SUSE-SU-2020:0642-1: important: Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python -keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 11 11:19:08 MDT 2020


   SUSE Security Update: Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient,
  python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:0642-1
Rating:             important
References:         #1117080 #1152007 #1154235 #1156305 #1156914 
                    #1157028 #1157206 #1157482 #1158581 #1158675 
                    #1161351 #1161721 
Cross-References:   CVE-2018-17954 CVE-2019-13117 CVE-2019-16770
                   
Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that solves three vulnerabilities and has 9 fixes
   is now available.

Description:

   This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db,
   ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq,
   ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls,
   crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived,
   openstack-barbican, openstack-ceilometer, openstack-cinder,
   openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate,
   openstack-heat, openstack-horizon-plugin-designate-ui,
   openstack-horizon-plugin-ironic-ui,
   openstack-horizon-plugin-neutron-lbaas-ui,
   openstack-horizon-plugin-octavia-ui, openstack-ironic,
   openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
   openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas,
   openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova,
   openstack-octavia, openstack-octavia-amphora-image, openstack-sahara,
   openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1,
   python-keystoneclient, python-keystonemiddleware, python-ovs,
   supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client,
   rubygem-puma, venv-openstack-horizon fixes the following issues:

   Security issues fixed:

   - CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
   - CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use
     to block a large amount of threads (bsc#1158675).

   Non-security issues fixed:

   Changes in ardana-ansible:
   - Update to version 9.0+git.1581611758.f694f7d:
     * Don't run deprecated-vhost-removal on localhost (SOC-11098)

   - Update to version 9.0+git.1580906085.40eb430:
     * simplify glance image upload (SOC-11089)

   - Update to version 9.0+git.1580220034.3236aa5:
     * Ensure rabbitmq-server started after packages updated (SOC-11070)

   - Update to version 9.0+git.1576060554.bdd84e6:
     * Fix grep for image details on service-guest-image (SOC-11012)

   Changes in ardana-cinder:
   - Update to version 9.0+git.1579256229.c8b4b38:
     * Add option to flatten snapshots when using SES (SOC-11054)

   - Update to version 9.0+git.1574694613.04a8b74:
     * Ensure nfs-client installed for NetApp support (SOC-9005)

   - Update to version 9.0+git.1574359983.c198cc9:
     * Add option for nfs_share configuration (SOC-9005)

   Changes in ardana-cobbler:
   - Update to version 9.0+git.1574950066.a3c4be4:
     * Set root device on SLES autoyast templates (SOC-7365)

   - Update to version 9.0+git.1573845154.3545efd:
     * Change install_recommended to true (SOC-9005)

   Changes in ardana-db:
   - Update to version 9.0+git.1578936438.b9a9b95:
     * Switch to using override file in my.cnf.d (SOC-11043)

   - Update to version 9.0+git.1578595169.57c5911:
     * account for pre-update nodes (SOC-11037)

   Changes in ardana-horizon:
   - Update to version 9.0+git.1575562864.8ed5e10:
     * Generate policy for Octavia dashboard (SOC-10883)

   - Update to version 9.0+git.1575562860.2ce2851:
     * Fix policy configuration generation (SOC-10883)

   Changes in ardana-input-model:
   - Update to version 9.0+git.1580403439.d425462:
     * Enable port security extension neutron (SOC-11027)

   - Update to version 9.0+git.1574953363.60cf58f:
     * octavia: use lbaasv2-proxy service plugin (SOC-10987)

   Changes in ardana-monasca:
   - Update to version 9.0+git.1579273481.4b8c46f:
     * Leverage schema conversion script for upgrade (SOC-10277)

   - Update to version 9.0+git.1575919721.5c42222:
     * align Monasca DB schema with upstream prior to upgrade (SOC-10277)

   Changes in ardana-mq:
   - Update to version 9.0+git.1581024903.8e74867:
     * Ensure HA queue sync wait fails (SOC-11083)

   - Update to version 9.0+git.1580934283.230ff8b:
     * Fix HA policy setting comments (SOC-10317, SOC-11082)

   - Update to version 9.0+git.1580746285.da922ce:
     * Set HA policy accordingly (SOC-10317, SOC-11082)

   - Update to version 9.0+git.1575405552.d84f662:
     * Change the HA policy mirror (SOC-10317)

   Changes in ardana-nova:
   - Update to version 9.0+git.1580304673.6c668eb:
     * Set notification_format to unversioned in nova.conf (bsc#1161721)

   - Update to version 9.0+git.1575481165.9d3826f:
     * Remove duplicate entries for alias configuration for GPU (SOC-10837)

   - Update to version 9.0+git.1573764498.ed4098d:
     * Pass through gpu device info. (SOC-10837)

   Changes in ardana-octavia:
   - Update to version 9.0+git.1576074489.62de7e2:
     * Add load-balancer roles (SOC-8743)

   - Update to version 9.0+git.1575366951.e0216b4:
     * Add policy.json to match the neutron lbaasv2 policy (SOC-10987)

   - Update to version 9.0+git.1574358661.c976583:
     * Change event_streamer_driver to noop (bsc#1154235)

   Changes in ardana-osconfig:
   - Update to version 9.0+git.1580235830.0dca223:
     * Start OVS services before wicked service at boot (SOC-11067)

   - Update to version 9.0+git.1579790275.8afb314:
     * Adjust 'fs.inotify.max_user_instances' to align with crowbar
       (bsc#1161351)

   Changes in ardana-tempest:
   - Update to version 9.0+git.1578932816.e299c08:
     * Revert to using cirros image for heat tests (SOC-7028)

   - Update to version 9.0+git.1578413400.0614192:
     * Create network resources needed by some heat tests (SOC-7028)

   - Update to version 9.0+git.1576611974.d17e4df:
     * Enable octavia tempest plugin test cases (SOC-8743)

   - Update to version 9.0+git.1574955714.5bae846:
     * Update lbaas tempest filter for octavia (SOC-10987)

   Changes in ardana-tls:
   - Update to version 9.0+git.1575296665.3fdfe45:
     * Make sure VNC CA file contain our internal CAs (SOC-10968)

   - Update to version 9.0+git.1574280348.a306396:
     * default the certificate validity to 5 years for the VNC cert
       (SOC-10973)

   Changes in crowbar-core:
   - Update to version 6.0+git.1582892022.cbd70e833:
     * upgrade: Run DHCP evacuation (SOC-11046)

   - Update to version 6.0+git.1582200015.08264d8f9:
     * Fix deployment queue display (SOC-10741)

   - Update to version 6.0+git.1580144807.7d068caf0:
     * network: start OVS before wickedd (SOC-11067)

   - Update to version 6.0+git.1578997967.4591670f0:
     * dns: add checks to designate migration (SOC-11047)

   - Update to version 6.0+git.1578935422.01edb0a9b:
     * Do not log an error for a case that is correct (trivial)

   - Update to version 6.0+git.1578563578.68beda299:
     * Upgrade neutron agent together with nova-compute package (SOC-11031)

   - Update to version 6.0+git.1578402096.90d9332d9:
     * apache2: Restart after enabling SSL flag (SOC-11029)
     * crowbar: add crowbar-pacemaker dependency (SOC-10986)

   - Update to version 6.0+git.1576756414.ca49a781d:
     * bind9: Add legacy public.foo DNS entries (SOC-11006)

   - Update to version 6.0+git.1576662075.88de27567:
     * upgrade: Make a check for SLES product version (SOC-3089)

   - Update to version 6.0+git.1576493114.5e9534f13:
     * upgrade: Stop if nova-compute upgrade fails (SOC-10378)
     * upgrade: Fix typo in log message (typo)

   - Update to version 6.0+git.1576149781.1ac02ef0d:
     * upgrade: add missing exit to Monasca DB dump (trivial)

   - Update to version 6.0+git.1576072790.23b58b4a2:
     * upgrade: Fix systemd unit listing (trivial)
     * Make sure the crowbar migrations are OK (SOC-6849)

   - Update to version 6.0+git.1575980638.3cad5a333:
     * Ignore CVE-2019-16770 (SOC-10999)
     * upgrade: Make cluster health check at the start of services step
       (SOC-6849)
     * upgrade: Remove DRBD specific code from the continuation parts
       (SOC-10985)

   - Update to version 6.0+git.1575628097.5a7475686:
     * upgrade: Do not stop and reload nova services in normal mode
       (SOC-10995)

   - Update to version 6.0+git.1574763248.ad958e68c:
     * Disable installation repository (bsc#1152007)
     * Disable automatic repo services (bsc#1152007)

   - Update to version 6.0+git.1574431193.3f5c69937:
     * [upgrade] Wait for keystone to be ready after start (bsc#1157206)

   - Update to version 6.0+git.1574363439.bc4d86c9b:
     * upgrade: Make sure cinder-volume is really stopped (bsc#1156305)

   - Update to version 6.0+git.1574270808.e4344109b:
     * upgrade: Ignore Cloud repository during repocheck (bsc#1152007)

   - Update to version 6.0+git.1574102328.13f0b12bf:
     * Ignore CVE-2019-13117 in CI builds (bsc#1157028)

   Changes in crowbar-ha:
   - Update to version 6.0+git.1574286261.6fd1a34:
     * Drop g-haproxy removal code (bsc#1156914)

   Changes in crowbar-openstack:
   - Update to version 6.0+git.1580922461.67fb3c087:
     * Designate: make sure dns-server is active on a non-admin node
       (SOC-10636)
     * Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082)

   - Update to version 6.0+git.1580480133.d27bf75d0:
     * ec2-api: run keystone_register on cluster founder only (SOC-11079)

   - Update to version 6.0+git.1580308069.558c6dd8a:
     * rabbitmq: sync startup definitions.json with recipe (SOC-11077)

   - Update to version 6.0+git.1579097055.cf15ef22e:
     * tempest: enable multiattach for NetApp + LVM (SCPM-97)
     * tempest: tempest run filters as templates (SOC-11052)

   - Update to version 6.0+git.1578491103.ca03b990c:
     * Install openstack client for neutron recipes (SOC-11039)

   - Update to version 6.0+git.1576859278.871ed9151:
     * octavia: Add topology setting (SOC-10876)

   - Update to version 6.0+git.1576769055.cae3ecf9a:
     * octavia: Add anti-affinity settings (SOC-11026)
     * designate: Fix the migrations of ssl values (SOC-11030)
     * octavia: Also delete unused amphora images (SOC-11024)
     * octavia: Delete old amphora images (SOC-11024)
     * octavia: Install amphora image always (SOC-11024)

   - Update to version 6.0+git.1576688912.0cfb42201:
     * Do not read data from barclamp that has not been saved (SOC-11028)
     * octavia: Add ssh key to health manager (SOC-11025)

   - Update to version 6.0+git.1576513513.8456a08f8:
     * designate: Mark as user managed (SOC-10233)

   - Update to version 6.0+git.1576331976.c068cbe15:
     * octavia: Update configuration parameters (SOC-10904)

   - Update to version 6.0+git.1576245850.2d50399b5:
     * tempest: Update default image on schema (SOC-11023)

   - Update to version 6.0+git.1576145909.ec2c5f746:
     * octavia: enable octavia tempest plugin test cases (SOC-8743)

   - Update to version 6.0+git.1576091112.c802654e0:
     * keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
     * horizon: add Octavia horizon dashboard (SOC-10833)

   - Update to version 6.0+git.1575917420.9a9d1b024:
     * Add Crowbar UI options for mgmt net (SOC-10904)
     * octavia: configure barbican auth (SOC-10989)
     * octavia: fix deprecated config options (SOC-10990)

   - Update to version 6.0+git.1574850023.d4c2337fc:
     * tempest: create lbaas-octavia filter (SOC-10965)
     * octavia: switch to noop event streamer (SOC-10868)
     * tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin
       (SOC-10907)

   - Update to version 6.0+git.1574685608.1c9818d53:
     * horizon: fix keystone node lookup (SOC-10978)

   - Update to version 6.0+git.1574428771.9bd63ba0d:
     * designate: declare all mdns servers as master on pool config
       (SOC-10952)

   - Update to version 6.0+git.1574334452.15e0db044:
     * designate: add support for SSL (SOC-10877)
     * horizon: install lbaas horizon dashboard (SOC-10883)

   - Update to version 6.0+git.1574270038.651a48486:
     * octavia: add SSL section to the UI (SOC-10906)

   - Update to version 6.0+git.1574094012.3c62b569f:
     * octavia: Add memcached_servers for token caching (SOC-10905)

   Changes in crowbar-ui:
   - Update to version 1.3.0+git.1575896697.a01a3a08:
     * upgrade: Added missing error title
     * travis: Stop testing against nodejs4

   Changes in keepalived:
   - update to 2.0.19
   - new BR pkgconfig(libnftnl) to fix nftables support
   - add nftables to the BR
   - added patch
     * linux-4.15.patch
   - add buildrequires for file-devel
     - used in the checker to verify scripts
   - enable json stats and config dump support new BR: pkgconfig(json-c)
   - enable http regexp support: new BR pcre2-devel
   - disable dbus instance creation support as it is marked as dangerous
   - Add BFD build option to keepalived.spec rpm file Issue #1114 identified
     that the keepalived.spec file was not being generated to build BFD
     support even if keepalived had been configured to support it.
   - full changelog https://keepalived.org/changelog.html

   Changes in openstack-barbican:
   - Update to version barbican-7.0.1.dev24:
     * Fix the barbicanclient installation not from source

   - Update to version barbican-7.0.1.dev23:
     * Don't use branch matching
     * Make broken fedora\_latest job n-v

   Changes in openstack-barbican:
   - Update to version barbican-7.0.1.dev24:
     * Fix the barbicanclient installation not from source

   - Update to version barbican-7.0.1.dev23:
     * Don't use branch matching
     * Make broken fedora\_latest job n-v

   Changes in openstack-ceilometer:
   - Update to version ceilometer-11.0.2.dev21:
     * Tell reno to ignore the kilo branch
     * Run Grenade job under Python 2 for compatibility

   - Update to version ceilometer-11.0.2.dev19:
     * [stable-only] Cap msgpack

   - Update to version ceilometer-11.0.2.dev18:
     * Add note for loadbalancer resource type support

   - Update to version ceilometer-11.0.2.dev17:
     * Fix samples with dots in sample name

   - Update to version ceilometer-11.0.2.dev15:
     * Add loadbalancer resource type

   Changes in openstack-ceilometer:
   - Update to version ceilometer-11.0.2.dev21:
     * Tell reno to ignore the kilo branch
     * Run Grenade job under Python 2 for compatibility

   - Update to version ceilometer-11.0.2.dev19:
     * [stable-only] Cap msgpack

   - Update to version ceilometer-11.0.2.dev18:
     * Add note for loadbalancer resource type support

   - Update to version ceilometer-11.0.2.dev17:
     * Fix samples with dots in sample name

   - Update to version ceilometer-11.0.2.dev15:
     * Add loadbalancer resource type

   Changes in openstack-cinder:
   - Update to version cinder-13.0.9.dev11:
     * Cinder backup export broken

   - Update to version cinder-13.0.9.dev10:
     * Support Incremental Backup Completion In RBD

   - Update to version cinder-13.0.9.dev8:
     * Fix: Create new cache entry when xtremio reaches snap limit
     * Tell reno to ignore the kilo branch

   - Update to version cinder-13.0.9.dev5:
     * Make volume soft delete more thorough

   - Update to version cinder-13.0.9.dev4:
     * Cap sphinx for py2 to match global reqs 13.0.8

   - Update to version cinder-13.0.8.dev12:
     * Add 'volume\_attachment' to volume expected attributes
     * Fix service\_uuid migration for volumes with no host

   - Update to version cinder-13.0.8.dev9:
     * Increase cpu limit for image conversion

   Changes in openstack-cinder:
   - Update to version cinder-13.0.9.dev11:
     * Cinder backup export broken

   - Update to version cinder-13.0.9.dev10:
     * Support Incremental Backup Completion In RBD

   - Update to version cinder-13.0.9.dev8:
     * Fix: Create new cache entry when xtremio reaches snap limit
     * Tell reno to ignore the kilo branch

   - Update to version cinder-13.0.9.dev5:
     * Make volume soft delete more thorough

   - Update to version cinder-13.0.9.dev4:
     * Cap sphinx for py2 to match global reqs 13.0.8

   - Update to version cinder-13.0.8.dev12:
     * Add 'volume\_attachment' to volume expected attributes
     * Fix service\_uuid migration for volumes with no host

   - Update to version cinder-13.0.8.dev9:
     * Increase cpu limit for image conversion

   Changes in openstack-dashboard:
   - Update to version horizon-14.1.1.dev1: 14.1.0
     * Ensure python versions

   - Update to version horizon-14.0.5.dev9:
     * Fix typo in publicize\_image policy name

   - Update to version horizon-14.0.5.dev8:
     * Fix "prev" link pagination for instances with identical timestamps

   - Update to version horizon-14.0.5.dev7:
     * Fix deleting port from port details page
     * Fix tenant floating\_ip\_allocation call in neutron rest api

   - Update to version horizon-14.0.5.dev3:
     * Add "prev" link to instance page list pagination

   - horizon: Obsolete python-django_openstack_auth (SOC-10228) port of
     https://review.opendev.org/#/c/685224

   - Update to version horizon-14.0.5.dev2:
     * Call Glance list with certain image ids

   Changes in openstack-dashboard-theme-SUSE:
   - Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)

   Changes in openstack-designate:
   - Update to version designate-7.0.1.dev23:
     * Use Tempest 'all' tox env

   Changes in openstack-designate:
   - Update to version designate-7.0.1.dev23:
     * Use Tempest 'all' tox env

   Changes in openstack-heat:
   - Update to version openstack-heat-11.0.3.dev31:
     * Update Fedora image ref for test jobs

   - Update to version openstack-heat-11.0.3.dev29:
     * Docs: use extrefs to link to other projects' docs

   - Update to version openstack-heat-11.0.3.dev28:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version openstack-heat-11.0.3.dev27:
     * Correct BRANCH\_OVERRIDE for stable/rocky
     * Correct availability\_zone to be non-mandatory in heat

   - Update to version openstack-heat-11.0.3.dev24:
     * Fix the wrong time unit for OS::Octavia::HealthMonitor

   Changes in openstack-heat:
   - Update to version openstack-heat-11.0.3.dev31:
     * Update Fedora image ref for test jobs

   - Update to version openstack-heat-11.0.3.dev29:
     * Docs: use extrefs to link to other projects' docs

   - Update to version openstack-heat-11.0.3.dev28:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version openstack-heat-11.0.3.dev27:
     * Correct BRANCH\_OVERRIDE for stable/rocky
     * Correct availability\_zone to be non-mandatory in heat

   - Update to version openstack-heat-11.0.3.dev24:
     * Fix the wrong time unit for OS::Octavia::HealthMonitor

   Changes in openstack-horizon-plugin-designate-ui:
   - Update to version designate-dashboard-7.0.1.dev8:
     * Fix list zones updated at same time

   Changes in openstack-horizon-plugin-ironic-ui:
   - Update to version ironic-ui-3.3.1.dev14:
     * Fix horizon dependency
     * OpenDev Migration Patch

   Changes in openstack-horizon-plugin-neutron-lbaas-ui:
   - Update to version neutron-lbaas-dashboard-5.0.1.dev8:
     * Fix auth url for Barbican client

   - Add _1481_project_ng_loadbalancersv2_panel.pyc file to package
     (SOC-10883) The .pyc file needs to be removed when the package is
     uninstalled,
   otherwise the panel will remain enabled in the dashboard and cause errors.

   Changes in openstack-ironic:
   - Update to version ironic-11.1.4.dev22:
     * Change MTU logic to allow for lower MTUs automatically
     * Do not ignore 'fields' query parameter when building next url
     * Ensure pagination marker is always set

   - Update to version ironic-11.1.4.dev17:
     * grub configuration should use user kernel and ramdisk

   - Update to version ironic-11.1.4.dev16:
     * Change log level based on node status

   Changes in openstack-ironic:
   - Remove rootwrap.d/ironic-lib.filters. This file is included in
     python-ironic-lib >= 2.14.2.

   - Update to version ironic-11.1.4.dev22:
     * Change MTU logic to allow for lower MTUs automatically
     * Do not ignore 'fields' query parameter when building next url
     * Ensure pagination marker is always set

   - Update to version ironic-11.1.4.dev17:
     * grub configuration should use user kernel and ramdisk

   - Update to version ironic-11.1.4.dev16:
     * Change log level based on node status

   Changes in openstack-ironic-python-agent:
   - Update to version ironic-python-agent-3.3.3.dev6:
     * Fix tox.ini to correctly test lower-constraints

   Changes in openstack-keystone:
   - Update to version keystone-14.1.1.dev36:
     * Tell reno to ignore the kilo branch

   - Update to version keystone-14.1.1.dev35:
     * Always have username in CADF initiator

   - Update to version keystone-14.1.1.dev33:
     * Fix role\_assignments role.id filter
     * Ensure bootstrap handles multiple roles with the same name

   - Update to version keystone-14.1.1.dev29:
     * Add the missing packages when install keystone

   Changes in openstack-keystone:
   - Update to version keystone-14.1.1.dev36:
     * Tell reno to ignore the kilo branch

   - Update to version keystone-14.1.1.dev35:
     * Always have username in CADF initiator

   - Update to version keystone-14.1.1.dev33:
     * Fix role\_assignments role.id filter
     * Ensure bootstrap handles multiple roles with the same name

   - Update to version keystone-14.1.1.dev29:
     * Add the missing packages when install keystone

   Changes in openstack-magnum:
   - Update to version magnum-7.2.1.dev1:
     * Remove buildimage jobs 7.2.0

   - Update to version magnum-7.1.1.dev38:
     * k8s\_fedora: Move rp\_filter=1 for calico up
     * k8s\_fedora\_atomic: Add PodSecurityPolicy
     * k8s: Clear cni configuration
     * fix: Deploy enable\_service last (rocky only)

   - Update to version magnum-7.1.1.dev34:
     * k8s\_fedora: Label master nodes with kubectl
     * k8s: stop introspecting instance name
     * Fix proportional autoscaler image
     * Using Fedora Atomic 29 as default image

   Changes in openstack-magnum:
   - Update to version magnum-7.2.1.dev1:
     * Remove buildimage jobs 7.2.0

   - Update to version magnum-7.1.1.dev38:
     * k8s\_fedora: Move rp\_filter=1 for calico up
     * k8s\_fedora\_atomic: Add PodSecurityPolicy
     * k8s: Clear cni configuration
     * fix: Deploy enable\_service last (rocky only)

   - Update to version magnum-7.1.1.dev34:
     * k8s\_fedora: Label master nodes with kubectl
     * k8s: stop introspecting instance name
     * Fix proportional autoscaler image
     * Using Fedora Atomic 29 as default image

   Changes in openstack-monasca-agent:
   - update to version 2.8.1~dev13
     - add X.509 certificate check plugin

   - update to version 2.8.1~dev12
     - Update hacking version to 1.1.x
     - OpenDev Migration Patch

   Changes in openstack-neutron:
   - Update to version neutron-13.0.7.dev48:
     * Do not initialize snat-ns twice
     * Fix bug: AttributeError arises while sorting with standard attributes

   - Update to version neutron-13.0.7.dev44:
     * ovs agent: signal to plugin if tunnel refresh needed
     * Mock check if ipv6 is enabled in L3 agent unit tests
     * Fix resource schemas and releated \`get\_sorts\` test cases
     * Remove sleep command when retrieving OVS dp

   - Update to version neutron-13.0.7.dev36:
     * Remove Floating IP DNS record upon associated port deletion
     * Trigger router update only when gateway port IP changed
     * Re-use existing ProcessLauncher from wsgi in RPC workers

   - Update to version neutron-13.0.7.dev30:
     * Check SG members instead of ports to skip flow update
     * Ensure driver error preventing trunk port deletion is logged
     * [L3] Switch order of processing added and removed router ports

   - Update to version neutron-13.0.7.dev24:
     * dhcp-agent: equalize port create\_low/update/delete priority
     * Catch OVSFWTagNotFound in update\_port\_filter
     * [OVS] Handle added/removed ports in the same polling iteration
     * DVR: Ignore DHCP port during DVR host query
     * Improve "OVSFirewallDriver.process\_trusted\_ports"
     * List SG rules which belongs to tenant's SG
     * Fix py3 compatibility

   - Update to version neutron-13.0.7.dev10:
     * Define orm relationships after db classes
     * Add retries to update trunk port

   - Update to version neutron-13.0.7.dev6:
     * Allow to kill keepalived state change monitor process

   - Update to version neutron-13.0.7.dev4:
     * Always set ovs bridge name in vif:binding-details

   - Update to version neutron-13.0.7.dev2:
     * don't clear skb mark when ovs is hw-offload enabled

   - Update to version neutron-13.0.7.dev1:
     * Use constraints for docs tox target and cap hacking 13.0.6

   - Update to version neutron-13.0.6.dev21:
     * Set DB retry for quota\_enforcement pecan\_wsgi hook

   - Update to version neutron-13.0.6.dev20:
     * [OVS FW] Clean port rules if port not found in ovsdb
     * Add more condition to check sg member exist

   - Update to version neutron-13.0.6.dev17:
     * Fix race condition when getting cmdline

   - Update to version neutron-13.0.6.dev15:
     * Run revision bump operations en masse

   - Update to version neutron-13.0.6.dev13:
     * Add extra unit test for get\_cmdline\_from\_pid function

   - Update to version neutron-13.0.6.dev11:
     * Switch to use cast method in dhcp\_ready\_on\_ports method

   - Update to version neutron-13.0.6.dev10:
     * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

   Changes in openstack-neutron:
   - Update to version neutron-13.0.7.dev48:
     * Do not initialize snat-ns twice
     * Fix bug: AttributeError arises while sorting with standard attributes

   - Update to version neutron-13.0.7.dev44:
     * ovs agent: signal to plugin if tunnel refresh needed
     * Mock check if ipv6 is enabled in L3 agent unit tests
     * Fix resource schemas and releated \`get\_sorts\` test cases
     * Remove sleep command when retrieving OVS dp

   - Update to version neutron-13.0.7.dev36:
     * Remove Floating IP DNS record upon associated port deletion
     * Trigger router update only when gateway port IP changed
     * Re-use existing ProcessLauncher from wsgi in RPC workers

   - Update to version neutron-13.0.7.dev30:
     * Check SG members instead of ports to skip flow update
     * Ensure driver error preventing trunk port deletion is logged
     * [L3] Switch order of processing added and removed router ports

   - Update to version neutron-13.0.7.dev24:
     * dhcp-agent: equalize port create\_low/update/delete priority
     * Catch OVSFWTagNotFound in update\_port\_filter
     * [OVS] Handle added/removed ports in the same polling iteration
     * DVR: Ignore DHCP port during DVR host query
     * Improve "OVSFirewallDriver.process\_trusted\_ports"
     * List SG rules which belongs to tenant's SG
     * Fix py3 compatibility

   - Update neutron-ha-tool to latest version:
     * Add DHCP agent evacuation (SOC-11046)

   - Update to version neutron-13.0.7.dev10:
     * Define orm relationships after db classes
     * Add retries to update trunk port

   - Update to version neutron-13.0.7.dev6:
     * Allow to kill keepalived state change monitor process

   - Update to version neutron-13.0.7.dev4:
     * Always set ovs bridge name in vif:binding-details

   - Update to version neutron-13.0.7.dev2:
     * don't clear skb mark when ovs is hw-offload enabled

   - Update to version neutron-13.0.7.dev1:
     * Use constraints for docs tox target and cap hacking 13.0.6

   - Update to version neutron-13.0.6.dev21:
     * Set DB retry for quota\_enforcement pecan\_wsgi hook

   - Update to version neutron-13.0.6.dev20:
     * [OVS FW] Clean port rules if port not found in ovsdb
     * Add more condition to check sg member exist

   - Update to version neutron-13.0.6.dev17:
     * Fix racondition when getting cmdline

   - Update to version neutron-13.0.6.dev15:
     * Run revision bump operations en masse

   - neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of
     https://review.opendev.org/#/c/695867/

   - Update to version neutron-13.0.6.dev13:
     * Add extra unit test for get\_cmdline\_from\_pid function

   - Update to version neutron-13.0.6.dev11:
     * Switch to use cast method in dhcp\_ready\_on\_ports method

   - Update to version neutron-13.0.6.dev10:
     * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall

   Changes in openstack-neutron-fwaas:
   - Update to version neutron-fwaas-13.0.3.dev4:
     * Fix sorting of filter rules in legacy\_conntrack module

   - Update to version neutron-fwaas-13.0.3.dev3:
     * Fix list\_entries for netlink\_lib when running on py3

   Changes in openstack-neutron-fwaas:
   - Update to version neutron-fwaas-13.0.3.dev4:
     * Fix sorting of filter rules in legacy\_conntrack module

   - Update to version neutron-fwaas-13.0.3.dev3:
     * Fix list\_entries for netlink\_lib when running on py3

   Changes in openstack-neutron-gbp:
   - Update to version group-based-policy-5.0.1.dev491:
     * Refactor static path code

   - Update to version group-based-policy-5.0.1.dev490:
     * Support named ip protocols for SecurityGroupRules

   - Update to version group-based-policy-5.0.1.dev488:
     * Enable SVI networks with hosts running opflex agent

   - Update to version group-based-policy-5.0.1.dev486:
     * Allow both FIP and SNAT on a single port

   - Update to version group-based-policy-5.0.1.dev485:
     * Fix active-active AAP RPC query

   - Update to version group-based-policy-5.0.1.dev484:
     * [AIM] Add extra provided/consumed contracts to network extension
     * Active active AAP feature

   - Update to version group-based-policy-5.0.1.dev481:
     * Support cache option for legacy GBP driver

   - Update to version group-based-policy-5.0.1.dev480:
     * Fix host ID length in VM names table

   - Update to version group-based-policy-5.0.1.dev479:
     * Update\_proj\_descr in apic when project description is updated in os

   - Update to version group-based-policy-5.0.1.dev477:
     * Fix ambiguity in mapping to domain in port pair workflow

   Changes in openstack-neutron-vpnaas:
   - Update to version neutron-vpnaas-13.0.2.dev6:
     * Add iptables command filter for functional test

   - Update to version neutron-vpnaas-13.0.2.dev5:
     * Update UPPER\_CONSTRAINTS\_FILE for stable/rocky

   Changes in openstack-neutron-vpnaas:
   - Update to version neutron-vpnaas-13.0.2.dev6:
     * Add iptables command filter for functional test

   - Update to version neutron-vpnaas-13.0.2.dev5:
     * Update UPPER\_CONSTRAINTS\_FILE for stable/rocky

   Changes in openstack-nova:
   - Update to version nova-18.2.4.dev63:
     * Mask the token used to allow access to consoles

   - Update to version nova-18.2.4.dev61:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version nova-18.2.4.dev60:
     * tox: Stop build \*all\* docs in 'docs'

   - Update to version nova-18.2.4.dev59:
     * Block deleting compute services with in-progress migrations
     * Cache security group driver
     * Join migration\_context and flavor in Migration.instance

   - Update to version nova-18.2.4.dev53:
     * Improve metadata server performance with large security groups

   - Update to version nova-18.2.4.dev51:
     * Add functional recreate revert resize test for bug 1852610
     * Add functional recreate test for bug 1852610

   - Update to version nova-18.2.4.dev47:
     * Zuul v3: use devstack-plugin-nfs-tempest-full

   - Update to version nova-18.2.4.dev46:
     * Add BFV wrinkle to TestNovaManagePlacemenalAllocations
     * Add --instance option to heal\_allocations
     * Add --dry-run option to heal\_allocations CLI

   - Update to version nova-18.2.4.dev40:
     * Add functional recreate test for bug 1829479 and bug 1817833

   - Update to version nova-18.2.4.dev38:
     * Do not update root\_device\_name during guest config
     * compute: Use long\_rpc\_timeout in reserve\_block\_device\_name

   - Update to version nova-18.2.4.dev35:
     * compute: Take an instance.uuid lock when rebooting

   - Update to version nova-18.2.4.dev33:
     * Replace time.sleep(10) with service forced\_down in tests

   - Update to version nova-18.2.4.dev31:
     * Nova compute: add in log exception to help debug failures

   - Update to version nova-18.2.4.dev29:
     * Fix false ERROR message at compute restart

   - Update to version nova-18.2.4.dev27:
     * Fix listing deleted servers with a marker

   - Update to version nova-18.2.4.dev25:
     * Add functional regression test for bug 1849409

   - Update to version nova-18.2.4.dev23:
     * Don't delete compute node, when deleting service other than
       nova-compute

   Changes in openstack-nova:
   - Update to version nova-18.2.4.dev63:
     * Mask the token used to allow access to consoles

   - Update to version nova-18.2.4.dev61:
     * Use stable constraint for Tempest pinned stable branches

   - Update to version nova-18.2.4.dev60:
     * tox: Stop build \*all\* docs in 'docs'

   - Update to version nova-18.2.4.dev59:
     * Block deleting compute services with in-progress migrations
     * Cache security group driver
     * Join migration\_context and flavor in Migration.instance

   - Update to version nova-18.2.4.dev53:
     * Improve metadata server performance with large security groups

   - Update to version nova-18.2.4.dev51:
     * Add functional recreate revert resize test for bug 1852610
     * Add functional recreate test for bug 1852610

   - Update to version nova-18.2.4.dev47:
     * Zuul v3: use devstack-plugin-nfs-tempest-full

   - Update to version nova-18.2.4.dev46:
     * Add BFV wrinkle to TestNovaManagePlacementHealAllocations
     * Add --instance option to heal\_allocations
     * Add --dry-run option to heal\_allocations CLI

   - Update to version nova-18.2.4.dev40:
     * Add functional recreate test for bug 1829479 and bug 1817833

   - Update to version nova-18.2.4.dev38:
     * Do not update root\_device\_name during guest config
     * compute: Use long\_rpc\_timeout in reserve\_block\_device\_name

   - Update to version nova-18.2.4.dev35:
     * compute: Take an instance.uuid lock when rebooting

   - Update to version nova-18.2.4.dev33:
     * Replace time.sleep(10) with service forced\_down in tests

   - Update to version nova-18.2.4.dev31:
     * Nova compute: add in log exception to help debug failures

   - Update to version nova-18.2.4.dev29:
     * Fix false ERROR message at compute restart

   - Update to version nova-18.2.4.dev27:
     * Fix listing deleted servers with a marker

   - Update to version nova-18.2.4.dev25:
     * Add functional regression test for bug 1849409

   - Update to version nova-18.2.4.dev23:
     * Don't delete compute node, when deleting service other than
       nova-compute

   Changes in openstack-octavia:
   - Update to version octavia-3.2.2.dev8:
     * Fix uncaught DB exception when trying to get a spare amphora

   - Update to version octavia-3.2.2.dev7:
     * Fix house keeping graceful shutdown

   - Update to version octavia-3.2.2.dev5:
     * Fix pep8 failures on stable/rocky branch

   - Update to version octavia-3.2.2.dev4:
     * Use stable upper-constraints.txt in Amphora builds

   - Update to version octavia-3.2.2.dev3:
     * Add listener and pool protocol validation

   - Update to version octavia-3.2.2.dev2* Cap hacking version to minor than
     2 3.2.1

   - Update to version octavia-3.2.1.dev10:
     * Accept oslopolicy-policy-generator path arguments

   - Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch
     https://review.opendev.org/#/c/698433

   - Update to version octavia-3.2.1.dev9:
     * Fix controller worker graceful shutdown

   - Update to version octavia-3.2.1.dev7:
     * Fix a potential race condition with certs-ramfs

   - Update to version octavia-3.2.1.dev5:
     * Fix issues with unavailable secrets

   Changes in openstack-octavia-amphora-image:
   - Updated updateBuildRequires.pl script for SP4 build

   - Update image to 0.1.2 to include latest changes

   - Add keepalived service Changes in openstack-sahara:
   - Update to version sahara-9.0.2.dev15:
     * Run sahara-scenario using Python 3

   Changes in openstack-sahara:
   - Update to version sahara-9.0.2.dev15:
     * Run sahara-scenario using Python 3

   Changes in openstack-swift:
   - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports)
         * Sharding improvements
           * The container-replicator now only attempts to fetch shard ranges
   if the remote indicates that it has shard ranges. Further, it does so with
   a timeout to prevent the process from hanging in certain cases.
           * The container-replicator now correctly enqueues
   container-reconciler work for sharded containers.
         * S3 API improvements
           * Fixed an issue where v4 signatures would not be validated
   against the body of the request, allowing a replay attack if request
   headers were captured by a malicious third party. Note that unsigned
   payloads still function normally.
           * CompleteMultipartUpload requests with a Content-MD5 now work.
           * Fixed v1 listings that end with a non-ASCII object name.
           * Multipart object segments are now actually deleted when the
   multipart object is deleted via the S3 API.
           * Fixed an issue that caused Delete Multiple Objects requests with
   large bodies to 400. This was previously fixed in 2.20.0.
           * Fixed an issue where non-ASCII Keystone EC2 credentials would
   not get mapped to the correct account. This was previously fixed in 2.20.0.

   Changes in openstack-swift:
   - Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports)
         * Sharding improvements
           * The container-replicator now only attempts to fetch shard ranges
   if the remote indicates that it has shard ranges. Further, it does so with
   a timeout to prevent the process from hanging in certain cases.
           * The container-replicator now correctly enqueues
   container-reconciler work for sharded containers.
         * S3 API improvements
           * Fixed an issue where v4 signatures would not be validated
   against the body of the request, allowing a replay attack if request
   headers were captured by a malicious third party. Note that unsigned
   payloads still function normally.
           * CompleteMultipartUpload requests with a Content-MD5 now work.
           * Fixed v1 listings that end with a non-ASCII object name.
           * Multipart object segments are now actually deleted when the
   multipart object is deleted via the S3 API.
           * Fixed an issue that caused Delete Multiple Objects requests with
   large bodies to 400. This was previously fixed in 2.20.0.
           * Fixed an issue where non-ASCII Keystone EC2 credentials would
   not get mapped to the correct account. This was previously fixed in 0.0.

   Changes in python-amqp:
   - Added pyOpenSSL build dependency
   - Update to 2.4.2:
     - Added support for the Cygwin platform
     - Correct offset incrementation when parsing bitmaps.
     - Consequent bitmaps are now parsed correctly.
   - Removed patches that are already included in 2.4.2
     - 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
   - Better call of py.test
   - Add versions to dependencies
   - Remove python-sasl from build dependencies
   - Update to version 2.4.1
     * To avoid breaking the API basic_consume() now returns the consumer tag
       instead of a tuple when nowait is True.
     * Fix crash in basic_publish when broker does not support
       connection.blocked capability.
     * read_frame() is now Python 3 compatible for large payloads.
     * Support float read_timeout/write_timeout.
     * Always treat SSLError timeouts as socket timeouts.
     * Treat EWOULDBLOCK as timeout.
   - from 2.4.0
     * Fix inconsistent frame_handler return value. The function returned by
       frame_handler is meant to return True
       once the complete message is received and the callback is called,
        False otherwise. This fixes the return value for messages with a body
        split across multiple frames, and heartbeat frames.
     * Don't default content_encoding to utf-8 for bytes. This is not an
       acceptable default as the content may not be valid utf-8, and even if
       it is, the producer likely does not expect the message to be decoded
       by the consumer.
     * Fix encoding of messages with multibyte characters. Body length was
       previously calculated using string length, which may be less than the
       length of the encoded body when it contains multibyte sequences. This
       caused the body of the frame to be truncated.
     * Respect content_encoding when encoding messages. Previously the
       content_encoding was ignored and messages were always encoded as
       utf-8. This caused messages to be incorrectly decoded if
       content_encoding is properly respected when decoding.
     * Fix AMQP protocol header for AMQP 0-9-1. Previously it was set to a
       different value for unknown reasons.
     * Add support for Python 3.7. Change direct SSLSocket instantiation with
       wrap_socket.
     * Add support for field type "x" (byte array).
     * If there is an exception raised on Connection.connect or
       Connection.close, ensure that the underlying transport socket is
       closed.  Adjust exception message on connection errors as well.
     * TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD
       platforms.
     * Handle negative acknowledgments.
     * Added integration tests.
     * Fix basic_consume() with no consumer_tag provided.
     * Improved empty AMQPError string representation.
     * Drain events before publish. This is needed to capture out of memory
       messages for clients that only publish. Otherwise on_blocked is never
       called.
     * Don't revive channel when connection is closing. When connection is
       closing don't raise error when Channel.Close method is received.

   Changes in python-ironic-lib:
   - update to version 2.14.2
     - Replace openstack.org git:// URLs with https://
     - OpenDev Migration Patch
     - Include partiton name and flags from parted output

   Changes in python-keystoneauth1:
   - switch to tracking stable/rocky tarball
   - disable renderspec
   - update to version 3.10.1.dev10
     * Make tests pass in 2020
     * OpenDev Migration Patch
     * Revert "Change log hashing to SHA256"
     * import zuul job settings from project-config
     * Change log hashing to SHA256
     * Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
     * Update .gitreview ftable/rocky

   Changes in python-keystoneclient:
   - switch to tracking stable/rocky tarball
   - disable renderspec
   - update to version 3.17.0.dev5
     * Make tests pass in 2020
     * OpenDev Migration Patch
     * import zuul job settings from project-config
     * Update UPPER\_CONSTRAINTS\_FILE for stable/rocky
     * Update .gitreview for stable/rocky

   Changes in python-keystonemiddleware:
   - Use version_unconverted for documentation build

   - Update to version keystonemiddleware-5.2.2.dev3:
     * Make tests pass in 2022
     * Make sure audit middleware use own context

   Changes in python-ovs:
   - add 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
     (bsc#1158581)

   Changes in supportutils-plugin-suse-openstack-cloud:
   - Update to version 9.0.1574431436.987b47d:
     * Add services from SOC/HOS8
     * Fix handling of ardana "config" dir and conf files in
       /opt/stack/service
     * Fix more failures of censoring passwords
     * Include configs and logs for neutron HA

   Changes in rubygem-crowbar-client:
   - Update to 3.9.1
     - Fix repocheck table output (SOC-10718)
     - Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)

   Changes in rubygem-puma:
   - Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This
     patch fixes a DoS vulnerability a malicious client could use to block a
     large amount of threads.



   Changes in venv-openstack-horizon:
   - replace neutron-lbaas dashboard with octavia dashboard (SOC-10883)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-642=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2020-642=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      crowbar-core-6.0+git.1582892022.cbd70e833-3.19.3
      crowbar-core-branding-upstream-6.0+git.1582892022.cbd70e833-3.19.3
      keepalived-2.0.19-3.3.1
      keepalived-debuginfo-2.0.19-3.3.1
      keepalived-debugsource-2.0.19-3.3.1
      python-ovs-2.9.0-3.3.1
      python-ovs-debuginfo-2.9.0-3.3.1
      python-ovs-debugsource-2.9.0-3.3.1
      ruby2.1-rubygem-crowbar-client-3.9.1-3.3.1
      ruby2.1-rubygem-puma-2.16.0-4.3.1
      ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1
      rubygem-puma-debugsource-2.16.0-4.3.1

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-ha-6.0+git.1574286261.6fd1a34-3.13.2
      crowbar-openstack-6.0+git.1580922461.67fb3c087-3.19.2
      crowbar-ui-1.3.0+git.1575896697.a01a3a08-17.1
      openstack-barbican-7.0.1~dev24-3.6.4
      openstack-barbican-api-7.0.1~dev24-3.6.4
      openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4
      openstack-barbican-retry-7.0.1~dev24-3.6.4
      openstack-barbican-worker-7.0.1~dev24-3.6.4
      openstack-ceilometer-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3
      openstack-ceilometer-polling-11.0.2~dev21-3.10.3
      openstack-cinder-13.0.9~dev11-3.16.3
      openstack-cinder-api-13.0.9~dev11-3.16.3
      openstack-cinder-backup-13.0.9~dev11-3.16.3
      openstack-cinder-scheduler-13.0.9~dev11-3.16.3
      openstack-cinder-volume-13.0.9~dev11-3.16.3
      openstack-dashboard-14.1.1~dev1-3.12.2
      openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1
      openstack-designate-7.0.1~dev23-3.13.3
      openstack-designate-agent-7.0.1~dev23-3.13.3
      openstack-designate-api-7.0.1~dev23-3.13.3
      openstack-designate-central-7.0.1~dev23-3.13.3
      openstack-designate-producer-7.0.1~dev23-3.13.3
      openstack-designate-sink-7.0.1~dev23-3.13.3
      openstack-designate-worker-7.0.1~dev23-3.13.3
      openstack-heat-11.0.3~dev31-3.13.3
      openstack-heat-api-11.0.3~dev31-3.13.3
      openstack-heat-api-cfn-11.0.3~dev31-3.13.3
      openstack-heat-engine-11.0.3~dev31-3.13.3
      openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3
      openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
      openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
      openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
      openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
      openstack-ironic-11.1.4~dev22-3.13.2
      openstack-ironic-api-11.1.4~dev22-3.13.2
      openstack-ironic-conductor-11.1.4~dev22-3.13.2
      openstack-ironic-python-agent-3.3.3~dev6-3.13.2
      openstack-keystone-14.1.1~dev36-3.19.3
      openstack-magnum-7.2.1~dev1-3.10.3
      openstack-magnum-api-7.2.1~dev1-3.10.3
      openstack-magnum-conductor-7.2.1~dev1-3.10.3
      openstack-monasca-agent-2.8.1~dev13-3.6.2
      openstack-neutron-13.0.7~dev48-3.19.3
      openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3
      openstack-neutron-fwaas-13.0.3~dev4-3.9.2
      openstack-neutron-gbp-5.0.1~dev491-3.16.1
      openstack-neutron-ha-tool-13.0.7~dev48-3.19.3
      openstack-neutron-l3-agent-13.0.7~dev48-3.19.3
      openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3
      openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3
      openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3
      openstack-neutron-metering-agent-13.0.7~dev48-3.19.3
      openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3
      openstack-neutron-server-13.0.7~dev48-3.19.3
      openstack-neutron-vpnaas-13.0.2~dev6-3.6.2
      openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2
      openstack-nova-18.2.4~dev63-3.19.3
      openstack-nova-api-18.2.4~dev63-3.19.3
      openstack-nova-cells-18.2.4~dev63-3.19.3
      openstack-nova-compute-18.2.4~dev63-3.19.3
      openstack-nova-conductor-18.2.4~dev63-3.19.3
      openstack-nova-console-18.2.4~dev63-3.19.3
      openstack-nova-novncproxy-18.2.4~dev63-3.19.3
      openstack-nova-placement-api-18.2.4~dev63-3.19.3
      openstack-nova-scheduler-18.2.4~dev63-3.19.3
      openstack-nova-serialproxy-18.2.4~dev63-3.19.3
      openstack-nova-vncproxy-18.2.4~dev63-3.19.3
      openstack-octavia-3.2.2~dev8-3.19.1
      openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1
      openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3
      openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3
      openstack-octavia-api-3.2.2~dev8-3.19.1
      openstack-octavia-health-manager-3.2.2~dev8-3.19.1
      openstack-octavia-housekeeping-3.2.2~dev8-3.19.1
      openstack-octavia-worker-3.2.2~dev8-3.19.1
      openstack-sahara-9.0.2~dev15-3.9.2
      openstack-sahara-api-9.0.2~dev15-3.9.2
      openstack-sahara-engine-9.0.2~dev15-3.9.2
      openstack-swift-2.19.2~dev48-3.3.1
      openstack-swift-account-2.19.2~dev48-3.3.1
      openstack-swift-container-2.19.2~dev48-3.3.1
      openstack-swift-object-2.19.2~dev48-3.3.1
      openstack-swift-proxy-2.19.2~dev48-3.3.1
      python-amqp-2.4.2-4.3.1
      python-barbican-7.0.1~dev24-3.6.4
      python-ceilometer-11.0.2~dev21-3.10.3
      python-cinder-13.0.9~dev11-3.16.3
      python-designate-7.0.1~dev23-3.13.3
      python-heat-11.0.3~dev31-3.13.3
      python-horizon-14.1.1~dev1-3.12.2
      python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
      python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
      python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
      python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
      python-ironic-11.1.4~dev22-3.13.2
      python-ironic-lib-2.14.2-3.3.1
      python-keystone-14.1.1~dev36-3.19.3
      python-keystoneauth1-3.10.1~dev10-3.3.1
      python-keystoneclient-3.17.1~dev5-3.3.1
      python-keystoneclient-doc-3.17.1~dev5-3.3.1
      python-keystonemiddleware-5.2.2~dev3-14.2
      python-magnum-7.2.1~dev1-3.10.3
      python-monasca-agent-2.8.1~dev13-3.6.2
      python-neutron-13.0.7~dev48-3.19.3
      python-neutron-fwaas-13.0.3~dev4-3.9.2
      python-neutron-gbp-5.0.1~dev491-3.16.1
      python-neutron-vpnaas-13.0.2~dev6-3.6.2
      python-nova-18.2.4~dev63-3.19.3
      python-octavia-3.2.2~dev8-3.19.1
      python-openstack_auth-14.1.1~dev1-3.12.2
      python-sahara-9.0.2~dev15-3.9.2
      python-swift-2.19.2~dev48-3.3.1
      supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1

   - SUSE OpenStack Cloud 9 (x86_64):

      keepalived-2.0.19-3.3.1
      keepalived-debuginfo-2.0.19-3.3.1
      keepalived-debugsource-2.0.19-3.3.1
      python-ovs-2.9.0-3.3.1
      python-ovs-debuginfo-2.9.0-3.3.1
      python-ovs-debugsource-2.9.0-3.3.1

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-ansible-9.0+git.1581611758.f694f7d-3.16.1
      ardana-cinder-9.0+git.1579256229.c8b4b38-3.10.1
      ardana-cobbler-9.0+git.1574950066.a3c4be4-3.10.1
      ardana-db-9.0+git.1578936438.b9a9b95-3.16.1
      ardana-horizon-9.0+git.1575562864.8ed5e10-3.13.1
      ardana-input-model-9.0+git.1580403439.d425462-3.13.1
      ardana-monasca-9.0+git.1579273481.4b8c46f-3.13.1
      ardana-mq-9.0+git.1581024903.8e74867-3.10.1
      ardana-nova-9.0+git.1580304673.6c668eb-3.16.1
      ardana-octavia-9.0+git.1576074489.62de7e2-3.13.1
      ardana-osconfig-9.0+git.1580235830.0dca223-3.13.1
      ardana-tempest-9.0+git.1578932816.e299c08-3.10.1
      ardana-tls-9.0+git.1575296665.3fdfe45-3.9.1
      openstack-barbican-7.0.1~dev24-3.6.4
      openstack-barbican-api-7.0.1~dev24-3.6.4
      openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4
      openstack-barbican-retry-7.0.1~dev24-3.6.4
      openstack-barbican-worker-7.0.1~dev24-3.6.4
      openstack-ceilometer-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3
      openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3
      openstack-ceilometer-polling-11.0.2~dev21-3.10.3
      openstack-cinder-13.0.9~dev11-3.16.3
      openstack-cinder-api-13.0.9~dev11-3.16.3
      openstack-cinder-backup-13.0.9~dev11-3.16.3
      openstack-cinder-scheduler-13.0.9~dev11-3.16.3
      openstack-cinder-volume-13.0.9~dev11-3.16.3
      openstack-dashboard-14.1.1~dev1-3.12.2
      openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1
      openstack-designate-7.0.1~dev23-3.13.3
      openstack-designate-agent-7.0.1~dev23-3.13.3
      openstack-designate-api-7.0.1~dev23-3.13.3
      openstack-designate-central-7.0.1~dev23-3.13.3
      openstack-designate-producer-7.0.1~dev23-3.13.3
      openstack-designate-sink-7.0.1~dev23-3.13.3
      openstack-designate-worker-7.0.1~dev23-3.13.3
      openstack-heat-11.0.3~dev31-3.13.3
      openstack-heat-api-11.0.3~dev31-3.13.3
      openstack-heat-api-cfn-11.0.3~dev31-3.13.3
      openstack-heat-engine-11.0.3~dev31-3.13.3
      openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3
      openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
      openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
      openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
      openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
      openstack-ironic-11.1.4~dev22-3.13.2
      openstack-ironic-api-11.1.4~dev22-3.13.2
      openstack-ironic-conductor-11.1.4~dev22-3.13.2
      openstack-ironic-python-agent-3.3.3~dev6-3.13.2
      openstack-keystone-14.1.1~dev36-3.19.3
      openstack-magnum-7.2.1~dev1-3.10.3
      openstack-magnum-api-7.2.1~dev1-3.10.3
      openstack-magnum-conductor-7.2.1~dev1-3.10.3
      openstack-monasca-agent-2.8.1~dev13-3.6.2
      openstack-neutron-13.0.7~dev48-3.19.3
      openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3
      openstack-neutron-fwaas-13.0.3~dev4-3.9.2
      openstack-neutron-gbp-5.0.1~dev491-3.16.1
      openstack-neutron-ha-tool-13.0.7~dev48-3.19.3
      openstack-neutron-l3-agent-13.0.7~dev48-3.19.3
      openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3
      openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3
      openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3
      openstack-neutron-metering-agent-13.0.7~dev48-3.19.3
      openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3
      openstack-neutron-server-13.0.7~dev48-3.19.3
      openstack-neutron-vpnaas-13.0.2~dev6-3.6.2
      openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2
      openstack-nova-18.2.4~dev63-3.19.3
      openstack-nova-api-18.2.4~dev63-3.19.3
      openstack-nova-cells-18.2.4~dev63-3.19.3
      openstack-nova-compute-18.2.4~dev63-3.19.3
      openstack-nova-conductor-18.2.4~dev63-3.19.3
      openstack-nova-console-18.2.4~dev63-3.19.3
      openstack-nova-novncproxy-18.2.4~dev63-3.19.3
      openstack-nova-placement-api-18.2.4~dev63-3.19.3
      openstack-nova-scheduler-18.2.4~dev63-3.19.3
      openstack-nova-serialproxy-18.2.4~dev63-3.19.3
      openstack-nova-vncproxy-18.2.4~dev63-3.19.3
      openstack-octavia-3.2.2~dev8-3.19.1
      openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1
      openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3
      openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3
      openstack-octavia-api-3.2.2~dev8-3.19.1
      openstack-octavia-health-manager-3.2.2~dev8-3.19.1
      openstack-octavia-housekeeping-3.2.2~dev8-3.19.1
      openstack-octavia-worker-3.2.2~dev8-3.19.1
      openstack-sahara-9.0.2~dev15-3.9.2
      openstack-sahara-api-9.0.2~dev15-3.9.2
      openstack-sahara-engine-9.0.2~dev15-3.9.2
      openstack-swift-2.19.2~dev48-3.3.1
      openstack-swift-account-2.19.2~dev48-3.3.1
      openstack-swift-container-2.19.2~dev48-3.3.1
      openstack-swift-object-2.19.2~dev48-3.3.1
      openstack-swift-proxy-2.19.2~dev48-3.3.1
      python-amqp-2.4.2-4.3.1
      python-barbican-7.0.1~dev24-3.6.4
      python-ceilometer-11.0.2~dev21-3.10.3
      python-cinder-13.0.9~dev11-3.16.3
      python-designate-7.0.1~dev23-3.13.3
      python-heat-11.0.3~dev31-3.13.3
      python-horizon-14.1.1~dev1-3.12.2
      python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
      python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
      python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
      python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
      python-ironic-11.1.4~dev22-3.13.2
      python-ironic-lib-2.14.2-3.3.1
      python-keystone-14.1.1~dev36-3.19.3
      python-keystoneauth1-3.10.1~dev10-3.3.1
      python-keystoneclient-3.17.1~dev5-3.3.1
      python-keystoneclient-doc-3.17.1~dev5-3.3.1
      python-keystonemiddleware-5.2.2~dev3-14.2
      python-magnum-7.2.1~dev1-3.10.3
      python-monasca-agent-2.8.1~dev13-3.6.2
      python-neutron-13.0.7~dev48-3.19.3
      python-neutron-fwaas-13.0.3~dev4-3.9.2
      python-neutron-gbp-5.0.1~dev491-3.16.1
      python-neutron-vpnaas-13.0.2~dev6-3.6.2
      python-nova-18.2.4~dev63-3.19.3
      python-octavia-3.2.2~dev8-3.19.1
      python-openstack_auth-14.1.1~dev1-3.12.2
      python-sahara-9.0.2~dev15-3.9.2
      python-swift-2.19.2~dev48-3.3.1
      supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1
      venv-openstack-barbican-x86_64-7.0.1~dev24-3.15.1
      venv-openstack-cinder-x86_64-13.0.9~dev11-3.15.1
      venv-openstack-designate-x86_64-7.0.1~dev23-3.15.1
      venv-openstack-glance-x86_64-17.0.1~dev30-3.13.1
      venv-openstack-heat-x86_64-11.0.3~dev31-3.15.1
      venv-openstack-horizon-x86_64-14.1.1~dev1-4.14.2
      venv-openstack-ironic-x86_64-11.1.4~dev22-4.11.1
      venv-openstack-keystone-x86_64-14.1.1~dev36-3.15.1
      venv-openstack-magnum-x86_64-7.2.1~dev1-4.15.1
      venv-openstack-manila-x86_64-7.3.1~dev15-3.15.1
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.15.1
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.13.1
      venv-openstack-neutron-x86_64-13.0.7~dev48-6.15.1
      venv-openstack-nova-x86_64-18.2.4~dev63-3.15.1
      venv-openstack-octavia-x86_64-3.2.2~dev8-4.15.1
      venv-openstack-sahara-x86_64-9.0.2~dev15-3.15.1
      venv-openstack-swift-x86_64-2.19.2~dev48-2.10.1


References:

   https://www.suse.com/security/cve/CVE-2018-17954.html
   https://www.suse.com/security/cve/CVE-2019-13117.html
   https://www.suse.com/security/cve/CVE-2019-16770.html
   https://bugzilla.suse.com/1117080
   https://bugzilla.suse.com/1152007
   https://bugzilla.suse.com/1154235
   https://bugzilla.suse.com/1156305
   https://bugzilla.suse.com/1156914
   https://bugzilla.suse.com/1157028
   https://bugzilla.suse.com/1157206
   https://bugzilla.suse.com/1157482
   https://bugzilla.suse.com/1158581
   https://bugzilla.suse.com/1158675
   https://bugzilla.suse.com/1161351
   https://bugzilla.suse.com/1161721



More information about the sle-security-updates mailing list