to version 0.0.0+git.1605509190.64f020b:
     * Fix software config on rdo
     * optimize size and time using --no-cache-dir
     * add template for servers using Octavia

   - Update to version 0.0.0+git.1604032742.c5733ee:
     * Move heat-templates-check job to zuul v3

   Changes in openstack-horizon-plugin-gbp-ui:
   - Update to version group-based-policy-ui-12.0.1.dev3:
     * Remove mox3 from requirements

   - Update to version group-based-policy-ui-12.0.1.dev2:
     * Fix python namespacing
     * Add stable victoria 12.0.0
     * Add support for ussuri
     * Fix master/train gate
     * Add support for train 10.0.0
     * Upgrade for stable/stein branch 9.0.0
     * Upgrading for stable/rocky branch
     * Added Python3 support
     * OpenDev Migration Patch

   Changes in openstack-ironic-python-agent:
   - Update to version ironic-python-agent-3.3.4.dev6:
     * Fix: make Intel CNA hardware manager none generic

   Changes in openstack-manila:
   - Update to version manila-7.4.2.dev57:
     * fix reno file location and indention

   - Update to version manila-7.4.2.dev56:
     * [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'

   - Update to version manila-7.4.2.dev55:
     * [Glusterfs] Fix delete share, mount point not disconnected

   Changes in openstack-manila:
   - Update to version manila-7.4.2.dev57:
     * fix reno file location and indention

   - Update to version manila-7.4.2.dev56:
     * [Glusterfs] Fix delete share, Couldn't find the 'gluster\_used\_vols'

   - Update to version manila-7.4.2.dev55:
     * [Glusterfs] Fix delete share, mount point not disconnected

   Changes in openstack-neutron:
   - Update to version neutron-13.0.8.dev135:
     * Rehome api tests for propagate\_uplink\_status

   - Update to version neutron-13.0.8.dev134:
     * Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue"

   - Update to version neutron-13.0.8.dev132:
     * Drop invalid rootwrap filters
     * ovs firewall: fix mac learning on the ingress rule table when ovs
       offload enabled
     * Add update\_id for ResourceUpdate

   - Update to version neutron-13.0.8.dev126:
     * "ping"/"ping6" command support in rootwrap filters

   - Update to version neutron-13.0.8.dev124:
     * Import "oslo\_config.cfg" before "eventlet"
     * [OvS] Handle re\_added multi ports

   - Update to version neutron-13.0.8.dev120:
     * Local mac direct flow for non-openflow firewall
     * Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib

   - Update to version neutron-13.0.8.dev116:
     * Support gateway which is not in subnet CIDR in ha\_router
     * Ensure fip ip rules deleted when fip removed

   - Update to version neutron-13.0.8.dev112:
     * windows: fix terminating processes
     * [stable/rocky] Drop rally job
     * Don't raise FileNotFoundError during disabling keepalived
     * Load the glibc library only once for Pyroute2

   - Update to version neutron-13.0.8.dev106:
     * Do not fail deleting namespace if it does not exist

   - Update to version neutron-13.0.8.dev104:
     * Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs

   - Update to version neutron-13.0.8.dev103:
     * Use dict .get() to avoid a KeyError in the segment plugin

   - Update to version neutron-13.0.8.dev101:
     * Pass context in l3 flavor notifications
     * Handle properly existing LLA address during l3 agent restart

   - Update to version neutron-13.0.8.dev97:
     * Add 'keepalived\_use\_no\_track' config option

   Changes in openstack-neutron:
   - Update to version neutron-13.0.8.dev135:
     * Rehome api tests for propagate\_uplink\_status

   - Update to version neutron-13.0.8.dev134:
     * Revert "[Security] fix allowed-address-pair 0.0.0.0/0 issue"

   - Update to version neutron-13.0.8.dev132:
     * Drop invalid rootwrap filters
     * ovs firewall: fix mac learning on the ingress rule table when ovs
       offload enabled
     * Add update\_id for ResourceUpdate

   - Update to version neutron-13.0.8.dev126:
     * "ping"/"ping6" command support in rootwrap filters

   - Update to version neutron-13.0.8.dev124:
     * Import "oslo\_config.cfg" before "eventlet"
     * [OvS] Handle re\_added multi ports

   - Update to version neutron-13.0.8.dev120:
     * Local mac direct flow for non-openflow firewall
     * Replace ctype.CDLL by ctypes.PyDLL in linux.ip\_lib

   - Update to version neutron-13.0.8.dev116:
     * Support gateway which is not in subnet CIDR in ha\_router
     * Ensure fip ip rules deleted when fip removed

   - Update to version neutron-13.0.8.dev112:
     * windows: fix terminating processes
     * [stable/rocky] Drop rally job
     * Don't raise FileNotFoundError during disabling keepalived
     * Load the glibc library only once for Pyroute2

   - Update to version neutron-13.0.8.dev106:
     * Do not fail deleting namespace if it does not exist

   - Update to version neutron-13.0.8.dev104:
     * Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs

   - Update to version neutron-13.0.8.dev103:
     * Use dict .get() to avoid a KeyError in the segment plugin

   - Update to version neutron-13.0.8.dev101:
     * Pass context in l3 flavor notifications
     * Handle properly existing LLA address during l3 agent restart

   - Update to version neutron-13.0.8.dev97:
     * Add 'keepalived\_use\_no\_track' config option

   Changes in openstack-neutron-gbp:
   - Update to version group-based-policy-12.0.1.dev5:
     * Fix ICMP type and ICMP code fields for named and numbered ICMP
       Protocol 2014.2.0rc1

   - Update to version group-based-policy-12.0.1.dev4:
     * Fix erroneous comma (,) in the LOG.exception call 2014.2rc1

   - Update to version group-based-policy-12.0.1.dev3:
     * Fix top of tree in gate
     * Endpoint level qos changes 12.0.0
     * Add support for ussuri
     * Update subnets for SVI port corresponding to bound port
     * Fix the intermittent QOS UT failure
     * Fixed the QOS UT failure
     * Use train branch instead of stein
     * Add support for train
     * Prepare for removal of CommonDbMixin
     * Make AIM dsvm job voting
     * Add support for upstream Stein release
     * Fix python2/3 compatibility
     * Fix DNS Domain Name in endpoint file
     * When a subnet added to a bound SVI port, ensure it is added to SVI port
     * Add support for qos
     * Fix DNS issue in endpoint file
     * [AIM] Add pre-existing BD to network extension
     * Remove get\_current\_session
     * Remove get\_current\_session method
     * [AIM] Add EPG contract masters to network extension
     * Revert "Remove get\_current\_session method"
     * Remove get\_current\_session method
     * Support Dual Stack on SVI nets along with BGP 9.0.0
     * Add support for upstream Rocky release
     * Cleanup Queens (part 2)
     * Fix missing DB migration
     * Make aim functional gate job voting
     * Added Python3 support
     * [AIM] Sanitize the AIM tenant description field
     * Fix field sizes for VM names
     * Bind baremetal VNIC trunk ports
     * Fix missing trunk\_details for a trunk without subports
     * [AIM] Insert remote\_group\_id to SG rules properly
     * Revert "[AIM] Convert remote\_ips for SG rules properly"
     * Cleanup Queens
     * [AIM] Convert remote\_ips for SG rules properly
     * Clean up baremetal port handling
     * [AIM] Clean up the mock and stop the looping thread in the UT env
     * Don't stop this looping thread when an exception is thrown
     * [AIM] Fix router\_id allocation for SVI
     * Support non SVI static VLAN type segments with OpFlex agent
     * Baremetal VNIC Trunk support
     * [AIM] Don't queue notifications (4 of 4)
     * [AIM] Don't queue registry callbacks (3 of 4)
     * [AIM] Enable Neutron transaction guards (2 of 4)
     * Don't call GBP or Neutron APIs from GBP PD precommit methods
     * [AIM] Retry L3 Plugin Operations
     * [AIM] Fix most common random UT failures
     * [AIM] Fixed external subnet ANY\_CIDRs for l3out EPGs for SVI
     * Revert "Nested domain parameters support for openShift networks"
     * Fix for unbinding baremetal VNIC ports
     * Nested domain parameters support for openShift networks
     * Fix tox coverage job
     * Add suport for baremetal vnic\_type 2014.2.rc1

   Changes in openstack-neutron-vpnaas:
   - Remove remove-tempest-entry-point.patch thus enabling the tempest_vpnaas
     plugin for tempest testing. (SCRD-8681)
   - Package the neutron-vpnaas/tests/ directory contents in a new RPM RPM
     package, python-neutron-vpnaas-tempest-plugin, that depend on
     python-neutron-vpnaas, which provides the main neutron-vpnaas code base.
     Additionally this new package can now safely depend on the
     python-neutron-tempest-plugin package, providing the required
     neutron_tempest_plugin module, without causing tempest packages to be
     installed when python-neutron-vpnaas installed. (SOC-8764) NOTE: This
     implicitly enables the neutron_tempest_plugin.
   - Corrected LBaaS references to VPNaaS.

   Changes in openstack-nova:
   - Update to version nova-18.3.1.dev77:
     * Follow up for cherry-pick check for merge patch

   - Update to version nova-18.3.1.dev76:
     * post live migration: don't call Neutron needlessly

   - Update to version nova-18.3.1.dev74:
     * libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is
       smaller than v4.1.0

   - Update to version nova-18.3.1.dev72:
     * libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices

   - Update to version nova-18.3.1.dev70:
     * compute: Don't delete the original attachment during pre LM rollback
     * Add regression tests for bug #1889108
     * compute: refactor volume bdm rollback error handling

   - Update to version nova-18.3.1.dev64:
     * compute: Use source\_bdms to reset attachment\_ids during LM rollback
     * Robustify attachment tracking in CinderFixtureNewAttachFlow

   - Update to version nova-18.3.1.dev60:
     * Improve CinderFixtureNewAttachFlow

   - Update to version nova-18.3.1.dev58:
     * Removed the host FQDN from the exception message

   - Update to version nova-18.3.1.dev56:
     * libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live
       migration

   Changes in openstack-nova:
   - Update to version nova-18.3.1.dev77:
     * Follow up for cherry-pick check for merge patch

   - Update to version nova-18.3.1.dev76:
     * post live migration: don't call Neutron needlessly

   - Update to version nova-18.3.1.dev74:
     * libvirt: Do not reference VIR\_ERR\_DEVICE\_MISSING when libvirt is
       smaller than v4.1.0

   - Update to version nova-18.3.1.dev72:
     * libvirt: Handle VIR\_ERR\_DEVICE\_MISSING when detaching devices

   - Update to version nova-18.3.1.dev70:
     * compute: Don't delete the original attachment during pre LM rollback
     * Add regression tests for bug #1889108
     * compute: refactor volume bdm rollback error handling

   - Update to version nova-18.3.1.dev64:
     * compute: Use source\_bdms to reset attachment\_ids during LM rollback
     * Robustify attachment tracking in CinderFixtureNewAttachFlow

   - Update to version nova-18.3.1.dev60:
     * Improve CinderFixtureNewAttachFlow

   - Update to version nova-18.3.1.dev58:
     * Removed the host FQDN from the exception message

   - Rebased patches:
     + 0004-Provide-VIR_MIGRATE_PARAM_PERSIST_XML-during-live-migration.patch
       dropped (merged upstream)

   - Update to version nova-18.3.1.dev56:
     * libvirt: Provide VIR\_MIGRATE\_PARAM\_PERSIST\_XML during live
       migration

   Changes in python-Jinja2:
   - Trim bias from descriptions. Make sure % is escaped.

   - update to version 2.10.1 (bsc#1132323, CVE-2019-10906, bsc#1125815,
     CVE-2019-8341):
     * "SandboxedEnvironment" securely handles "str.format_map" in order to
       prevent code execution through untrusted format strings.  The sandbox
       already handled "str.format".

   - Activate test suite
   - Add minimum build dependency to match runtime dependency

   - Fix fdupes call

   - Remove superfluous devel dependency for noarch package

   - Update to 2.9.5 (bsc#1132174, CVE-2016-10745) Changes in python-pysaml2:
   - Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
     (CVE-2020-5390, bsc#1160851)

   Changes in python-pytest:
   - update to 3.7.4
   - drop 0001-Use-unittest.mock-if-is-only-aviable.patch
    * Fix possible infinite recursion when writing .pyc files
    * Cache plugin now obeys the -q flag when --last-failed and
        --failed-first flags are used.
    * Fix bad console output when using console_output_style=classic
    * Fixtures during teardown can again use capsys and capfd to inspect
        output captured during tests.
    * Fix bugs where unicode arguments could not be passed to
      testdir.runpytest
        on Python 2.
    * Fix double collection of tests within packages when the filename starts
      with a capital letter
    * Fix collection error when specifying test functions directly in the
      command line using test.py::test syntax together with --doctest-modules
     * Fix stdout/stderr not getting captured when real-time cli logging is
       active.
     * Fix bug where --show-capture=no option would still show logs printed
       during fixture teardown.
     * Fix issue where teardown of fixtures of consecutive sub-packages were
       executed once, at the end of the outer package.

   - update to 3.7.2
   - add 0001-Use-unittest.mock-if-is-only-aviable.patch
    * Fix filterwarnings not being registered as a builtin mark.
    * Fix test collection from packages mixed with normal directories.
    * Fix infinite recursion during collection if a pytest_ignore_collect
      hook returns False instead of None.
    * Fix bug where decorated fixtures would lose functionality
    * Fix bug where importing modules or other objects with prefix pytest_
      prefix would raise a PluginValidationError.
    * Fix AttributeError during teardown of TestCase subclasses which raise
      an exception during __init__.
    * Fix traceback reporting for exceptions with __cause__ cycles.

   Changes in python-pytest:
   - update to 3.7.4
   - drop 0001-Use-unittest.mock-if-is-only-aviable.patch
    * Fix possible infinite recursion when writing .pyc files
    * Cache plugin now obeys the -q flag when --last-failed and
        --failed-first flags are used.
    * Fix bad console output when using console_output_style=classic
    * Fixtures during teardown can again use capsys and capfd to inspect
        output captured during tests.
    * Fix bugs where unicode arguments could not be passed to
      testdir.runpytest
        on Python 2.
    * Fix double collection of tests within packages when the filename starts
      with a capital letter
    * Fix collection error when specifying test functions directly in the
      command line using test.py::test syntax together with --doctest-modules
     * Fix stdout/stderr not getting captured when real-time cli logging is
       active.
     * Fix bug where --show-capture=no option would still show logs printed
       during fixture teardown.
     * Fix issue where teardown of fixtures of consecutive sub-packages were
       executed once, at the end of the outer package.

   - update to 3.7.2
   - add 0001-Use-unittest.mock-if-is-only-aviable.patch
    * Fix filterwarnings not being registered as a builtin mark.
    * Fix test collection from packages mixed with normal directories.
    * Fix infinite recursion during collection if a pytest_ignore_collect
      hook returns False instead of None.
    * Fix bug where decorated fixtures would lose functionality
    * Fix bug where importing modules or other objects with prefix pytest_
      prefix would raise a PluginValidationError.
    * Fix AttributeError during teardown of TestCase subclasses which raise
      an exception during __init__.
    * Fix traceback reporting for exceptions with __cause__ cycles.

   Changes in python-urllib3:
   - Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.

   - Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for
     CVE-2019-9740.

   - Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
     method. (bsc#1177120, CVE-2020-26137)

   Changes in release-notes-suse-openstack-cloud:
   - Update to version 9.20200917:
     * Change wording to correctly refer to future SES versions
     * Update adoc/limitations.adoc
     * Add SES version limitation, remove deprecated note about Octavia for
       Crowbar

   - Update to version 9.20200917:
     * Announce Upgrade is now available (SOC-9781)

   Changes in spark:
   - Add _constraints to prevent build from running out of disk space


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3897=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3897=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      crowbar-core-6.0+git.1606314264.bf9ada813-3.31.2
      crowbar-core-branding-upstream-6.0+git.1606314264.bf9ada813-3.31.2
      grafana-6.7.4-3.20.1
      grafana-debuginfo-6.7.4-3.20.1
      influxdb-1.3.8-4.3.3
      influxdb-debuginfo-1.3.8-4.3.3

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-openstack-6.0+git.1604573541.bb18c172d-3.28.3
      openstack-cinder-13.0.10~dev20-3.28.2
      openstack-cinder-api-13.0.10~dev20-3.28.2
      openstack-cinder-backup-13.0.10~dev20-3.28.2
      openstack-cinder-scheduler-13.0.10~dev20-3.28.2
      openstack-cinder-volume-13.0.10~dev20-3.28.2
      openstack-heat-11.0.4~dev4-3.19.2
      openstack-heat-api-11.0.4~dev4-3.19.2
      openstack-heat-api-cfn-11.0.4~dev4-3.19.2
      openstack-heat-engine-11.0.4~dev4-3.19.2
      openstack-heat-gbp-12.0.1~dev2-3.3.4
      openstack-heat-plugin-heat_docker-11.0.4~dev4-3.19.2
      openstack-heat-templates-0.0.0+git.1605509190.64f020b6-3.9.3
      openstack-horizon-plugin-gbp-ui-12.0.1~dev3-3.3.4
      openstack-ironic-python-agent-3.3.4~dev6-3.19.4
      openstack-manila-7.4.2~dev57-4.30.2
      openstack-manila-api-7.4.2~dev57-4.30.2
      openstack-manila-data-7.4.2~dev57-4.30.2
      openstack-manila-scheduler-7.4.2~dev57-4.30.2
      openstack-manila-share-7.4.2~dev57-4.30.2
      openstack-neutron-13.0.8~dev135-3.31.2
      openstack-neutron-dhcp-agent-13.0.8~dev135-3.31.2
      openstack-neutron-gbp-12.0.1~dev5-3.19.4
      openstack-neutron-ha-tool-13.0.8~dev135-3.31.2
      openstack-neutron-l3-agent-13.0.8~dev135-3.31.2
      openstack-neutron-linuxbridge-agent-13.0.8~dev135-3.31.2
      openstack-neutron-macvtap-agent-13.0.8~dev135-3.31.2
      openstack-neutron-metadata-agent-13.0.8~dev135-3.31.2
      openstack-neutron-metering-agent-13.0.8~dev135-3.31.2
      openstack-neutron-openvswitch-agent-13.0.8~dev135-3.31.2
      openstack-neutron-server-13.0.8~dev135-3.31.2
      openstack-neutron-vpnaas-13.0.2~dev6-3.9.2
      openstack-neutron-vyatta-agent-13.0.2~dev6-3.9.2
      openstack-nova-18.3.1~dev77-3.31.2
      openstack-nova-api-18.3.1~dev77-3.31.2
      openstack-nova-cells-18.3.1~dev77-3.31.2
      openstack-nova-compute-18.3.1~dev77-3.31.2
      openstack-nova-conductor-18.3.1~dev77-3.31.2
      openstack-nova-console-18.3.1~dev77-3.31.2
      openstack-nova-novncproxy-18.3.1~dev77-3.31.2
      openstack-nova-placement-api-18.3.1~dev77-3.31.2
      openstack-nova-scheduler-18.3.1~dev77-3.31.2
      openstack-nova-serialproxy-18.3.1~dev77-3.31.2
      openstack-nova-vncproxy-18.3.1~dev77-3.31.2
      python-Jinja2-2.10.1-3.3.3
      python-cinder-13.0.10~dev20-3.28.2
      python-heat-11.0.4~dev4-3.19.2
      python-heat-gbp-12.0.1~dev2-3.3.4
      python-horizon-plugin-gbp-ui-12.0.1~dev3-3.3.4
      python-manila-7.4.2~dev57-4.30.2
      python-neutron-13.0.8~dev135-3.31.2
      python-neutron-gbp-12.0.1~dev5-3.19.4
      python-neutron-vpnaas-13.0.2~dev6-3.9.2
      python-neutron-vpnaas-tempest-plugin-13.0.2~dev6-3.9.2
      python-nova-18.3.1~dev77-3.31.2
      python-pysaml2-4.5.0-4.3.3
      python-pytest-3.7.4-3.3.3
      python-urllib3-1.23-3.15.3
      release-notes-suse-openstack-cloud-9.20200917-3.24.3
      spark-2.2.3-5.3.3

   - SUSE OpenStack Cloud 9 (x86_64):

      grafana-6.7.4-3.20.1
      grafana-debuginfo-6.7.4-3.20.1
      influxdb-1.3.8-4.3.3
      influxdb-debuginfo-1.3.8-4.3.3

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-cassandra-9.0+git.1600802664.7e480a2-3.6.2
      ardana-mq-9.0+git.1605174486.a78ddce-3.19.2
      ardana-osconfig-9.0+git.1601621747.a87e5a0-3.22.2
      ardana-tempest-9.0+git.1603378983.fc0bca9-3.19.2
      openstack-cinder-13.0.10~dev20-3.28.2
      openstack-cinder-api-13.0.10~dev20-3.28.2
      openstack-cinder-backup-13.0.10~dev20-3.28.2
      openstack-cinder-scheduler-13.0.10~dev20-3.28.2
      openstack-cinder-volume-13.0.10~dev20-3.28.2
      openstack-heat-11.0.4~dev4-3.19.2
      openstack-heat-api-11.0.4~dev4-3.19.2
      openstack-heat-api-cfn-11.0.4~dev4-3.19.2
      openstack-heat-engine-11.0.4~dev4-3.19.2
      openstack-heat-gbp-12.0.1~dev2-3.3.4
      openstack-heat-plugin-heat_docker-11.0.4~dev4-3.19.2
      openstack-heat-templates-0.0.0+git.1605509190.64f020b6-3.9.3
      openstack-horizon-plugin-gbp-ui-12.0.1~dev3-3.3.4
      openstack-ironic-python-agent-3.3.4~dev6-3.19.4
      openstack-manila-7.4.2~dev57-4.30.2
      openstack-manila-api-7.4.2~dev57-4.30.2
      openstack-manila-data-7.4.2~dev57-4.30.2
      openstack-manila-scheduler-7.4.2~dev57-4.30.2
      openstack-manila-share-7.4.2~dev57-4.30.2
      openstack-neutron-13.0.8~dev135-3.31.2
      openstack-neutron-dhcp-agent-13.0.8~dev135-3.31.2
      openstack-neutron-gbp-12.0.1~dev5-3.19.4
      openstack-neutron-ha-tool-13.0.8~dev135-3.31.2
      openstack-neutron-l3-agent-13.0.8~dev135-3.31.2
      openstack-neutron-linuxbridge-agent-13.0.8~dev135-3.31.2
      openstack-neutron-macvtap-agent-13.0.8~dev135-3.31.2
      openstack-neutron-metadata-agent-13.0.8~dev135-3.31.2
      openstack-neutron-metering-agent-13.0.8~dev135-3.31.2
      openstack-neutron-openvswitch-agent-13.0.8~dev135-3.31.2
      openstack-neutron-server-13.0.8~dev135-3.31.2
      openstack-neutron-vpnaas-13.0.2~dev6-3.9.2
      openstack-neutron-vyatta-agent-13.0.2~dev6-3.9.2
      openstack-nova-18.3.1~dev77-3.31.2
      openstack-nova-api-18.3.1~dev77-3.31.2
      openstack-nova-cells-18.3.1~dev77-3.31.2
      openstack-nova-compute-18.3.1~dev77-3.31.2
      openstack-nova-conductor-18.3.1~dev77-3.31.2
      openstack-nova-console-18.3.1~dev77-3.31.2
      openstack-nova-novncproxy-18.3.1~dev77-3.31.2
      openstack-nova-placement-api-18.3.1~dev77-3.31.2
      openstack-nova-scheduler-18.3.1~dev77-3.31.2
      openstack-nova-serialproxy-18.3.1~dev77-3.31.2
      openstack-nova-vncproxy-18.3.1~dev77-3.31.2
      python-Jinja2-2.10.1-3.3.3
      python-cinder-13.0.10~dev20-3.28.2
      python-heat-11.0.4~dev4-3.19.2
      python-heat-gbp-12.0.1~dev2-3.3.4
      python-horizon-plugin-gbp-ui-12.0.1~dev3-3.3.4
      python-manila-7.4.2~dev57-4.30.2
      python-neutron-13.0.8~dev135-3.31.2
      python-neutron-gbp-12.0.1~dev5-3.19.4
      python-neutron-vpnaas-13.0.2~dev6-3.9.2
      python-neutron-vpnaas-tempest-plugin-13.0.2~dev6-3.9.2
      python-nova-18.3.1~dev77-3.31.2
      python-pysaml2-4.5.0-4.3.3
      python-pytest-3.7.4-3.3.3
      python-urllib3-1.23-3.15.3
      release-notes-suse-openstack-cloud-9.20200917-3.24.3
      spark-2.2.3-5.3.3
      venv-openstack-barbican-x86_64-7.0.1~dev24-3.21.2
      venv-openstack-cinder-x86_64-13.0.10~dev20-3.24.2
      venv-openstack-designate-x86_64-7.0.2~dev2-3.21.2
      venv-openstack-glance-x86_64-17.0.1~dev30-3.19.2
      venv-openstack-heat-x86_64-11.0.4~dev4-3.21.2
      venv-openstack-horizon-x86_64-14.1.1~dev7-4.23.2
      venv-openstack-ironic-x86_64-11.1.5~dev16-4.19.2
      venv-openstack-keystone-x86_64-14.2.1~dev4-3.21.2
      venv-openstack-magnum-x86_64-7.2.1~dev1-4.21.2
      venv-openstack-manila-x86_64-7.4.2~dev57-3.25.2
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.21.2
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.19.2
      venv-openstack-neutron-x86_64-13.0.8~dev135-6.23.2
      venv-openstack-nova-x86_64-18.3.1~dev77-3.23.2
      venv-openstack-octavia-x86_64-3.2.3~dev7-4.21.2
      venv-openstack-sahara-x86_64-9.0.2~dev15-3.21.2
      venv-openstack-swift-x86_64-2.19.2~dev48-2.16.2


References:

   https://www.suse.com/security/cve/CVE-2016-10745.html
   https://www.suse.com/security/cve/CVE-2019-10906.html
   https://www.suse.com/security/cve/CVE-2019-20933.html
   https://www.suse.com/security/cve/CVE-2019-8341.html
   https://www.suse.com/security/cve/CVE-2020-24303.html
   https://www.suse.com/security/cve/CVE-2020-26137.html
   https://www.suse.com/security/cve/CVE-2020-5390.html
   https://bugzilla.suse.com/1125815
   https://bugzilla.suse.com/1132174
   https://bugzilla.suse.com/1132323
   https://bugzilla.suse.com/1160851
   https://bugzilla.suse.com/1177120
   https://bugzilla.suse.com/1177611
   https://bugzilla.suse.com/1178243
   https://bugzilla.suse.com/1178988



More information about the sle-security-updates mailing list