SUSE-SU-2021:2554-1: moderate: Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Jul 28 19:20:07 UTC 2021


   SUSE Security Update: Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema 
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:2554-1
Rating:             moderate
References:         #1019074 #1044849 #1057496 #1073879 #1113302 
                    #1123064 #1143893 #1166139 #1176784 #1179805 
                    #1180507 #1181277 #1181278 #1181689 #1181828 
                    #1182433 #1183174 #1183803 #1184148 #1185623 
                    #1185836 #1186608 #1186611 #940812 ECO-3105 
                    PM-2352 SCRD-8523 SOC-11422 SOC-11470 SOC-11471 
                    SOC-11521 SOC-11523 SOC-11525 SOC-9876 
Cross-References:   CVE-2017-11481 CVE-2017-11499 CVE-2017-5929
                    CVE-2019-25025 CVE-2020-17516 CVE-2020-26247
                    CVE-2020-29651 CVE-2021-21238 CVE-2021-21239
                    CVE-2021-21419 CVE-2021-23336 CVE-2021-27358
                    CVE-2021-28658 CVE-2021-31542 CVE-2021-33203
                    CVE-2021-33571
CVSS scores:
                    CVE-2017-11481 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2017-11481 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
                    CVE-2017-11499 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-11499 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-5929 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-25025 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-25025 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17516 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-26247 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-26247 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-29651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-29651 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-21238 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21238 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21239 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21239 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
                    CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-23336 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
                    CVE-2021-23336 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
                    CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28658 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-28658 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-31542 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-31542 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33203 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33571 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
                    CVE-2021-33571 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 16 vulnerabilities, contains 10
   features and has 8 fixes is now available.

Description:

   This update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core,
   crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana,
   openstack-heat-templates, openstack-monasca-installer, openstack-nova,
   python-Django, python-elementpath, python-eventlet, python-py,
   python-pysaml2, python-six, python-xmlschema fixes the following issues:

   Security fixes included on this update:

   cassandra-kit:
   - CVE-2020-17516: Internode encryption enforcement vulnerability

   cassandra:
   - CVE-2020-17516: Internode encryption enforcement vulnerability
   - CVE-2017-5929 logback: Fixed a serialization vulnerability in
     SocketServer and ServerSocketReceiver

   crowbar-core: CVE-2020-26247: Potentially XXE or SSRF attacks by parsed
   Nokogiri::XML::Schema

   grafana:
   - CVE-2021-27358: Unauthenticated remote attackers to trigger a Denial of
     Service via a remote API call

   kibana:
   - CVE-2017-11481: Fixed an XSS via URL fields
   - CVE-2017-11499: Fixed a constant hashtable seeds vulnerability

   python-Django:
   - CVE-2021-28658: Potential directory-traversal via uploaded files
   - CVE-2021-31542: Potential directory-traversal via uploaded files
   - CVE-2021-33203: Potential directory traversal via admindocs
   - CVE-2021-33571: Possible indeterminate SSRF, RFI, and LFI attacks since
     validators accepted leading zeros in IPv4 addresses
   - CVE-2021-23336: Fixed web cache poisoning via
     django.utils.http.limited_parse_qsl

   python-eventlet:
   - CVE-2021-21419: Improper handling of highly compressed data and memory
     allocation with excessive size value

   python-pysaml2:
   - CVE-2021-21238: Fixed an improper verification of cryptographic
     signatures for signed SAML documents
   - CVE-2021-21239: Fixed an improper verification of cryptographic
     signatures when using CryptoBackendXmlSec1()_

   python-py:
   - CVE-2020-29651: Regular expression denial of service in svnwc.py

   rubygem-activerecord-session_store:
   - CVE-2019-25025: Fixed a hijack sessions by using timing attacks
     targeting the session id CVE-2019-16782

   Non-security fixes included on this update:

   Changes in ardana-cobbler:
   - Update to version 8.0+git.1614096566.e8c2b27:
     * Change install_recommended to true (bsc#1181828)

   Changes in cassandra:
   - update to 3.11.10 (bsc#1181689, CVE-2020-17516)
    * Fix digest computation for queries with fetched but non queried columns
      (CASSANDRA-15962)
    * Reduce amount of allocations during batch statement execution
      (CASSANDRA-16201)
    * Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
    * Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
    * Rate limit validation compactions using
      compaction_throughput_mb_per_sec (CASSANDRA-16161)
    * SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert
      to default of 1GB (CASSANDRA-16071)
    * Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
    * Improve empty hint file handling during startup (CASSANDRA-16162)
    * Allow empty string in collections with COPY FROM in cqlsh
      (CASSANDRA-16372)
    * Fix skipping on pre-3.0 created compact storage sstables due to missing
      primary key liveness (CASSANDRA-16226)
    * Extend the exclusion of replica filtering protection to other indices
      instead of just SASI (CASSANDRA-16311)
    * Synchronize transaction logs for JBOD (CASSANDRA-16225)
    * Fix the counting of cells per partition (CASSANDRA-16259)
    * Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
    * Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
    * Improved check of num_tokens against the length of initial_token
      (CASSANDRA-14477)
    * Fix a race condition on ColumnFamilyStore and TableMetrics
      (CASSANDRA-16228)
    * Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
    * Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
    * Prevent invoking enable/disable gossip when not in NORMAL
      (CASSANDRA-16146)
    * Wait for schema agreement when bootstrapping (CASSANDRA-15158)
    * Fix the histogram merge of the table metrics (CASSANDRA-16259)
    * Synchronize Keyspace instance store/clear (CASSANDRA-16210)
    * Fix ColumnFilter to avoid querying cells of unselected complex columns
      (CASSANDRA-15977)
    * Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
    * Don't attempt value skipping with mixed version cluster
      (CASSANDRA-15833)
    * Avoid failing compactions with very large partitions (CASSANDRA-15164)
    * Make sure LCS handles duplicate sstable added/removed notifications
      correctly (CASSANDRA-14103)
    * Fix OOM when terminating repair session (CASSANDRA-15902)
    * Avoid marking shutting down nodes as up after receiving gossip shutdown
      message (CASSANDRA-16094)
    * Check SSTables for latest version before dropping compact storage
      (CASSANDRA-16063)
    * Handle unexpected columns due to schema races (CASSANDRA-15899)
    * Add flag to ignore unreplicated keyspaces during repair
      (CASSANDRA-15160)
    * Package tools/bin scripts as executable (CASSANDRA-16151)
    * Fixed a NullPointerException when calling nodetool enablethrift
      (CASSANDRA-16127)
    * Correctly interpret SASI's `max_compaction_flush_memory_in_mb` setting
      in megabytes not bytes (CASSANDRA-16071)
    * Fix short read protection for GROUP BY queries (CASSANDRA-15459)
    * Frozen RawTuple is not annotated with frozen in the toString method
      (CASSANDRA-15857) Merged from 3.0:
    * Use IF NOT EXISTS for index and UDT create statements in snapshot
      schema files (CASSANDRA-13935)
    * Fix gossip shutdown order (CASSANDRA-15816)
    * Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
    * Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
    * Operational improvements and hardening for replica filtering protection
      (CASSANDRA-15907)
    * stop_paranoid disk failure policy is ignored on CorruptSSTableException
      after node is up (CASSANDRA-15191)
    * Forbid altering UDTs used in partition keys (CASSANDRA-15933)
    * Fix empty/null json string representation (CASSANDRA-15896)
    * 3.x fails to start if commit log has range tombstones from a column
      which is also deleted (CASSANDRA-15970)
    * Handle difference in timestamp precision between java8 and java11 in
      LogFIle.java (CASSANDRA-16050) Merged from 2.2:
    * Fix CQL parsing of collections when the column type is reversed
      (CASSANDRA-15814)
    * Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
    * Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
    * Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
    * Fix CQL formatting of read command restrictions for slow query log
      (CASSANDRA-15503)
    * Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
    * Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
    * Avoid hinted handoff per-host throttle being arounded to 0 in large
      cluster (CASSANDRA-15859)
    * Avoid emitting empty range tombstones from RangeTombstoneList
      (CASSANDRA-15924)
    * Avoid thread starvation, and improve compare-and-swap performance, in
      the slab allocators (CASSANDRA-15922)
    * Add token to tombstone warning and error messages (CASSANDRA-15890)
    * Fixed range read concurrency factor computation and capped as 10 times
      tpc cores (CASSANDRA-15752)
    * Catch exception on bootstrap resume and init native transport
      (CASSANDRA-15863)
    * Fix replica-side filtering returning stale data with CL > ONE
      (CASSANDRA-8272, CASSANDRA-8273)
    * Fix duplicated row on 2.x upgrades when multi-rows range tombstones
      interact with collection ones (CASSANDRA-15805)
    * Rely on snapshotted session infos on StreamResultFuture.maybeComplete
      to avoid race conditions (CASSANDRA-15667)
    * EmptyType doesn't override writeValue so could attempt to write bytes
      when expected not to (CASSANDRA-15790)
    * Fix index queries on partition key columns when some partitions
      contains only static data (CASSANDRA-13666)
    * Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
    * liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if
      IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
    * Fix Debian init start/stop (CASSANDRA-15770)
    * Fix infinite loop on index query paging in tables with clustering
      (CASSANDRA-14242)
    * Fix chunk index overflow due to large sstable with small chunk length
      (CASSANDRA-15595)
    * Allow selecting static column only when querying static index
      (CASSANDRA-14242)
    * cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
    * Don't skip sstables in slice queries based only on local
      min/max/deletion timestamp (CASSANDRA-15690)
    * Memtable memory allocations may deadlock (CASSANDRA-15367)
    * Run evictFromMembership in GossipStage (CASSANDRA-15592)
    * Fix nomenclature of allow and deny lists (CASSANDRA-15862)
    * Remove generated files from source artifact (CASSANDRA-15849)
    * Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
    * Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
    * Disable JMX rebinding (CASSANDRA-15653)
    * Fix writing of snapshot manifest when the table has table-backed
      secondary indexes (CASSANDRA-10968)
    * Fix parse error in cqlsh COPY FROM and formatting for map of blobs
      (CASSANDRA-15679)
    * Fix Commit log replays when static column clustering keys are
      collections (CASSANDRA-14365)
    * Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
    * Allow EXTRA_CLASSPATH to work on tar/source installations
      (CASSANDRA-15567)
    * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
      upgrade and in sstablescrub (CASSANDRA-15035)
    * Fix nodetool compactionstats showing extra pending task for TWCS -
      patch implemented (CASSANDRA-15409)
    * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
    * Fix LegacyLayout to have same behavior as 2.x when handling unknown
      column names (CASSANDRA-15081)
    * Update nodetool help stop output (CASSANDRA-15401)
    * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
    * Include updates to static column in mutation size calculations
      (CASSANDRA-15293)
    * Fix point-in-time recoevery ignoring timestamp of updates to static
      columns (CASSANDRA-15292)
    * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
    * Fix sstabledump's position key value when partitions have multiple rows
      (CASSANDRA-14721)
    * Avoid over-scanning data directories in LogFile.verify()
      (CASSANDRA-15364)
    * Bump generations and document changes to system_distributed and
      system_traces in 3.0, 3.11 (CASSANDRA-15441)
    * Fix system_traces creation timestamp; optimise system keyspace upgrades
      (CASSANDRA-15398)
    * Fix various data directory prefix matching issues (CASSANDRA-13974)
    * Minimize clustering values in metadata collector (CASSANDRA-15400)
    * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
    * validate value sizes in LegacyLayout (CASSANDRA-15373)
    * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by
      default (CASSANDRA-15385)
    * Make sure index summary redistribution does not start when compactions
      are paused (CASSANDRA-15265)
    * Ensure legacy rows have primary key livenessinfo when they contain
      illegal cells (CASSANDRA-15365)
    * Fix race condition when setting bootstrap flags (CASSANDRA-14878)
    * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
    * Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
    * In-JVM DTest: Set correct internode message version for upgrade test
      (CASSANDRA-15371)
    * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
    * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
    * Fix SASI non-literal string comparisons (range operators)
      (CASSANDRA-15169)
    * Make sure user defined compaction transactions are always closed
      (CASSANDRA-15123)
    * Fix cassandra-env.sh to use $CASSANDRA_CONF to find
      cassandra-jaas.config (CASSANDRA-14305)
    * Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
    * Add flag to disable SASI indexes, and warnings on creation
      (CASSANDRA-14866)
    * Add ability to cap max negotiable protocol version (CASSANDRA-15193)
    * Gossip tokens on startup if available (CASSANDRA-15335)
    * Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
    * Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
    * Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when
      upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
    * Fix NPE when using allocate_tokens_for_keyspace on new DC/rack
      (CASSANDRA-14952)
    * Filter sstables earlier when running cleanup (CASSANDRA-15100)
    * Use mean row count instead of mean column count for index selectivity
      calculation (CASSANDRA-15259)
    * Avoid updating unchanged gossip states (CASSANDRA-15097)
    * Prevent recreation of previously dropped columns with a different kind
      (CASSANDRA-14948)
    * Prevent client requests from blocking on executor task queue
      (CASSANDRA-15013)
    * Toughen up column drop/recreate type validations (CASSANDRA-15204)
    * LegacyLayout should handle paging states that cross a collection column
      (CASSANDRA-15201)
    * Prevent RuntimeException when username or password is empty/null
      (CASSANDRA-15198)
    * Multiget thrift query returns null records after digest mismatch
      (CASSANDRA-14812)
    * Skipping illegal legacy cells can break reverse iteration of indexed
      partitions (CASSANDRA-15178)
    * Handle paging states serialized with a different version than the
      session's (CASSANDRA-15176)
    * Throw IOE instead of asserting on unsupporter peer versions
      (CASSANDRA-15066)
    * Update token metadata when handling MOVING/REMOVING_TOKEN events
      (CASSANDRA-15120)
    * Add ability to customize cassandra log directory using
      $CASSANDRA_LOG_DIR (CASSANDRA-15090)
    * Skip cells with illegal column names when reading legacy sstables
      (CASSANDRA-15086)
    * Fix assorted gossip races and add related runtime checks
      (CASSANDRA-15059)
    * Fix mixed mode partition range scans with limit (CASSANDRA-15072)
    * cassandra-stress works with frozen collections: list and set
      (CASSANDRA-14907)
    * Fix handling FS errors on writing and reading flat files -
      LogTransaction and hints (CASSANDRA-15053)
    * Avoid double closing the iterator to avoid overcounting the number of
      requests (CASSANDRA-15058)
    * Improve `nodetool status -r` speed (CASSANDRA-14847)
    * Improve merkle tree size and time on heap (CASSANDRA-14096)
    * Add missing commands to nodetool_completion (CASSANDRA-14916)
    * Anti-compaction temporarily corrupts sstable state for readers
      (CASSANDRA-15004)
    * Catch non-IOException in FileUtils.close to make sure that all
      resources are closed (CASSANDRA-15225)
    * Handle exceptions during authentication/authorization (CASSANDRA-15041)
    * Support cross version messaging in in-jvm upgrade dtests
      (CASSANDRA-15078)
    * Fix index summary redistribution cancellation (CASSANDRA-15045)
    * Fixing invalid CQL in security documentation (CASSANDRA-15020)
    * Allow instance class loaders to be garbage collected for inJVM dtest
      (CASSANDRA-15170)
    * Add support for network topology and query tracing for inJVM dtest
      (CASSANDRA-15319)
    * Correct sstable sorting for garbagecollect and levelled compaction
      (CASSANDRA-14870)
    * Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
    * Add a script to make running the cqlsh tests in cassandra repo easier
      (CASSANDRA-14951)
    * If SizeEstimatesRecorder misses a 'onDropTable' notification, the
      size_estimates table will never be cleared for that table.
      (CASSANDRA-14905)
    * Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters
      (CASSANDRA-14958)
    * Streaming needs to synchronise access to LifecycleTransaction
      (CASSANDRA-14554)
    * Fix cassandra-stress write hang with default options (CASSANDRA-14616)
    * Differentiate between slices and RTs when decoding legacy bounds
      (CASSANDRA-14919)
    * Netty epoll IOExceptions caused by unclean client disconnects being
      logged at INFO (CASSANDRA-14909)
    * Unfiltered.isEmpty conflicts with Row extends
      AbstractCollection.isEmpty (CASSANDRA-14588)
    * RangeTombstoneList doesn't properly clean up mergeable or superseded
      rts in some cases (CASSANDRA-14894)
    * Fix handling of collection tombstones for dropped columns from legacy
      sstables (CASSANDRA-14912)
    * Throw exception if Columns serialized subset encode more columns than
      possible (CASSANDRA-14591)
    * Drop/add column name with different Kind can result in corruption
      (CASSANDRA-14843)
    * Fix missing rows when reading 2.1 SSTables with static columns in 3.0
      (CASSANDRA-14873)
    * Move TWCS message 'No compaction necessary for bucket size' to Trace
      level (CASSANDRA-14884)
    * Sstable min/max metadata can cause data loss (CASSANDRA-14861)
    * Dropped columns can cause reverse sstable iteration to return
      prematurely (CASSANDRA-14838)
    * Legacy sstables with  multi block range tombstones create invalid bound
      sequences (CASSANDRA-14823)
    * Expand range tombstone validation checks to multiple interim request
      stages (CASSANDRA-14824)
    * Reverse order reads can return incomplete results (CASSANDRA-14803)
    * Avoid calling iter.next() in a loop when notifying indexers about range
      tombstones (CASSANDRA-14794)
    * Fix purging semi-expired RT boundaries in reversed iterators
      (CASSANDRA-14672)
    * DESC order reads can fail to return the last Unfiltered in the
      partition (CASSANDRA-14766)
    * Fix corrupted collection deletions for dropped columns in 3.0  2.{1,2}
      messages (CASSANDRA-14568)
    * Fix corrupted static collection deletions in 3.0 2.{1,2} messages
      (CASSANDRA-14568)
    * Handle failures in parallelAllSSTableOperation
      (cleanup/upgradesstables/etc) (CASSANDRA-14657)
    * Improve TokenMetaData cache populating performance avoid long locking
      (CASSANDRA-14660)
    * Backport: Flush netty client messages immediately (not by default)
      (CASSANDRA-13651)
    * Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
    * sstableloader should use discovered broadcast address to connect
      intra-cluster (CASSANDRA-14522)
    * Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
    * Don't enable client transports when bootstrap is pending
      (CASSANDRA-14525)
    * MigrationManager attempts to pull schema from different major version
      nodes (CASSANDRA-14928)
    * Fix incorrect cqlsh results when selecting same columns multiple times
      (CASSANDRA-13262)
    * Returns null instead of NaN or Infinity in JSON strings
      (CASSANDRA-14377)
    * Paged Range Slice queries with DISTINCT can drop rows from results
      (CASSANDRA-14956)
    * Validate supported column type with SASI analyzer (CASSANDRA-13669)
    * Remove BTree.Builder Recycler to reduce memory usage (CASSANDRA-13929)
    * Reduce nodetool GC thread count (CASSANDRA-14475)
    * Fix New SASI view creation during Index Redistribution (CASSANDRA-14055)
    * Remove string formatting lines from BufferPool hot path
      (CASSANDRA-14416)
    * Update metrics to 3.1.5 (CASSANDRA-12924)
    * Detect OpenJDK jvm type and architecture (CASSANDRA-12793)
    * Don't use guava collections in the non-system keyspace jmx attributes
      (CASSANDRA-12271)
    * Allow existing nodes to use all peers in shadow round (CASSANDRA-13851)
    * Fix cqlsh to read connection.ssl cqlshrc option again (CASSANDRA-14299)
    * Downgrade log level to trace for CommitLogSegmentManager
      (CASSANDRA-14370)
    * CQL fromJson(null) throws NullPointerException (CASSANDRA-13891)
    * Serialize empty buffer as empty string for json output format
      (CASSANDRA-14245)
    * Allow logging implementation to be interchanged for embedded testing
      (CASSANDRA-13396)
    * SASI tokenizer for simple delimiter based entries (CASSANDRA-14247)
    * Fix Loss of digits when doing CAST from varint/bigint to decimal
      (CASSANDRA-14170)
    * RateBasedBackPressure unnecessarily invokes a lock on the Guava
      RateLimiter (CASSANDRA-14163)
    * Fix wildcard GROUP BY queries (CASSANDRA-14209)
    * Fix corrupted static collection deletions in 3.0 -> 2.{1,2} messages
      (CASSANDRA-14568)
    * Fix potential IndexOutOfBoundsException with counters (CASSANDRA-14167)
    * Always close RT markers returned by ReadCommand#executeLocally()
      (CASSANDRA-14515)
    * Reverse order queries with range tombstones can cause data loss
      (CASSANDRA-14513)
    * Fix regression of lagging commitlog flush log message (CASSANDRA-14451)
    * Add Missing dependencies in pom-all (CASSANDRA-14422)
    * Cleanup StartupClusterConnectivityChecker and PING Verb
      (CASSANDRA-14447)
    * Fix deprecated repair error notifications from 3.x clusters to legacy
      JMX clients (CASSANDRA-13121)
    * Cassandra not starting when using enhanced startup scripts in windows
      (CASSANDRA-14418)
    * Fix progress stats and units in compactionstats (CASSANDRA-12244)
    * Better handle missing partition columns in system_schema.columns
      (CASSANDRA-14379)
    * Delay hints store excise by write timeout to avoid race with
      decommission (CASSANDRA-13740)
    * Deprecate background repair and probablistic read_repair_chance table
      options (CASSANDRA-13910)
    * Add missed CQL keywords to documentation (CASSANDRA-14359)
    * Fix unbounded validation compactions on repair / revert CASSANDRA-13797
      (CASSANDRA-14332)
    * Avoid deadlock when running nodetool refresh before node is fully up
      (CASSANDRA-14310)
    * Handle all exceptions when opening sstables (CASSANDRA-14202)
    * Handle incompletely written hint descriptors during startup
      (CASSANDRA-14080)
    * Handle repeat open bound from SRP in read repair (CASSANDRA-14330)
    * Respect max hint window when hinting for LWT (CASSANDRA-14215)
    * Adding missing WriteType enum values to v3, v4, and v5 spec
      (CASSANDRA-13697)
    * Don't regenerate bloomfilter and summaries on startup (CASSANDRA-11163)
    * Fix NPE when performing comparison against a null frozen in LWT
      (CASSANDRA-14087)
    * Log when SSTables are deleted (CASSANDRA-14302)
    * Fix batch commitlog sync regression (CASSANDRA-14292)
    * Write to pending endpoint when view replica is also base replica
      (CASSANDRA-14251)
    * Chain commit log marker potential performance regression in batch
      commit mode (CASSANDRA-14194)
    * Fully utilise specified compaction threads (CASSANDRA-14210)
    * Pre-create deletion log records to finish compactions quicker
      (CASSANDRA-12763)
    * Fix bug that prevented compaction of SSTables after full repairs
      (CASSANDRA-14423)
    * Incorrect counting of pending messages in OutboundTcpConnection
      (CASSANDRA-11551)
    * Fix compaction failure caused by reading un-flushed data
      (CASSANDRA-12743)
    * Use Bounds instead of Range for sstables in anticompaction
      (CASSANDRA-14411)
    * Fix JSON queries with IN restrictions and ORDER BY clause
      (CASSANDRA-14286)
    * Backport circleci yaml (CASSANDRA-14240)
    * Check checksum before decompressing data (CASSANDRA-14284)
    * CVE-2017-5929 Security vulnerability in Logback warning in NEWS.txt
      (CASSANDRA-14183)
   - Use %license macro

   Changes in cassandra-kit:
   - Update to Cassandra 3.11.10 (bsc#1181689, CVE-2020-17516)

   Changes in crowbar-core:
   - Update to version 5.0+git.1622489449.a8e60e238:
     * avoid v4.1.5 of delayed_job_active_record (noref)
     * add CVE-2020-26247 to travis ignore list (bsc#1180507)

   Changes in crowbar-openstack:
   - Update to version 5.0+git.1616001417.67fd9c2a1:
     * monasca: restart Kibana on update (bsc#1044849)

   - Update to version 5.0+git.1615542070.7841c34b7:
     * monasca: fix monasca-server reinstall state check (SOC-11471)

   Changes in documentation-suse-openstack-cloud:
   - Update to version 8.20210512:
     * Moved Monasca deployment to immediately after keystone (SOC-11525)
       (#1312)

   - Update to version 8.20210511:
     * Update the correct SLES version to suse-12.3 (SOC-11521) (#1321)
     * Renamed the repo name from SLE12-SP3-HA to SLE-HA12-SP3 (SOC-11523)
       (#1320)

   - Update to version 8.20210511:
     * Add bm-power-status playbook to add sles compute section (#1317)

   - Update to version 8.20210507:
     * Add instructions for checking MySQL cert expiry (SOC-11422) (#1311)

   - Update to version 8.20210304:
     * Add nova and heat db purge cron jobs to maintenance section (SOC-9876)
       (#1307)

   Changes in grafana:
   - Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
     * Prevent unauthenticated remote attackers from causing a DoS through
       the snapshots API.

   Changes in kibana:
   - Ensure /etc/sysconfig/kibana is present

   - Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14,
     ESA-2017-16)
     * [4.6] ignore forked code for babel transpile build phase (#13483)
     * Allow more than match queries in custom filters (#8614) (#10857)
     * [state] don't make extra $location.replace() calls (#9954)
     * [optimizer] move to querystring-browser package for up-to-date api
     * [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
     * server: refactor log_interceptor to be more DRY (#9617)
     * server: downgrade ECANCELED logs to debug (#9616)
     * server: do not treat logged warnings as errors (#8746) (#9610)
     * [server/logger] downgrade EPIPE errors to debug level (#9023)
     * Add basepath when redirecting from a trailling slash (#9035)
     * [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
     * [server/shortUrl] validate urls before shortening them
   - Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
     * This fixes an XSS vulnerability in URL fields
   - Remove %dir declaration from /opt/kibana/optimize to ensure no files
     owned by root end up in there
   - Exclude /opt/kibana/optimize from %fdupes
   - Restart service on upgrade
   - Do not copy LICENSE.txt and README.txt to /opt/kibana
   - Fix rpmlint warnings/errors
   - Switch to explicit patch application
   - Fix source URL
   - Fix logic for systemd/systemv detection

   Changes in openstack-heat-templates:
   - Update to version 0.0.0+git.1623056900.7917e18:
     * Fix zuul config for heat-templates-check

   - Update to version 0.0.0+git.1621405516.71a0f7a:
     * Remove testr

   Changes in openstack-monasca-installer:
   - Add 0001-fix-influxdb-stop-task.patch (SOC-11470)
   - Add 0001-fix-cassandra-deployment.patch (SOC-11470)

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev92:
     * Lowercase ironic driver hash ring and ignore case in cache
     * Include only required fields in ironic node cache
     * Add resource\_class to fields in ironic node cache

   - Update to version nova-16.1.9.dev86:
     * [stable-only] Move grenade jobs to experimental
     * Update resources once in update\_available\_resource
     * rt: Make resource tracker always invoking get\_inventory()

   - Update to version nova-16.1.9.dev81:
     * [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook

   - Update to version nova-16.1.9.dev80:
     * [placement] Add status and links fields to version document at /

   Changes in openstack-nova:
   - Update to version nova-16.1.9.dev92:
     * Lowercase ironic driver hash ring and ignore case in cache
     * Include only required fields in ironic node cache
     * Add resource\_class to fields in ironic node cache

   - Update to version nova-16.1.9.dev86:
     * [stable-only] Move grenade jobs to experimental
     * Update resources once in update\_available\_resource
     * rt: Make resource tracker always invoking get\_inventory()

   - Update to version nova-16.1.9.dev81:
     * [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook

   - Update to version nova-16.1.9.dev80:
     * [placement] Add status and links fields to version document at /

   Changes in python-Django:
   - Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
       * Fixed potential path-traversal via admindocs' TemplateDetailView.
   - Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
       * Prevented leading zeros in IPv4 addresses.

   - Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
       * Fixed CVE-2021-31542 -- Tightened path and file name sanitation in
         file uploads.

   - Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
     * Fixed potential directory-traversal via uploaded files

   - Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
     * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()

   Changes in python-eventlet:
   - Add 0001-websocket-fd-leak-when-client-did-not-close-connecti.patch
   - Add 0002-websocket-Limit-maximum-uncompressed-frame-length-to.patch
     (bsc#1185836 CVE-2021-21419)
       * websocket: Limit maximum uncompressed frame length to 8MiB

   Changes in python-py:
   - Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
     * svnwc: fix regular expression vulnerable to DoS in blame functionality

   Changes in python-pysaml2:
   - Add %dir declaration for %{_licensedir}

   - Fix CVE-2021-21238, bsc#1181277 with 0004-Strengthen-XSW-tests.patch ,
     0005-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
     0006-Add-xsd-schemas.patch ,
     0007-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch . This adds a
     dependency on python-xmlschema, which depends on python-elementpath and
     build depends python-pathlib2, which depends on python-scandir, thus all
     these need to be added for this to work. The used python-xmlschema needs
     to support the sandbox argument which was added in 1.2.0 and refined in
     1.2.1, but that version doesn't support python2, so a patched version
     that does both is needed.
     0009-Make-previous-commits-python2-compatible.patch to not add a
     dependency on reportlib_resources and make other changes python2
     compatible.
   - Fix CVE-2021-21239, bsc#1181278 with
     0008-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch

   Changes in venv-openstack-keystone:
   - Add python-xmlschema and python-elementpath for new python-pysaml2
     version.

   Changes in python-xmlschema:

   - Add missed BuildRequires on pathlib2

   - Add 3 patches to backport sandbox argument, which is needed by a
     security fix in python-pysaml2 and one patch to make backport python2
     compatible.
   - Upstream url changed
   - Add rpmlintrc to make it work on Leap 42.3
   - Update to 1.0.18:
     * Fix for *ModelVisitor.iter_unordered_content()*
     * Fixed default converter, AbderaConverter and JsonMLConverter for
       xs:anyType decode
     * Fixed validation tests with all converters
     * Added UnorderedConverter to validation tests
   - Update to 1.0.17:
     * Enhancement of validation-only speed (~15%)
     * Added *is_valid()* and *iter_errors()* to module API
   - Update to 1.0.16:
     * Improved XMLResource class for working with compressed files
     * Fix for validation with XSD wildcards and 'lax' process content
     * Fix ambiguous items validation for xs:choice and xs:sequence models

   - Handle UnicodeDecodeErrors during build process

   - Update to 1.0.15:
     * Improved XPath 2.0 bindings
     * Added logging for schema initialization and building (handled with
       argument loglevel)
     * Update encoding of collapsed contents with a new model based
       reordering method
     * Removed XLink namespace from meta-schema (loaded from a fallback
       location like XHTML)
     * Fixed half of failed W3C instance tests (remain 255 over 15344 tests)

   - Initial commit, needed by pytest 5.1.2

   Changes in python-elementpath:

   - Update to 1.3.1:
     * Improved schema proxy
     * Improved XSD type matching using paths
     * Cached parent path for XPathContext (only Python 3)
     * Improve typed selection with TypedAttribute and TypedElement
       named-tuples
     * Add iter_results to XPathContext
     * Remove XMLSchemaProxy from package
     * Fix descendant shortcut operator '//'
     * Fix text() function
     * Fix typed select of '(name)' token
     * Fix 24-hour time for DateTime

   - Skip test_hashing to fix 32bit builds

   - Initial commit needed by python-xmlschema

   Changes in python-six:
   - Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)

   - Fix testsuite on SLE-12
     + Add python to BuildRequires for suse_version less 1500

   - Fix dbm deps as the MU for provides: python-dbm was not released
     on sle12 yet
   - Add requirement on pytest > 4.0 to see the pytest module works with this
     MU

   - Do not cause buildcycle with previous change but rather install the
     egg-info prepared metadata from the tarball

   - use setuptools for building to support pip 10.x (bsc#1166139)

   - update to 1.14.0
    * Add `six.assertNotRegex`
    * `six.moves._dummy_thread` now points to the `_thread` module on Python
      3.9+. Python 3.7 and later requires threading and deprecated the
      `_dummy_thread` module
    * Remove support for Python 2.6 and Python 3.2
    * `six.wraps` now ignores missing attributes

   - Pull in dbm/gdbm module from python for testing

   - update to 0.13.0:
     - Issue #298, pull request #299: Add `six.moves.dbm_ndbm`.
     - Issue #155: Add `six.moves.collections_abc`, which aliases the
       `collections` module on Python 2-3.2 and the `collections.abc` on
       Python 3.3 and greater.
     - Pull request #304: Re-add distutils fallback in `setup.py`.
     - Pull request #305: On Python 3.7, `with_metaclass` supports classes
       using PEP

   - Simplify the pytest call

   - Fix pytest call
   - Fixdocumentation package generating

   - Change %pretrans back to %pre to fix bootstrap issue boo#1123064
     bsc#1143893

   - Require just base python module, even full python is too much and it is
     not required here

   - Update to 0.12.0:
       * `six.add_metaclass` now preserves `__qualname__` from the
         original class.
       * Add `six.ensure_binary`, `six.ensure_text`, and `six.ensure_str`.
   - Because of cyclical dependencies between six and Sphinx, we need to to
     do multibuild.

   - Include in SLE-12 (FATE#326838, bsc#1113302)

   - remove egg-info directory in %pretrans
   - fix egg-info directory pattern
   - match any version of egg-info for a certain python version

   - Break the cycilical dependency on python-setuptools.

   - Remove argparse dependency

   - build python3 subpackage (FATE#324435, bsc#1073879)

   - remove egg-info directory before installation if it exists, because
     setuptools produce directory and six switched to distutils that produce
     a file (and because rpm can't handle that by itself) fixes bsc#1057496

   - Fix Source url

   - README->README.rst, add CHANGES
   - update to version 1.11.0:
     * Pull request #178: `with_metaclass` now properly proxies `__prepare__`
       to the underlying metaclass.
     * Pull request #191: Allow `with_metaclass` to work with metaclasses
       implemented in C.
     * Pull request #203: Add parse_http_list and parse_keqv_list to moved
       urllib.request.
     * Pull request #172 and issue #171: Add unquote_to_bytes to moved
       urllib.parse.
     * Pull request #167: Add `six.moves.getoutput`.
     * Pull request #80: Add `six.moves.urllib_parse.splitvalue`.
     * Pull request #75: Add `six.moves.email_mime_image`.
     * Pull request #72: Avoid creating reference cycles through tracebacks
       in `reraise`.

   - Submit 1.9.0 to SLE-12 (fate#319030, fate#318838, bsc#940812)

   - sanitize release line in specfile

   Changes in
   rubygem-activerecord-session_store.SUSE_SLE-12-SP4_Update_Products_Cloud9_U
   pdate:
   - added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
     * This requires CVE-2019-16782.patch to be included in
       rubygem-actionpack-4_2 to work correctly.

   Changes in venv-openstack-keystone:
   - Add python-xmlschema and python-elementpath for new python-pysaml2
     version.

   - Add python-defusedxml (bsc#1019074)

   - Inherit version number of venv from main component (SCRD-8523)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2554=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2554=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2021-2554=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      crowbar-openstack-5.0+git.1616001417.67fd9c2a1-4.52.5
      documentation-suse-openstack-cloud-deployment-8.20210512-1.32.5
      documentation-suse-openstack-cloud-supplement-8.20210512-1.32.5
      documentation-suse-openstack-cloud-upstream-admin-8.20210512-1.32.5
      documentation-suse-openstack-cloud-upstream-user-8.20210512-1.32.5
      openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
      openstack-monasca-installer-20190923_16.32-3.18.2
      openstack-nova-16.1.9~dev92-3.48.5
      openstack-nova-api-16.1.9~dev92-3.48.5
      openstack-nova-cells-16.1.9~dev92-3.48.5
      openstack-nova-compute-16.1.9~dev92-3.48.5
      openstack-nova-conductor-16.1.9~dev92-3.48.5
      openstack-nova-console-16.1.9~dev92-3.48.5
      openstack-nova-consoleauth-16.1.9~dev92-3.48.5
      openstack-nova-doc-16.1.9~dev92-3.48.5
      openstack-nova-novncproxy-16.1.9~dev92-3.48.5
      openstack-nova-placement-api-16.1.9~dev92-3.48.5
      openstack-nova-scheduler-16.1.9~dev92-3.48.5
      openstack-nova-serialproxy-16.1.9~dev92-3.48.5
      openstack-nova-vncproxy-16.1.9~dev92-3.48.5
      python-Django-1.11.29-3.25.3
      python-elementpath-1.3.1-1.3.2
      python-eventlet-0.20.0-6.3.3
      python-nova-16.1.9~dev92-3.48.5
      python-py-1.4.34-3.3.3
      python-pysaml2-4.0.2-5.9.2
      python-xmlschema-1.0.18-1.3.3

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      cassandra-3.11.10-5.3.5
      cassandra-debuginfo-3.11.10-5.3.5
      cassandra-debugsource-3.11.10-5.3.5
      cassandra-tools-3.11.10-5.3.5
      crowbar-core-5.0+git.1622489449.a8e60e238-3.50.4
      crowbar-core-branding-upstream-5.0+git.1622489449.a8e60e238-3.50.4
      grafana-6.7.4-4.18.2
      grafana-debuginfo-6.7.4-4.18.2
      kibana-4.6.6-3.9.2
      kibana-debuginfo-4.6.6-3.9.2
      ruby2.1-rubygem-activerecord-session_store-0.1.2-3.3.2

   - SUSE OpenStack Cloud 8 (x86_64):

      cassandra-3.11.10-5.3.5
      cassandra-debuginfo-3.11.10-5.3.5
      cassandra-debugsource-3.11.10-5.3.5
      cassandra-tools-3.11.10-5.3.5
      grafana-6.7.4-4.18.2
      grafana-debuginfo-6.7.4-4.18.2
      kibana-4.6.6-3.9.2
      kibana-debuginfo-4.6.6-3.9.2

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-cobbler-8.0+git.1614096566.e8c2b27-3.44.3
      documentation-suse-openstack-cloud-installation-8.20210512-1.32.5
      documentation-suse-openstack-cloud-operations-8.20210512-1.32.5
      documentation-suse-openstack-cloud-opsconsole-8.20210512-1.32.5
      documentation-suse-openstack-cloud-planning-8.20210512-1.32.5
      documentation-suse-openstack-cloud-security-8.20210512-1.32.5
      documentation-suse-openstack-cloud-supplement-8.20210512-1.32.5
      documentation-suse-openstack-cloud-upstream-admin-8.20210512-1.32.5
      documentation-suse-openstack-cloud-upstream-user-8.20210512-1.32.5
      documentation-suse-openstack-cloud-user-8.20210512-1.32.5
      openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
      openstack-monasca-installer-20190923_16.32-3.18.2
      openstack-nova-16.1.9~dev92-3.48.5
      openstack-nova-api-16.1.9~dev92-3.48.5
      openstack-nova-cells-16.1.9~dev92-3.48.5
      openstack-nova-compute-16.1.9~dev92-3.48.5
      openstack-nova-conductor-16.1.9~dev92-3.48.5
      openstack-nova-console-16.1.9~dev92-3.48.5
      openstack-nova-consoleauth-16.1.9~dev92-3.48.5
      openstack-nova-doc-16.1.9~dev92-3.48.5
      openstack-nova-novncproxy-16.1.9~dev92-3.48.5
      openstack-nova-placement-api-16.1.9~dev92-3.48.5
      openstack-nova-scheduler-16.1.9~dev92-3.48.5
      openstack-nova-serialproxy-16.1.9~dev92-3.48.5
      openstack-nova-vncproxy-16.1.9~dev92-3.48.5
      python-Django-1.11.29-3.25.3
      python-elementpath-1.3.1-1.3.2
      python-eventlet-0.20.0-6.3.3
      python-nova-16.1.9~dev92-3.48.5
      python-py-1.4.34-3.3.3
      python-pysaml2-4.0.2-5.9.2
      python-xmlschema-1.0.18-1.3.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.32.3
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.33.3
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.30.3
      venv-openstack-cinder-x86_64-11.2.3~dev29-14.34.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.31.3
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.28.3
      venv-openstack-glance-x86_64-15.0.3~dev3-12.31.3
      venv-openstack-heat-x86_64-9.0.8~dev22-12.33.2
      venv-openstack-horizon-x86_64-12.0.5~dev6-14.36.6
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.33.3
      venv-openstack-keystone-x86_64-12.0.4~dev11-11.35.3
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.32.2
      venv-openstack-manila-x86_64-5.1.1~dev5-12.37.3
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.28.3
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.28.3
      venv-openstack-murano-x86_64-4.0.2~dev2-12.28.3
      venv-openstack-neutron-x86_64-11.0.9~dev69-13.38.3
      venv-openstack-nova-x86_64-16.1.9~dev92-11.36.3
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.33.3
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.32.3
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.23.3
      venv-openstack-trove-x86_64-8.0.2~dev2-11.32.3

   - HPE Helion Openstack 8 (noarch):

      ardana-cobbler-8.0+git.1614096566.e8c2b27-3.44.3
      documentation-hpe-helion-openstack-installation-8.20210512-1.32.5
      documentation-hpe-helion-openstack-operations-8.20210512-1.32.5
      documentation-hpe-helion-openstack-opsconsole-8.20210512-1.32.5
      documentation-hpe-helion-openstack-planning-8.20210512-1.32.5
      documentation-hpe-helion-openstack-security-8.20210512-1.32.5
      documentation-hpe-helion-openstack-user-8.20210512-1.32.5
      openstack-heat-templates-0.0.0+git.1623056900.7917e18-3.21.3
      openstack-monasca-installer-20190923_16.32-3.18.2
      openstack-nova-16.1.9~dev92-3.48.5
      openstack-nova-api-16.1.9~dev92-3.48.5
      openstack-nova-cells-16.1.9~dev92-3.48.5
      openstack-nova-compute-16.1.9~dev92-3.48.5
      openstack-nova-conductor-16.1.9~dev92-3.48.5
      openstack-nova-console-16.1.9~dev92-3.48.5
      openstack-nova-consoleauth-16.1.9~dev92-3.48.5
      openstack-nova-doc-16.1.9~dev92-3.48.5
      openstack-nova-novncproxy-16.1.9~dev92-3.48.5
      openstack-nova-placement-api-16.1.9~dev92-3.48.5
      openstack-nova-scheduler-16.1.9~dev92-3.48.5
      openstack-nova-serialproxy-16.1.9~dev92-3.48.5
      openstack-nova-vncproxy-16.1.9~dev92-3.48.5
      python-Django-1.11.29-3.25.3
      python-elementpath-1.3.1-1.3.2
      python-eventlet-0.20.0-6.3.3
      python-nova-16.1.9~dev92-3.48.5
      python-py-1.4.34-3.3.3
      python-pysaml2-4.0.2-5.9.2
      python-xmlschema-1.0.18-1.3.3
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.32.3
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.33.3
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.30.3
      venv-openstack-cinder-x86_64-11.2.3~dev29-14.34.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.31.3
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.28.3
      venv-openstack-glance-x86_64-15.0.3~dev3-12.31.3
      venv-openstack-heat-x86_64-9.0.8~dev22-12.33.2
      venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.36.3
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.33.3
      venv-openstack-keystone-x86_64-12.0.4~dev11-11.35.3
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.32.2
      venv-openstack-manila-x86_64-5.1.1~dev5-12.37.3
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.28.3
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.28.3
      venv-openstack-murano-x86_64-4.0.2~dev2-12.28.3
      venv-openstack-neutron-x86_64-11.0.9~dev69-13.38.3
      venv-openstack-nova-x86_64-16.1.9~dev92-11.36.3
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.33.3
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.32.3
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.23.3
      venv-openstack-trove-x86_64-8.0.2~dev2-11.32.3

   - HPE Helion Openstack 8 (x86_64):

      cassandra-3.11.10-5.3.5
      cassandra-debuginfo-3.11.10-5.3.5
      cassandra-debugsource-3.11.10-5.3.5
      cassandra-tools-3.11.10-5.3.5
      grafana-6.7.4-4.18.2
      grafana-debuginfo-6.7.4-4.18.2
      kibana-4.6.6-3.9.2
      kibana-debuginfo-4.6.6-3.9.2


References:

   https://www.suse.com/security/cve/CVE-2017-11481.html
   https://www.suse.com/security/cve/CVE-2017-11499.html
   https://www.suse.com/security/cve/CVE-2017-5929.html
   https://www.suse.com/security/cve/CVE-2019-25025.html
   https://www.suse.com/security/cve/CVE-2020-17516.html
   https://www.suse.com/security/cve/CVE-2020-26247.html
   https://www.suse.com/security/cve/CVE-2020-29651.html
   https://www.suse.com/security/cve/CVE-2021-21238.html
   https://www.suse.com/security/cve/CVE-2021-21239.html
   https://www.suse.com/security/cve/CVE-2021-21419.html
   https://www.suse.com/security/cve/CVE-2021-23336.html
   https://www.suse.com/security/cve/CVE-2021-27358.html
   https://www.suse.com/security/cve/CVE-2021-28658.html
   https://www.suse.com/security/cve/CVE-2021-31542.html
   https://www.suse.com/security/cve/CVE-2021-33203.html
   https://www.suse.com/security/cve/CVE-2021-33571.html
   https://bugzilla.suse.com/1019074
   https://bugzilla.suse.com/1044849
   https://bugzilla.suse.com/1057496
   https://bugzilla.suse.com/1073879
   https://bugzilla.suse.com/1113302
   https://bugzilla.suse.com/1123064
   https://bugzilla.suse.com/1143893
   https://bugzilla.suse.com/1166139
   https://bugzilla.suse.com/1176784
   https://bugzilla.suse.com/1179805
   https://bugzilla.suse.com/1180507
   https://bugzilla.suse.com/1181277
   https://bugzilla.suse.com/1181278
   https://bugzilla.suse.com/1181689
   https://bugzilla.suse.com/1181828
   https://bugzilla.suse.com/1182433
   https://bugzilla.suse.com/1183174
   https://bugzilla.suse.com/1183803
   https://bugzilla.suse.com/1184148
   https://bugzilla.suse.com/1185623
   https://bugzilla.suse.com/1185836
   https://bugzilla.suse.com/1186608
   https://bugzilla.suse.com/1186611
   https://bugzilla.suse.com/940812



More information about the sle-security-updates mailing list