SUSE-SU-2021:2554-1: moderate: Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jul 28 19:20:07 UTC 2021
SUSE Security Update: Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2554-1
Rating: moderate
References: #1019074 #1044849 #1057496 #1073879 #1113302
#1123064 #1143893 #1166139 #1176784 #1179805
#1180507 #1181277 #1181278 #1181689 #1181828
#1182433 #1183174 #1183803 #1184148 #1185623
#1185836 #1186608 #1186611 #940812 ECO-3105
PM-2352 SCRD-8523 SOC-11422 SOC-11470 SOC-11471
SOC-11521 SOC-11523 SOC-11525 SOC-9876
Cross-References: CVE-2017-11481 CVE-2017-11499 CVE-2017-5929
CVE-2019-25025 CVE-2020-17516 CVE-2020-26247
CVE-2020-29651 CVE-2021-21238 CVE-2021-21239
CVE-2021-21419 CVE-2021-23336 CVE-2021-27358
CVE-2021-28658 CVE-2021-31542 CVE-2021-33203
CVE-2021-33571
CVSS scores:
CVE-2017-11481 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2017-11481 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVE-2017-11499 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-11499 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-5929 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-25025 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-25025 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-17516 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-17516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-26247 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-26247 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-29651 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-21238 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21238 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21239 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21239 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-23336 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
CVE-2021-23336 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28658 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-28658 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-31542 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-31542 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-33203 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-33571 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-33571 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
An update that solves 16 vulnerabilities, contains 10
features and has 8 fixes is now available.
Description:
This update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core,
crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana,
openstack-heat-templates, openstack-monasca-installer, openstack-nova,
python-Django, python-elementpath, python-eventlet, python-py,
python-pysaml2, python-six, python-xmlschema fixes the following issues:
Security fixes included on this update:
cassandra-kit:
- CVE-2020-17516: Internode encryption enforcement vulnerability
cassandra:
- CVE-2020-17516: Internode encryption enforcement vulnerability
- CVE-2017-5929 logback: Fixed a serialization vulnerability in
SocketServer and ServerSocketReceiver
crowbar-core: CVE-2020-26247: Potentially XXE or SSRF attacks by parsed
Nokogiri::XML::Schema
grafana:
- CVE-2021-27358: Unauthenticated remote attackers to trigger a Denial of
Service via a remote API call
kibana:
- CVE-2017-11481: Fixed an XSS via URL fields
- CVE-2017-11499: Fixed a constant hashtable seeds vulnerability
python-Django:
- CVE-2021-28658: Potential directory-traversal via uploaded files
- CVE-2021-31542: Potential directory-traversal via uploaded files
- CVE-2021-33203: Potential directory traversal via admindocs
- CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since
validators accepted leading zeros in IPv4 addresses
- CVE-2021-23336: Fixed web cache poisoning via
django.utils.http.limited_parse_qsl
python-eventlet:
- CVE-2021-21419: Improper handling of highly compressed data and memory
allocation with excessive size value
python-pysaml2:
- CVE-2021-21238: Fixed an improper verification of cryptographic
signatures for signed SAML documents
- CVE-2021-21239: Fixed an improper verification of cryptographic
signatures when using CryptoBackendXmlSec1()_
python-py:
- CVE-2020-29651: Regular expression denial of service in svnwc.py
rubygem-activerecord-session_store:
- CVE-2019-25025: Fixed a hijack sessions by using timing attacks
targeting the session id CVE-2019-16782
Non-security fixes included on this update:
Changes in ardana-cobbler:
- Update to version 8.0+git.1614096566.e8c2b27:
* Change install_recommended to true (bsc#1181828)
Changes in cassandra:
- update to 3.11.10 (bsc#1181689, CVE-2020-17516)
* Fix digest computation for queries with fetched but non queried columns
(CASSANDRA-15962)
* Reduce amount of allocations during batch statement execution
(CASSANDRA-16201)
* Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
* Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
* Rate limit validation compactions using
compaction_throughput_mb_per_sec (CASSANDRA-16161)
* SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert
to default of 1GB (CASSANDRA-16071)
* Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
* Improve empty hint file handling during startup (CASSANDRA-16162)
* Allow empty string in collections with COPY FROM in cqlsh
(CASSANDRA-16372)
* Fix skipping on pre-3.0 created compact storage sstables due to missing
primary key liveness (CASSANDRA-16226)
* Extend the exclusion of replica filtering protection to other indices
instead of just SASI (CASSANDRA-16311)
* Synchronize transaction logs for JBOD (CASSANDRA-16225)
* Fix the counting of cells per partition (CASSANDRA-16259)
* Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
* Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
* Improved check of num_tokens against the length of initial_token
(CASSANDRA-14477)
* Fix a race condition on ColumnFamilyStore and TableMetrics
(CASSANDRA-16228)
* Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
* Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
* Prevent invoking enable/disable gossip when not in NORMAL
(CASSANDRA-16146)
* Wait for schema agreement when bootstrapping (CASSANDRA-15158)
* Fix the histogram merge of the table metrics (CASSANDRA-16259)
* Synchronize Keyspace instance store/clear (CASSANDRA-16210)
* Fix ColumnFilter to avoid querying cells of unselected complex columns
(CASSANDRA-15977)
* Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
* Don't attempt value skipping with mixed version cluster
(CASSANDRA-15833)
* Avoid failing compactions with very large partitions (CASSANDRA-15164)
* Make sure LCS handles duplicate sstable added/removed notifications
correctly (CASSANDRA-14103)
* Fix OOM when terminating repair session (CASSANDRA-15902)
* Avoid marking shutting down nodes as up after receiving gossip shutdown
message (CASSANDRA-16094)
* Check SSTables for latest version before dropping compact storage
(CASSANDRA-16063)
* Handle unexpected columns due to schema races (CASSANDRA-15899)
* Add flag to ignore unreplicated keyspaces during repair
(CASSANDRA-15160)
* Package tools/bin scripts as executable (CASSANDRA-16151)
* Fixed a NullPointerException when calling nodetool enablethrift
(CASSANDRA-16127)
* Correctly interpret SASI's `max_compaction_flush_memory_in_mb` setting
in megabytes not bytes (CASSANDRA-16071)
* Fix short read protection for GROUP BY queries (CASSANDRA-15459)
* Frozen RawTuple is not annotated with frozen in the toString method
(CASSANDRA-15857) Merged from 3.0:
* Use IF NOT EXISTS for index and UDT create statements in snapshot
schema files (CASSANDRA-13935)
* Fix gossip shutdown order (CASSANDRA-15816)
* Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
* Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
* Operational improvements and hardening for replica filtering protection
(CASSANDRA-15907)
* stop_paranoid disk failure policy is ignored on CorruptSSTableException
after node is up (CASSANDRA-15191)
* Forbid altering UDTs used in partition keys (CASSANDRA-15933)
* Fix empty/null json string representation (CASSANDRA-15896)
* 3.x fails to start if commit log has range tombstones from a column
which is also deleted (CASSANDRA-15970)
* Handle difference in timestamp precision between java8 and java11 in
LogFIle.java (CASSANDRA-16050) Merged from 2.2:
* Fix CQL parsing of collections when the column type is reversed
(CASSANDRA-15814)
* Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
* Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
* Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
* Fix CQL formatting of read command restrictions for slow query log
(CASSANDRA-15503)
* Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
* Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
* Avoid hinted handoff per-host throttle being arounded to 0 in large
cluster (CASSANDRA-15859)
* Avoid emitting empty range tombstones from RangeTombstoneList
(CASSANDRA-15924)
* Avoid thread starvation, and improve compare-and-swap performance, in
the slab allocators (CASSANDRA-15922)
* Add token to tombstone warning and error messages (CASSANDRA-15890)
* Fixed range read concurrency factor computation and capped as 10 times
tpc cores (CASSANDRA-15752)
* Catch exception on bootstrap resume and init native transport
(CASSANDRA-15863)
* Fix replica-side filtering returning stale data with CL > ONE
(CASSANDRA-8272, CASSANDRA-8273)
* Fix duplicated row on 2.x upgrades when multi-rows range tombstones
interact with collection ones (CASSANDRA-15805)
* Rely on snapshotted session infos on StreamResultFuture.maybeComplete
to avoid race conditions (CASSANDRA-15667)
* EmptyType doesn't override writeValue so could attempt to write bytes
when expected not to (CASSANDRA-15790)
* Fix index queries on partition key columns when some partitions
contains only static data (CASSANDRA-13666)
* Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
* liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if
IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
* Fix Debian init start/stop (CASSANDRA-15770)
* Fix infinite loop on index query paging in tables with clustering
(CASSANDRA-14242)
* Fix chunk index overflow due to large sstable with small chunk length
(CASSANDRA-15595)
* Allow selecting static column only when querying static index
(CASSANDRA-14242)
* cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
* Don't skip sstables in slice queries based only on local
min/max/deletion timestamp (CASSANDRA-15690)
* Memtable memory allocations may deadlock (CASSANDRA-15367)
* Run evictFromMembership in GossipStage (CASSANDRA-15592)
* Fix nomenclature of allow and deny lists (CASSANDRA-15862)
* Remove generated files from source artifact (CASSANDRA-15849)
* Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
* Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
* Disable JMX rebinding (CASSANDRA-15653)
* Fix writing of snapshot manifest when the table has table-backed
secondary indexes (CASSANDRA-10968)
* Fix parse error in cqlsh COPY FROM and formatting for map of blobs
(CASSANDRA-15679)
* Fix Commit log replays when static column clustering keys are
collections (CASSANDRA-14365)
* Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
* Allow EXTRA_CLASSPATH to work on tar/source installations
(CASSANDRA-15567)
* Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
upgrade and in sstablescrub (CASSANDRA-15035)
* Fix nodetool compactionstats showing extra pending task for TWCS -
patch implemented (CASSANDRA-15409)
* Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
* Fix LegacyLayout to have same behavior as 2.x when handling unknown
column names (CASSANDRA-15081)
* Update nodetool help stop output (CASSANDRA-15401)
* Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
* Include updates to static column in mutation size calculations
(CASSANDRA-15293)
* Fix point-in-time recoevery ignoring timestamp of updates to static
columns (CASSANDRA-15292)
* GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
* Fix sstabledump's position key value when partitions have multiple rows
(CASSANDRA-14721)
* Avoid over-scanning data directories in LogFile.verify()
(CASSANDRA-15364)
* Bump generations and document changes to system_distributed and
system_traces in 3.0, 3.11 (CASSANDRA-15441)
* Fix system_traces creation timestamp; optimise system keyspace upgrades
(CASSANDRA-15398)
* Fix various data directory prefix matching issues (CASSANDRA-13974)
* Minimize clustering values in metadata collector (CASSANDRA-15400)
* Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
* validate value sizes in LegacyLayout (CASSANDRA-15373)
* Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by
default (CASSANDRA-15385)
* Make sure index summary redistribution does not start when compactions
are paused (CASSANDRA-15265)
* Ensure legacy rows have primary key livenessinfo when they contain
illegal cells (CASSANDRA-15365)
* Fix race condition when setting bootstrap flags (CASSANDRA-14878)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
* In-JVM DTest: Set correct internode message version for upgrade test
(CASSANDRA-15371)
* In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SASI non-literal string comparisons (range operators)
(CASSANDRA-15169)
* Make sure user defined compaction transactions are always closed
(CASSANDRA-15123)
* Fix cassandra-env.sh to use $CASSANDRA_CONF to find
cassandra-jaas.config (CASSANDRA-14305)
* Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
* Add flag to disable SASI indexes, and warnings on creation
(CASSANDRA-14866)
* Add ability to cap max negotiable protocol version (CASSANDRA-15193)
* Gossip tokens on startup if available (CASSANDRA-15335)
* Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
* Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
* Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when
upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
* Fix NPE when using allocate_tokens_for_keyspace on new DC/rack
(CASSANDRA-14952)
* Filter sstables earlier when running cleanup (CASSANDRA-15100)
* Use mean row count instead of mean column count for index selectivity
calculation (CASSANDRA-15259)
* Avoid updating unchanged gossip states (CASSANDRA-15097)
* Prevent recreation of previously dropped columns with a different kind
(CASSANDRA-14948)
* Prevent client requests from blocking on executor task queue
(CASSANDRA-15013)
* Toughen up column drop/recreate type validations (CASSANDRA-15204)
* LegacyLayout should handle paging states that cross a collection column
(CASSANDRA-15201)
* Prevent RuntimeException when username or password is empty/null
(CASSANDRA-15198)
* Multiget thrift query returns null records after digest mismatch
(CASSANDRA-14812)
* Skipping illegal legacy cells can break reverse iteration of indexed
partitions (CASSANDRA-15178)
* Handle paging states serialized with a different version than the
session's (CASSANDRA-15176)
* Throw IOE instead of asserting on unsupporter peer versions
(CASSANDRA-15066)
* Update token metadata when handling MOVING/REMOVING_TOKEN events
(CASSANDRA-15120)
* Add ability to customize cassandra log directory using
$CASSANDRA_LOG_DIR (CASSANDRA-15090)
* Skip cells with illegal column names when reading legacy sstables
(CASSANDRA-15086)
* Fix assorted gossip races and add related runtime checks
(CASSANDRA-15059)
* Fix mixed mode partition range scans with limit (CASSANDRA-15072)
* cassandra-stress works with frozen collections: list and set
(CASSANDRA-14907)
* Fix handling FS errors on writing and reading flat files -
LogTransaction and hints (CASSANDRA-15053)
* Avoid double closing the iterator to avoid overcounting the number of
requests (CASSANDRA-15058)
* Improve `nodetool status -r` speed (CASSANDRA-14847)
* Improve merkle tree size and time on heap (CASSANDRA-14096)
* Add missing commands to nodetool_completion (CASSANDRA-14916)
* Anti-compaction temporarily corrupts sstable state for readers
(CASSANDRA-15004)
* Catch non-IOException in FileUtils.close to make sure that all
resources are closed (CASSANDRA-15225)
* Handle exceptions during authentication/authorization (CASSANDRA-15041)
* Support cross version messaging in in-jvm upgrade dtests
(CASSANDRA-15078)
* Fix index summary redistribution cancellation (CASSANDRA-15045)
* Fixing invalid CQL in security documentation (CASSANDRA-15020)
* Allow instance class loaders to be garbage collected for inJVM dtest
(CASSANDRA-15170)
* Add support for network topology and query tracing for inJVM dtest
(CASSANDRA-15319)
* Correct sstable sorting for garbagecollect and levelled compaction
(CASSANDRA-14870)
* Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
* Add a script to make running the cqlsh tests in cassandra repo easier
(CASSANDRA-14951)
* If SizeEstimatesRecorder misses a 'onDropTable' notification, the
size_estimates table will never be cleared for that table.
(CASSANDRA-14905)
* Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters
(CASSANDRA-14958)
* Streaming needs to synchronise access to LifecycleTransaction
(CASSANDRA-14554)
* Fix cassandra-stress write hang with default options (CASSANDRA-14616)
* Differentiate between slices and RTs when decoding legacy bounds
(CASSANDRA-14919)
* Netty epoll IOExceptions caused by unclean client disconnects being
logged at INFO (CASSANDRA-14909)
* Unfiltered.isEmpty conflicts with Row extends
AbstractCollection.isEmpty (CASSANDRA-14588)
* RangeTombstoneList doesn't properly clean up mergeable or superseded
rts in some cases (CASSANDRA-14894)
* Fix handling of collection tombstones for dropped columns from legacy
sstables (CASSANDRA-14912)
* Throw exception if Columns serialized subset encode more columns than
possible (CASSANDRA-14591)
* Drop/add column name with different Kind can result in corruption
(CASSANDRA-14843)
* Fix missing rows when reading 2.1 SSTables with static columns in 3.0
(CASSANDRA-14873)
* Move TWCS message 'No compaction necessary for bucket size' to Trace
level (CASSANDRA-14884)
* Sstable min/max metadata can cause data loss (CASSANDRA-14861)
* Dropped columns can cause reverse sstable iteration to return
prematurely (CASSANDRA-14838)
* Legacy sstables with multi block range tombstones create invalid bound
sequences (CASSANDRA-14823)
* Expand range tombstone validation checks to multiple interim request
stages (CASSANDRA-14824)
* Reverse order reads can return incomplete results (CASSANDRA-14803)
* Avoid calling iter.next() in a loop when notifying indexers about range
tombstones (CASSANDRA-14794)
* Fix purging semi-expired RT boundaries in reversed iterators
(CASSANDRA-14672)
* DESC order reads can fail to return the last Unfiltered in the
partition (CASSANDRA-14766)
* Fix corrupted collection deletions for dropped columns in 3.0 2.{1,2}
messages (CASSANDRA-14568)
* Fix corrupted static collection deletions in 3.0 2.{1,2} messages
(CASSANDRA-14568)
* Handle failures in parallelAllSSTableOperation
(cleanup/upgradesstables/etc) (CASSANDRA-14657)
* Improve TokenMetaData cache populating performance avoid long locking
(CASSANDRA-14660)
* Backport: Flush netty client messages immediately (not by default)
(CASSANDRA-13651)
* Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
* sstableloader should use discovered broadcast address to connect
intra-cluster (CASSANDRA-14522)
* Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
* Don't enable client transports when bootstrap is pending
(CASSANDRA-14525)
* MigrationManager attempts to pull schema from different major version
nodes (CASSANDRA-14928)
* Fix incorrect cqlsh results when selecting same columns multiple times
(CASSANDRA-13262)
* Returns null instead of NaN or Infinity in JSON strings
(CASSANDRA-14377)
* Paged Range Slice queries with DISTINCT can drop rows from results
(CASSANDRA-14956)
* Validate supported column type with SASI analyzer (CASSANDRA-13669)
* Remove BTree.Builder Recycler to reduce memory usage (CASSANDRA-13929)
* Reduce nodetool GC thread count (CASSANDRA-14475)
* Fix New SASI view creation during Index Redistribution (CASSANDRA-14055)
* Remove string formatting lines from BufferPool hot path
(CASSANDRA-14416)
* Update metrics to 3.1.5 (CASSANDRA-12924)
* Detect OpenJDK jvm type and architecture (CASSANDRA-12793)
* Don't use guava collections in the non-system keyspace jmx attributes
(CASSANDRA-12271)
* Allow existing nodes to use all peers in shadow round (CASSANDRA-13851)
* Fix cqlsh to read connection.ssl cqlshrc option again (CASSANDRA-14299)
* Downgrade log level to trace for CommitLogSegmentManager
(CASSANDRA-14370)
* CQL fromJson(null) throws NullPointerException (CASSANDRA-13891)
* Serialize empty buffer as empty string for json output format
(CASSANDRA-14245)
* Allow logging implementation to be interchanged for embedded testing
(CASSANDRA-13396)
* SASI tokenizer for simple delimiter based entries (CASSANDRA-14247)
* Fix Loss of digits when doing CAST from varint/bigint to decimal
(CASSANDRA-14170)
* RateBasedBackPressure unnecessarily invokes a lock on the Guava
RateLimiter (CASSANDRA-14163)
* Fix wildcard GROUP BY queries (CASSANDRA-14209)
* Fix corrupted static collection deletions in 3.0 -> 2.{1,2} messages
(CASSANDRA-14568)
* Fix potential IndexOutOfBoundsException with counters (CASSANDRA-14167)
* Always close RT markers returned by ReadCommand#executeLocally()
(CASSANDRA-14515)
* Reverse order queries with range tombstones can cause data loss
(CASSANDRA-14513)
* Fix regression of lagging commitlog flush log message (CASSANDRA-14451)
* Add Missing dependencies in pom-all (CASSANDRA-14422)
* Cleanup StartupClusterConnectivityChecker and PING Verb
(CASSANDRA-14447)
* Fix deprecated repair error notifications from 3.x clusters to legacy
JMX clients (CASSANDRA-13121)
* Cassandra not starting when using enhanced startup scripts in windows
(CASSANDRA-14418)
* Fix progress stats and units in compactionstats (CASSANDRA-12244)
* Better handle missing partition columns in system_schema.columns
(CASSANDRA-14379)
* Delay hints store excise by write timeout to avoid race with
decommission (CASSANDRA-13740)
* Deprecate background repair and probablistic read_repair_chance table
options (CASSANDRA-13910)
* Add missed CQL keywords to documentation (CASSANDRA-14359)
* Fix unbounded validation compactions on repair / revert CASSANDRA-13797
(CASSANDRA-14332)
* Avoid deadlock when running nodetool refresh before node is fully up
(CASSANDRA-14310)
* Handle all exceptions when opening sstables (CASSANDRA-14202)
* Handle incompletely written hint descriptors during startup
(CASSANDRA-14080)
* Handle repeat open bound from SRP in read repair (CASSANDRA-14330)
* Respect max hint window when hinting for LWT (CASSANDRA-14215)
* Adding missing WriteType enum values to v3, v4, and v5 spec
(CASSANDRA-13697)
* Don't regenerate bloomfilter and summaries on startup (CASSANDRA-11163)
* Fix NPE when performing comparison against a null frozen in LWT
(CASSANDRA-14087)
* Log when SSTables are deleted (CASSANDRA-14302)
* Fix batch commitlog sync regression (CASSANDRA-14292)
* Write to pending endpoint when view replica is also base replica
(CASSANDRA-14251)
* Chain commit log marker potential performance regression in batch
commit mode (CASSANDRA-14194)
* Fully utilise specified compaction threads (CASSANDRA-14210)
* Pre-create deletion log records to finish compactions quicker
(CASSANDRA-12763)
* Fix bug that prevented compaction of SSTables after full repairs
(CASSANDRA-14423)
* Incorrect counting of pending messages in OutboundTcpConnection
(CASSANDRA-11551)
* Fix compaction failure caused by reading un-flushed data
(CASSANDRA-12743)
* Use Bounds instead of Range for sstables in anticompaction
(CASSANDRA-14411)
* Fix JSON queries with IN restrictions and ORDER BY clause
(CASSANDRA-14286)
* Backport circleci yaml (CASSANDRA-14240)
* Check checksum before decompressing data (CASSANDRA-14284)
* CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
(CASSANDRA-14183)
- Use %license macro
Changes in cassandra-kit:
- Update to Cassandra 3.11.10 (bsc#1181689, CVE-2020-17516)
Changes in crowbar-core:
- Update to version 5.0+git.1622489449.a8e60e238:
* avoid v4.1.5 of delayed_job_active_record (noref)
* add CVE-2020-26247 to travis ignore list (bsc#1180507)
Changes in crowbar-openstack:
- Update to version 5.0+git.1616001417.67fd9c2a1:
* monasca: restart Kibana on update (bsc#1044849)
- Update to version 5.0+git.1615542070.7841c34b7:
* monasca: fix monasca-server reinstall state check (SOC-11471)
Changes in documentation-suse-openstack-cloud:
- Update to version 8.20210512:
* Moved Monasca deployment to immediately after keystone (SOC-11525)
(#1312)
- Update to version 8.20210511:
* Update the correct SLES version to suse-12.3 (SOC-11521) (#1321)
* Renamed the repo name from SLE12-SP3-HA to SLE-HA12-SP3 (SOC-11523)
(#1320)
- Update to version 8.20210511:
* Add bm-power-status playbook to add sles compute section (#1317)
- Update to version 8.20210507:
* Add instructions for checking MySQL cert expiry (SOC-11422) (#1311)
- Update to version 8.20210304:
* Add nova and heat db purge cron jobs to maintenance section (SOC-9876)
(#1307)
Changes in grafana:
- Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
* Prevent unauthenticated remote attackers from causing a DoS through
the snapshots API.
Changes in kibana:
- Ensure /etc/sysconfig/kibana is present
- Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14,
ESA-2017-16)
* [4.6] ignore forked code for babel transpile build phase (#13483)
* Allow more than match queries in custom filters (#8614) (#10857)
* [state] don't make extra $location.replace() calls (#9954)
* [optimizer] move to querystring-browser package for up-to-date api
* [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
* server: refactor log_interceptor to be more DRY (#9617)
* server: downgrade ECANCELED logs to debug (#9616)
* server: do not treat logged warnings as errors (#8746) (#9610)
* [server/logger] downgrade EPIPE errors to debug level (#9023)
* Add basepath when redirecting from a trailling slash (#9035)
* [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
* [server/shortUrl] validate urls before shortening them
- Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
* This fixes an XSS vulnerability in URL fields
- Remove %dir declaration from /opt/kibana/optimize to ensure no files
owned by root end up in there
- Exclude /opt/kibana/optimize from %fdupes
- Restart service on upgrade
- Do not copy LICENSE.txt and README.txt to /opt/kibana
- Fix rpmlint warnings/errors
- Switch to explicit patch application
- Fix source URL
- Fix logic for systemd/systemv detection
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1623056900.7917e18:
* Fix zuul config for heat-templates-check
- Update to version 0.0.0+git.1621405516.71a0f7a:
* Remove testr
Changes in openstack-monasca-installer:
- Add 0001-fix-influxdb-stop-task.patch (SOC-11470)
- Add 0001-fix-cassandra-deployment.patch (SOC-11470)
Changes in openstack-nova:
- Update to version nova-16.1.9.dev92:
* Lowercase ironic driver hash ring and ignore case in cache
* Include only required fields in ironic node cache
* Add resource\_class to fields in ironic node cache
- Update to version nova-16.1.9.dev86:
* [stable-only] Move grenade jobs to experimental
* Update resources once in update\_available\_resource
* rt: Make resource tracker always invoking get\_inventory()
- Update to version nova-16.1.9.dev81:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
- Update to version nova-16.1.9.dev80:
* [placement] Add status and links fields to version document at /
Changes in openstack-nova:
- Update to version nova-16.1.9.dev92:
* Lowercase ironic driver hash ring and ignore case in cache
* Include only required fields in ironic node cache
* Add resource\_class to fields in ironic node cache
- Update to version nova-16.1.9.dev86:
* [stable-only] Move grenade jobs to experimental
* Update resources once in update\_available\_resource
* rt: Make resource tracker always invoking get\_inventory()
- Update to version nova-16.1.9.dev81:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
- Update to version nova-16.1.9.dev80:
* [placement] Add status and links fields to version document at /
Changes in python-Django:
- Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
* Fixed potential path-traversal via admindocs' TemplateDetailView.
- Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
* Prevented leading zeros in IPv4 addresses.
- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
* Fixed CVE-2021-31542 -- Tightened path and file name sanitation in
file uploads.
- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
* Fixed potential directory-traversal via uploaded files
- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
* Fixed web cache poisoning via django.utils.http.limited_parse_qsl()
Changes in python-eventlet:
- Add 0001-websocket-fd-leak-when-client-did-not-close-connecti.patch
- Add 0002-websocket-Limit-maximum-uncompressed-frame-length-to.patch
(bsc#1185836 CVE-2021-21419)
* websocket: Limit maximum uncompressed frame length to 8MiB
Changes in python-py:
- Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
* svnwc: fix regular expression vulnerable to DoS in blame functionality
Changes in python-pysaml2:
- Add %dir declaration for %{_licensedir}
- Fix CVE-2021-21238, bsc#1181277 with 0004-Strengthen-XSW-tests.patch ,
0005-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
0006-Add-xsd-schemas.patch ,
0007-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch . This adds a
dependency on python-xmlschema, which depends on python-elementpath and
build depends python-pathlib2, which depends on python-scandir, thus all
these need to be added for this to work. The used python-xmlschema needs
to support the sandbox argument which was added in 1.2.0 and refined in
1.2.1, but that version doesn't support python2, so a patched version
that does both is needed.
0009-Make-previous-commits-python2-compatible.patch to not add a
dependency on reportlib_resources and make other changes python2
compatible.
- Fix CVE-2021-21239, bsc#1181278 with
0008-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch
Changes in venv-openstack-keystone:
- Add python-xmlschema and python-elementpath for new python-pysaml2
version.
Changes in python-xmlschema:
- Add missed BuildRequires on pathlib2
- Add 3 patches to backport sandbox argument, which is needed by a
security fix in python-pysaml2 and one patch to make backport python2
compatible.
- Upstream url changed
- Add rpmlintrc to make it work on Leap 42.3
- Update to 1.0.18:
* Fix for *ModelVisitor.iter_unordered_content()*
* Fixed default converter, AbderaConverter and JsonMLConverter for
xs:anyType decode
* Fixed validation tests with all converters
* Added UnorderedConverter to validation tests
- Update to 1.0.17:
* Enhancement of validation-only speed (~15%)
* Added *is_valid()* and *iter_errors()* to module API
- Update to 1.0.16:
* Improved XMLResource class for working with compressed files
* Fix for validation with XSD wildcards and 'lax' process content
* Fix ambiguous items validation for xs:choice and xs:sequence models
- Handle UnicodeDecodeErrors during build process
- Update to 1.0.15:
* Improved XPath 2.0 bindings
* Added logging for schema initialization and building (handled with
argument loglevel)
* Update encoding of collapsed contents with a new model based
reordering method
* Removed XLink namespace from meta-schema (loaded from a fallback
location like XHTML)
* Fixed half of failed W3C instance tests (remain 255 over 15344 tests)
- Initial commit, needed by pytest 5.1.2
Changes in python-elementpath:
- Update to 1.3.1:
* Improved schema proxy
* Improved XSD type matching using paths
* Cached parent path for XPathContext (only Python 3)
* Improve typed selection with TypedAttribute and TypedElement
named-tuples
* Add iter_results to XPathContext
* Remove XMLSchemaProxy from package
* Fix descendant shortcut operator '//'
* Fix text() function
* Fix typed select of '(name)' token
* Fix 24-hour time for DateTime
- Skip test_hashing to fix 32bit builds
- Initial commit needed by python-xmlschema
Changes in python-six:
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix testsuite on SLE-12
+ Add python to BuildRequires for suse_version less 1500
- Fix dbm deps as the MU for provides: python-dbm was not released
on sle12 yet
- Add requirement on pytest > 4.0 to see the pytest module works with this
MU
- Do not cause buildcycle with previous change but rather install the
egg-info prepared metadata from the tarball
- use setuptools for building to support pip 10.x (bsc#1166139)
- update to 1.14.0
* Add `six.assertNotRegex`
* `six.moves._dummy_thread` now points to the `_thread` module on Python
3.9+. Python 3.7 and later requires threading and deprecated the
`_dummy_thread` module
* Remove support for Python 2.6 and Python 3.2
* `six.wraps` now ignores missing attributes
- Pull in dbm/gdbm module from python for testing
- update to 0.13.0:
- Issue #298, pull request #299: Add `six.moves.dbm_ndbm`.
- Issue #155: Add `six.moves.collections_abc`, which aliases the
`collections` module on Python 2-3.2 and the `collections.abc` on
Python 3.3 and greater.
- Pull request #304: Re-add distutils fallback in `setup.py`.
- Pull request #305: On Python 3.7, `with_metaclass` supports classes
using PEP
- Simplify the pytest call
- Fix pytest call
- Fixdocumentation package generating
- Change %pretrans back to %pre to fix bootstrap issue boo#1123064
bsc#1143893
- Require just base python module, even full python is too much and it is
not required here
- Update to 0.12.0:
* `six.add_metaclass` now preserves `__qualname__` from the
original class.
* Add `six.ensure_binary`, `six.ensure_text`, and `six.ensure_str`.
- Because of cyclical dependencies between six and Sphinx, we need to to
do multibuild.
- Include in SLE-12 (FATE#326838, bsc#1113302)
- remove egg-info directory in %pretrans
- fix egg-info directory pattern
- match any version of egg-info for a certain python version
- Break the cycilical dependency on python-setuptools.
- Remove argparse dependency
- build python3 subpackage (FATE#324435, bsc#1073879)
- remove egg-info directory before installation if it exists, because
setuptools produce directory and six switched to distutils that produce
a file (and because rpm can't handle that by itself) fixes bsc#1057496
- Fix Source url
- README->README.rst, add CHANGES
- update to version 1.11.0:
* Pull request #178: `with_metaclass` now properly proxies `__prepare__`
to the underlying metaclass.
* Pull request #191: Allow `with_metaclass` to work with metaclasses
implemented in C.
* Pull request #203: Add parse_http_list and parse_keqv_list to moved
urllib.request.
* Pull request #172 and issue #171: Add unquote_to_bytes to moved
urllib.parse.
* Pull request #167: Add `six.moves.getoutput`.
* Pull request #80: Add `six.moves.urllib_parse.splitvalue`.
* Pull request #75: Add `six.moves.email_mime_image`.
* Pull request #72: Avoid creating reference cycles through tracebacks
in `reraise`.
- Submit 1.9.0 to SLE-12 (fate#319030, fate#318838, bsc#940812)
- sanitize release line in specfile
Changes in
rubygem-activerecord-session_store.SUSE_SLE-12-SP4_Update_Products_Cloud9_U
pdate:
- added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
* This requires CVE-2019-16782.patch to be included in
rubygem-actionpack-4_2 to work correctly.
Changes in venv-openstack-keystone:
- Add python-xmlschema and python-elementpath for new python-pysaml2
version.
- Add python-defusedxml (bsc#1019074)
- Inherit version number of venv from main component (SCRD-8523)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2554=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2554=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2021-2554=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
crowbar-openstack-5.0+git.1616001417.67fd9c2a1-4.52.5
documentation-suse-openstack-cloud-deployment-8.20210512-1.32.5
documentation-suse-openstack-cloud-supplement-8.20210512-1.32.5
documentation-suse-openstack-cloud-upstream-admin-8.20210512-1.32.5
documentation-suse-openstack-cloud-upstream-user-8.20210512-1.32.5
openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
openstack-monasca-installer-20190923_16.32-3.18.2
openstack-nova-16.1.9~dev92-3.48.5
openstack-nova-api-16.1.9~dev92-3.48.5
openstack-nova-cells-16.1.9~dev92-3.48.5
openstack-nova-compute-16.1.9~dev92-3.48.5
openstack-nova-conductor-16.1.9~dev92-3.48.5
openstack-nova-console-16.1.9~dev92-3.48.5
openstack-nova-consoleauth-16.1.9~dev92-3.48.5
openstack-nova-doc-16.1.9~dev92-3.48.5
openstack-nova-novncproxy-16.1.9~dev92-3.48.5
openstack-nova-placement-api-16.1.9~dev92-3.48.5
openstack-nova-scheduler-16.1.9~dev92-3.48.5
openstack-nova-serialproxy-16.1.9~dev92-3.48.5
openstack-nova-vncproxy-16.1.9~dev92-3.48.5
python-Django-1.11.29-3.25.3
python-elementpath-1.3.1-1.3.2
python-eventlet-0.20.0-6.3.3
python-nova-16.1.9~dev92-3.48.5
python-py-1.4.34-3.3.3
python-pysaml2-4.0.2-5.9.2
python-xmlschema-1.0.18-1.3.3
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
cassandra-3.11.10-5.3.5
cassandra-debuginfo-3.11.10-5.3.5
cassandra-debugsource-3.11.10-5.3.5
cassandra-tools-3.11.10-5.3.5
crowbar-core-5.0+git.1622489449.a8e60e238-3.50.4
crowbar-core-branding-upstream-5.0+git.1622489449.a8e60e238-3.50.4
grafana-6.7.4-4.18.2
grafana-debuginfo-6.7.4-4.18.2
kibana-4.6.6-3.9.2
kibana-debuginfo-4.6.6-3.9.2
ruby2.1-rubygem-activerecord-session_store-0.1.2-3.3.2
- SUSE OpenStack Cloud 8 (x86_64):
cassandra-3.11.10-5.3.5
cassandra-debuginfo-3.11.10-5.3.5
cassandra-debugsource-3.11.10-5.3.5
cassandra-tools-3.11.10-5.3.5
grafana-6.7.4-4.18.2
grafana-debuginfo-6.7.4-4.18.2
kibana-4.6.6-3.9.2
kibana-debuginfo-4.6.6-3.9.2
- SUSE OpenStack Cloud 8 (noarch):
ardana-cobbler-8.0+git.1614096566.e8c2b27-3.44.3
documentation-suse-openstack-cloud-installation-8.20210512-1.32.5
documentation-suse-openstack-cloud-operations-8.20210512-1.32.5
documentation-suse-openstack-cloud-opsconsole-8.20210512-1.32.5
documentation-suse-openstack-cloud-planning-8.20210512-1.32.5
documentation-suse-openstack-cloud-security-8.20210512-1.32.5
documentation-suse-openstack-cloud-supplement-8.20210512-1.32.5
documentation-suse-openstack-cloud-upstream-admin-8.20210512-1.32.5
documentation-suse-openstack-cloud-upstream-user-8.20210512-1.32.5
documentation-suse-openstack-cloud-user-8.20210512-1.32.5
openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
openstack-monasca-installer-20190923_16.32-3.18.2
openstack-nova-16.1.9~dev92-3.48.5
openstack-nova-api-16.1.9~dev92-3.48.5
openstack-nova-cells-16.1.9~dev92-3.48.5
openstack-nova-compute-16.1.9~dev92-3.48.5
openstack-nova-conductor-16.1.9~dev92-3.48.5
openstack-nova-console-16.1.9~dev92-3.48.5
openstack-nova-consoleauth-16.1.9~dev92-3.48.5
openstack-nova-doc-16.1.9~dev92-3.48.5
openstack-nova-novncproxy-16.1.9~dev92-3.48.5
openstack-nova-placement-api-16.1.9~dev92-3.48.5
openstack-nova-scheduler-16.1.9~dev92-3.48.5
openstack-nova-serialproxy-16.1.9~dev92-3.48.5
openstack-nova-vncproxy-16.1.9~dev92-3.48.5
python-Django-1.11.29-3.25.3
python-elementpath-1.3.1-1.3.2
python-eventlet-0.20.0-6.3.3
python-nova-16.1.9~dev92-3.48.5
python-py-1.4.34-3.3.3
python-pysaml2-4.0.2-5.9.2
python-xmlschema-1.0.18-1.3.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.32.3
venv-openstack-barbican-x86_64-5.0.2~dev3-12.33.3
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.30.3
venv-openstack-cinder-x86_64-11.2.3~dev29-14.34.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.31.3
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.28.3
venv-openstack-glance-x86_64-15.0.3~dev3-12.31.3
venv-openstack-heat-x86_64-9.0.8~dev22-12.33.2
venv-openstack-horizon-x86_64-12.0.5~dev6-14.36.6
venv-openstack-ironic-x86_64-9.1.8~dev8-12.33.3
venv-openstack-keystone-x86_64-12.0.4~dev11-11.35.3
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.32.2
venv-openstack-manila-x86_64-5.1.1~dev5-12.37.3
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.28.3
venv-openstack-monasca-x86_64-2.2.2~dev1-11.28.3
venv-openstack-murano-x86_64-4.0.2~dev2-12.28.3
venv-openstack-neutron-x86_64-11.0.9~dev69-13.38.3
venv-openstack-nova-x86_64-16.1.9~dev92-11.36.3
venv-openstack-octavia-x86_64-1.0.6~dev3-12.33.3
venv-openstack-sahara-x86_64-7.0.5~dev4-11.32.3
venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.23.3
venv-openstack-trove-x86_64-8.0.2~dev2-11.32.3
- HPE Helion Openstack 8 (noarch):
ardana-cobbler-8.0+git.1614096566.e8c2b27-3.44.3
documentation-hpe-helion-openstack-installation-8.20210512-1.32.5
documentation-hpe-helion-openstack-operations-8.20210512-1.32.5
documentation-hpe-helion-openstack-opsconsole-8.20210512-1.32.5
documentation-hpe-helion-openstack-planning-8.20210512-1.32.5
documentation-hpe-helion-openstack-security-8.20210512-1.32.5
documentation-hpe-helion-openstack-user-8.20210512-1.32.5
openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
openstack-monasca-installer-20190923_16.32-3.18.2
openstack-nova-16.1.9~dev92-3.48.5
openstack-nova-api-16.1.9~dev92-3.48.5
openstack-nova-cells-16.1.9~dev92-3.48.5
openstack-nova-compute-16.1.9~dev92-3.48.5
openstack-nova-conductor-16.1.9~dev92-3.48.5
openstack-nova-console-16.1.9~dev92-3.48.5
openstack-nova-consoleauth-16.1.9~dev92-3.48.5
openstack-nova-doc-16.1.9~dev92-3.48.5
openstack-nova-novncproxy-16.1.9~dev92-3.48.5
openstack-nova-placement-api-16.1.9~dev92-3.48.5
openstack-nova-scheduler-16.1.9~dev92-3.48.5
openstack-nova-serialproxy-16.1.9~dev92-3.48.5
openstack-nova-vncproxy-16.1.9~dev92-3.48.5
python-Django-1.11.29-3.25.3
python-elementpath-1.3.1-1.3.2
python-eventlet-0.20.0-6.3.3
python-nova-16.1.9~dev92-3.48.5
python-py-1.4.34-3.3.3
python-pysaml2-4.0.2-5.9.2
python-xmlschema-1.0.18-1.3.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.32.3
venv-openstack-barbican-x86_64-5.0.2~dev3-12.33.3
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.30.3
venv-openstack-cinder-x86_64-11.2.3~dev29-14.34.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.31.3
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.28.3
venv-openstack-glance-x86_64-15.0.3~dev3-12.31.3
venv-openstack-heat-x86_64-9.0.8~dev22-12.33.2
venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.36.3
venv-openstack-ironic-x86_64-9.1.8~dev8-12.33.3
venv-openstack-keystone-x86_64-12.0.4~dev11-11.35.3
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.32.2
venv-openstack-manila-x86_64-5.1.1~dev5-12.37.3
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.28.3
venv-openstack-monasca-x86_64-2.2.2~dev1-11.28.3
venv-openstack-murano-x86_64-4.0.2~dev2-12.28.3
venv-openstack-neutron-x86_64-11.0.9~dev69-13.38.3
venv-openstack-nova-x86_64-16.1.9~dev92-11.36.3
venv-openstack-octavia-x86_64-1.0.6~dev3-12.33.3
venv-openstack-sahara-x86_64-7.0.5~dev4-11.32.3
venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.23.3
venv-openstack-trove-x86_64-8.0.2~dev2-11.32.3
- HPE Helion Openstack 8 (x86_64):
cassandra-3.11.10-5.3.5
cassandra-debuginfo-3.11.10-5.3.5
cassandra-debugsource-3.11.10-5.3.5
cassandra-tools-3.11.10-5.3.5
grafana-6.7.4-4.18.2
grafana-debuginfo-6.7.4-4.18.2
kibana-4.6.6-3.9.2
kibana-debuginfo-4.6.6-3.9.2
References:
https://www.suse.com/security/cve/CVE-2017-11481.html
https://www.suse.com/security/cve/CVE-2017-11499.html
https://www.suse.com/security/cve/CVE-2017-5929.html
https://www.suse.com/security/cve/CVE-2019-25025.html
https://www.suse.com/security/cve/CVE-2020-17516.html
https://www.suse.com/security/cve/CVE-2020-26247.html
https://www.suse.com/security/cve/CVE-2020-29651.html
https://www.suse.com/security/cve/CVE-2021-21238.html
https://www.suse.com/security/cve/CVE-2021-21239.html
https://www.suse.com/security/cve/CVE-2021-21419.html
https://www.suse.com/security/cve/CVE-2021-23336.html
https://www.suse.com/security/cve/CVE-2021-27358.html
https://www.suse.com/security/cve/CVE-2021-28658.html
https://www.suse.com/security/cve/CVE-2021-31542.html
https://www.suse.com/security/cve/CVE-2021-33203.html
https://www.suse.com/security/cve/CVE-2021-33571.html
https://bugzilla.suse.com/1019074
https://bugzilla.suse.com/1044849
https://bugzilla.suse.com/1057496
https://bugzilla.suse.com/1073879
https://bugzilla.suse.com/1113302
https://bugzilla.suse.com/1123064
https://bugzilla.suse.com/1143893
https://bugzilla.suse.com/1166139
https://bugzilla.suse.com/1176784
https://bugzilla.suse.com/1179805
https://bugzilla.suse.com/1180507
https://bugzilla.suse.com/1181277
https://bugzilla.suse.com/1181278
https://bugzilla.suse.com/1181689
https://bugzilla.suse.com/1181828
https://bugzilla.suse.com/1182433
https://bugzilla.suse.com/1183174
https://bugzilla.suse.com/1183803
https://bugzilla.suse.com/1184148
https://bugzilla.suse.com/1185623
https://bugzilla.suse.com/1185836
https://bugzilla.suse.com/1186608
https://bugzilla.suse.com/1186611
https://bugzilla.suse.com/940812
More information about the sle-security-updates
mailing list