SUSE-SU-2021:1962-1: moderate: Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Jun 11 16:25:56 UTC 2021


   SUSE Security Update: Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:1962-1
Rating:             moderate
References:         #1044849 #1048688 #1115960 #1148383 #1170657 
                    #1171909 #1172409 #1172450 #1174583 #1178243 
                    #1179805 #1181277 #1181278 #1181689 #1181690 
                    #1182317 #1182433 #1183174 #1183803 #1184148 
                    #1185623 #1186608 #1186611 SOC-10357 SOC-11453 
                    
Cross-References:   CVE-2017-11481 CVE-2017-11499 CVE-2018-18623
                    CVE-2018-18624 CVE-2018-18625 CVE-2018-19039
                    CVE-2019-15043 CVE-2019-25025 CVE-2020-10743
                    CVE-2020-11110 CVE-2020-12052 CVE-2020-13379
                    CVE-2020-17516 CVE-2020-24303 CVE-2020-29651
                    CVE-2021-21238 CVE-2021-21239 CVE-2021-23336
                    CVE-2021-27358 CVE-2021-28658 CVE-2021-31542
                    CVE-2021-33203 CVE-2021-33571
CVSS scores:
                    CVE-2017-11481 (NVD) : 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2017-11481 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
                    CVE-2017-11499 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2017-11499 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2018-18623 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-18623 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-18624 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-18624 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-18625 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-18625 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2018-19039 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2018-19039 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2019-15043 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2019-15043 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
                    CVE-2019-25025 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-25025 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-10743 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
                    CVE-2020-10743 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
                    CVE-2020-11110 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-11110 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-12052 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-12052 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
                    CVE-2020-13379 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
                    CVE-2020-13379 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17516 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-24303 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-24303 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-29651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-29651 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2021-21238 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21238 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21239 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-21239 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
                    CVE-2021-23336 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
                    CVE-2021-23336 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
                    CVE-2021-27358 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-27358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-28658 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-28658 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2021-31542 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-31542 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-33571 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE OpenStack Cloud Crowbar 9
                    SUSE OpenStack Cloud 9
______________________________________________________________________________

   An update that fixes 23 vulnerabilities, contains two
   features is now available.

Description:

   This update for ardana-neutron, ardana-swift, cassandra,
   crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic,
   openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1,
   python-py, python-pysaml2, python-xmlschema,
   rubygem-activerecord-session_store, venv-openstack-keystone contains the
   following fixes:

   Security fixes included in this update:

   cassandra:
   - CVE-2020-17516: Fixed an issue where encryption between nodes was not
     enforced correctly for certain internode_encryption settings
     (bsc#1181689)

   grafana:
   - CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple cross
     site scripting vulnerabilities in the dashboard. (bsc#1172450)
   - CVE-2021-27358: Fixed a denial of service via remote API call.
     (bsc#1183803)
   - CVE-2019-15043: Fixed a denial of service by an unauthenticated user in
     the snapshot HTTP API (bsc#1148383)
   - CVE-2020-13379: Fixed an information leak to unauthenticated users.
     (bsc#1172409)
   - CVE-2020-12052: Fixed a cross site scripting vulnerability with the
     annotation popup (bsc#1170657)
   - CVE-2018-19039: Fixed an issue where a privileged user could exfiltrate
     files (bsc#1115960)
   - CVE-2020-11110: Fixed a stored cross site scripting vulnerability.
     (bsc#1174583)
   - CVE-2020-24303: Fixed a cross site scripting vulnerability in a query
     alias for ElasticSearch datasources (bsc#1178243)

   kibana:
   - CVE-2017-11499: Fixed a vulnerability in nodejs, related to the
     HashTable implementation, which could cause a denial of service.
     (bsc#1044849)
   - CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL
     fields. (bsc#1044849)
   - CVE-2020-10743: Fixed a clickjacking issue because X-Frame-Option was
     not used by default. (bsc#1171909)

   python-Django:
   - CVE-2021-23336: Fixed a web cache poisoning via
     django.utils.http.limited_parse_qsl(). (bsc#1182433)
   - CVE-2021-28658: Fixed a directory traversal via uploaded files.
     (bsc#1184148)
   - CVE-2021-31542: Fixed a directory traversal via uploaded files with
     suitably crafted file names. (bsc#1185623)
   - CVE-2021-33203: Fixed potential path-traversal via admindocs'
     TemplateDetailView. (bsc#1186608)
   - CVE-2021-33571: Tighten validator checks to not allow leading zeros in
     IPv4 addresses, which potentially leads to further attacks. (bsc#1186611)

   python-py:
   - CVE-2020-29651: Fixed a denial of service via regular expressions.
     (bsc#1179805)

   python-pysaml2:
   - CVE-2021-21238: Fixed improper verification of cryptographic signatures
     for signed SAML documents. (bsc#1181277)
   - CVE-2021-21239: Fixed improper verification of cryptographic signatures
     when using CryptoBackendXmlSec1(). (bsc#1181278)

   rubygem-activerecord-session_store:
   - CVE-2019-25025: Fixed a timing attacks targeting the session id which
     could allow an attack to hijack sessions. (bsc#1183174)


   Non-security changes included in this update:

   Changes in ardana-neutron:
   - Update to version 9.0+git.1615223676.777f0b3:
     * Allow users to stop monitoring rootwrap daemon (bsc#1182317)

   Changes in ardana-swift:
   - Update to version 9.0+git.1618235096.90974ed:
     * Run swiftlm-scan in the UTC timezone (bsc#1181690)

   Changes in cassandra:
   - update to 3.11.10 (bsc#1181689, CVE-2020-17516)
    * Fix digest computation for queries with fetched but non queried columns
      (CASSANDRA-15962)
    * Reduce amount of allocations during batch statement execution
      (CASSANDRA-16201)
    * Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
    * Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
    * Rate limit validation compactions using
      compaction_throughput_mb_per_sec (CASSANDRA-16161)
    * SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert
      to default of 1GB (CASSANDRA-16071)
    * Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
    * Improve empty hint file handling during startup (CASSANDRA-16162)
    * Allow empty string in collections with COPY FROM in cqlsh
      (CASSANDRA-16372)
    * Fix skipping on pre-3.0 created compact storage sstables due to missing
      primary key liveness (CASSANDRA-16226)
    * Extend the exclusion of replica filtering protection to other indices
      instead of just SASI (CASSANDRA-16311)
    * Synchronize transaction logs for JBOD (CASSANDRA-16225)
    * Fix the counting of cells per partition (CASSANDRA-16259)
    * Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
    * Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
    * Improved check of num_tokens against the length of initial_token
      (CASSANDRA-14477)
    * Fix a race condition on ColumnFamilyStore and TableMetrics
      (CASSANDRA-16228)
    * Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
    * Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
    * Prevent invoking enable/disable gossip when not in NORMAL
      (CASSANDRA-16146)
    * Wait for schema agreement when bootstrapping (CASSANDRA-15158)
    * Fix the histogram merge of the table metrics (CASSANDRA-16259)
    * Synchronize Keyspace instance store/clear (CASSANDRA-16210)
    * Fix ColumnFilter to avoid querying cells of unselected complex columns
      (CASSANDRA-15977)
    * Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
    * Don't attempt value skipping with mixed version cluster
      (CASSANDRA-15833)
    * Avoid failing compactions with very large partitions (CASSANDRA-15164)
    * Make sure LCS handles duplicate sstable added/removed notifications
      correctly (CASSANDRA-14103)
    * Fix OOM when terminating repair session (CASSANDRA-15902)
    * Avoid marking shutting down nodes as up after receiving gossip shutdown
      message (CASSANDRA-16094)
    * Check SSTables for latest version before dropping compact storage
      (CASSANDRA-16063)
    * Handle unexpected columns due to schema races (CASSANDRA-15899)
    * Add flag to ignore unreplicated keyspaces during repair
      (CASSANDRA-15160)
    * Package tools/bin scripts as executable (CASSANDRA-16151)
    * Fixed a NullPointerException when calling nodetool enablethrift
      (CASSANDRA-16127)
    * Correctly interpret SASI's `max_compaction_flush_memory_in_mb` setting
      in megabytes not bytes (CASSANDRA-16071)
    * Fix short read protection for GROUP BY queries (CASSANDRA-15459)
    * Frozen RawTuple is not annotated with frozen in the toString method
      (CASSANDRA-15857) Merged from 3.0:
    * Use IF NOT EXISTS for index and UDT create statements in snapshot
      schema files (CASSANDRA-13935)
    * Fix gossip shutdown order (CASSANDRA-15816)
    * Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
    * Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
    * Operational improvements and hardening for replica filtering protection
      (CASSANDRA-15907)
    * stop_paranoid disk failure policy is ignored on CorruptSSTableException
      after node is up (CASSANDRA-15191)
    * Forbid altering UDTs used in partition keys (CASSANDRA-15933)
    * Fix empty/null json string representation (CASSANDRA-15896)
    * 3.x fails to start if commit log has range tombstones from a column
      which is also deleted (CASSANDRA-15970)
    * Handle difference in timestamp precision between java8 and java11 in
      LogFIle.java (CASSANDRA-16050) Merged from 2.2:
    * Fix CQL parsing of collections when the column type is reversed
      (CASSANDRA-15814)
    * Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
    * Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
    * Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
    * Fix CQL formatting of read command restrictions for slow query log
      (CASSANDRA-15503)
    * Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
    * Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
    * Avoid hinted handoff per-host throttle being arounded to 0 in large
      cluster (CASSANDRA-15859)
    * Avoid emitting empty range tombstones from RangeTombstoneList
      (CASSANDRA-15924)
    * Avoid thread starvation, and improve compare-and-swap performance, in
      the slab allocators (CASSANDRA-15922)
    * Add token to tombstone warning and error messages (CASSANDRA-15890)
    * Fixed range read concurrency factor computation and capped as 10 times
      tpc cores (CASSANDRA-15752)
    * Catch exception on bootstrap resume and init native transport
      (CASSANDRA-15863)
    * Fix replica-side filtering returning stale data with CL > ONE
      (CASSANDRA-8272, CASSANDRA-8273)
    * Fix duplicated row on 2.x upgrades when multi-rows range tombstones
      interact with collection ones (CASSANDRA-15805)
    * Rely on snapshotted session infos on StreamResultFuture.maybeComplete
      to avoid race conditions (CASSANDRA-15667)
    * EmptyType doesn't override writeValue so could attempt to write bytes
      when expected not to (CASSANDRA-15790)
    * Fix index queries on partition key columns when some partitions
      contains only static data (CASSANDRA-13666)
    * Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
    * liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if
      IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
    * Fix Debian init start/stop (CASSANDRA-15770)
    * Fix infinite loop on index query paging in tables with clustering
      (CASSANDRA-14242)
    * Fix chunk index overflow due to large sstable with small chunk length
      (CASSANDRA-15595)
    * Allow selecting static column only when querying static index
      (CASSANDRA-14242)
    * cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
    * Don't skip sstables in slice queries based only on local
      min/max/deletion timestamp (CASSANDRA-15690)
    * Memtable memory allocations may deadlock (CASSANDRA-15367)
    * Run evictFromMembership in GossipStage (CASSANDRA-15592)
    * Fix nomenclature of allow and deny lists (CASSANDRA-15862)
    * Remove generated files from source artifact (CASSANDRA-15849)
    * Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
    * Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
    * Disable JMX rebinding (CASSANDRA-15653)
    * Fix writing of snapshot manifest when the table has table-backed
      secondary indexes (CASSANDRA-10968)
    * Fix parse error in cqlsh COPY FROM and formatting for map of blobs
      (CASSANDRA-15679)
    * Fix Commit log replays when static column clustering keys are
      collections (CASSANDRA-14365)
    * Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
    * Allow EXTRA_CLASSPATH to work on tar/source installations
      (CASSANDRA-15567)
    * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
      upgrade and in sstablescrub (CASSANDRA-15035)
    * Fix nodetool compactionstats showing extra pending task for TWCS -
      patch implemented (CASSANDRA-15409)
    * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
    * Fix LegacyLayout to have same behavior as 2.x when handling unknown
      column names (CASSANDRA-15081)
    * Update nodetool help stop output (CASSANDRA-15401)
    * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
    * Include updates to static column in mutation size calculations
      (CASSANDRA-15293)
    * Fix point-in-time recoevery ignoring timestamp of updates to static
      columns (CASSANDRA-15292)
    * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
    * Fix sstabledump's position key value when partitions have multiple rows
      (CASSANDRA-14721)
    * Avoid over-scanning data directories in LogFile.verify()
      (CASSANDRA-15364)
    * Bump generations and document changes to system_distributed and
      system_traces in 3.0, 3.11 (CASSANDRA-15441)
    * Fix system_traces creation timestamp; optimise system keyspace upgrades
      (CASSANDRA-15398)
    * Fix various data directory prefix matching issues (CASSANDRA-13974)
    * Minimize clustering values in metadata collector (CASSANDRA-15400)
    * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
    * validate value sizes in LegacyLayout (CASSANDRA-15373)
    * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by
      default (CASSANDRA-15385)
    * Make sure index summary redistribution does not start when compactions
      are paused (CASSANDRA-15265)
    * Ensure legacy rows have primary key livenessinfo when they contain
      illegal cells (CASSANDRA-15365)
    * Fix race condition when setting bootstrap flags (CASSANDRA-14878)
    * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
    * Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
    * In-JVM DTest: Set correct internode message version for upgrade test
      (CASSANDRA-15371)
    * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
    * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
    * Fix SASI non-literal string comparisons (range operators)
      (CASSANDRA-15169)
    * Make sure user defined compaction transactions are always closed
      (CASSANDRA-15123)
    * Fix cassandra-env.sh to use $CASSANDRA_CONF to find
      cassandra-jaas.config (CASSANDRA-14305)
    * Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
    * Add flag to disable SASI indexes, and warnings on creation
      (CASSANDRA-14866)
    * Add ability to cap max negotiable protocol version (CASSANDRA-15193)
    * Gossip tokens on startup if available (CASSANDRA-15335)
    * Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
    * Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
    * Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when
      upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
    * Fix NPE when using allocate_tokens_for_keyspace on new DC/rack
      (CASSANDRA-14952)
    * Filter sstables earlier when running cleanup (CASSANDRA-15100)
    * Use mean row count instead of mean column count for index selectivity
      calculation (CASSANDRA-15259)
    * Avoid updating unchanged gossip states (CASSANDRA-15097)
    * Prevent recreation of previously dropped columns with a different kind
      (CASSANDRA-14948)
    * Prevent client requests from blocking on executor task queue
      (CASSANDRA-15013)
    * Toughen up column drop/recreate type validations (CASSANDRA-15204)
    * LegacyLayout should handle paging states that cross a collection column
      (CASSANDRA-15201)
    * Prevent RuntimeException when username or password is empty/null
      (CASSANDRA-15198)
    * Multiget thrift query returns null records after digest mismatch
      (CASSANDRA-14812)
    * Skipping illegal legacy cells can break reverse iteration of indexed
      partitions (CASSANDRA-15178)
    * Handle paging states serialized with a different version than the
      session's (CASSANDRA-15176)
    * Throw IOE instead of asserting on unsupporter peer versions
      (CASSANDRA-15066)
    * Update token metadata when handling MOVING/REMOVING_TOKEN events
      (CASSANDRA-15120)
    * Add ability to customize cassandra log directory using
      $CASSANDRA_LOG_DIR (CASSANDRA-15090)
    * Skip cells with illegal column names when reading legacy sstables
      (CASSANDRA-15086)
    * Fix assorted gossip races and add related runtime checks
      (CASSANDRA-15059)
    * Fix mixed mode partition range scans with limit (CASSANDRA-15072)
    * cassandra-stress works with frozen collections: list and set
      (CASSANDRA-14907)
    * Fix handling FS errors on writing and reading flat files -
      LogTransaction and hints (CASSANDRA-15053)
    * Avoid double closing the iterator to avoid overcounting the number of
      requests (CASSANDRA-15058)
    * Improve `nodetool status -r` speed (CASSANDRA-14847)
    * Improve merkle tree size and time on heap (CASSANDRA-14096)
    * Add missing commands to nodetool_completion (CASSANDRA-14916)
    * Anti-compaction temporarily corrupts sstable state for readers
      (CASSANDRA-15004)
    * Catch non-IOException in FileUtils.close to make sure that all
      resources are closed (CASSANDRA-15225)
    * Handle exceptions during authentication/authorization (CASSANDRA-15041)
    * Support cross version messaging in in-jvm upgrade dtests
      (CASSANDRA-15078)
    * Fix index summary redistribution cancellation (CASSANDRA-15045)
    * Fixing invalid CQL in security documentation (CASSANDRA-15020)
    * Allow instance class loaders to be garbage collected for inJVM dtest
      (CASSANDRA-15170)
    * Add support for network topology and query tracing for inJVM dtest
      (CASSANDRA-15319)
    * Correct sstable sorting for garbagecollect and levelled compaction
      (CASSANDRA-14870)
    * Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
    * Add a script to make running the cqlsh tests in cassandra repo easier
      (CASSANDRA-14951)
    * If SizeEstimatesRecorder misses a 'onDropTable' notification, the
      size_estimates table will never be cleared for that table.
      (CASSANDRA-14905)
    * Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters
      (CASSANDRA-14958)
    * Streaming needs to synchronise access to LifecycleTransaction
      (CASSANDRA-14554)
    * Fix cassandra-stress write hang with default options (CASSANDRA-14616)
    * Differentiate between slices and RTs when decoding legacy bounds
      (CASSANDRA-14919)
    * Netty epoll IOExceptions caused by unclean client disconnects being
      logged at INFO (CASSANDRA-14909)
    * Unfiltered.isEmpty conflicts with Row extends
      AbstractCollection.isEmpty (CASSANDRA-14588)
    * RangeTombstoneList doesn't properly clean up mergeable or superseded
      rts in some cases (CASSANDRA-14894)
    * Fix handling of collection tombstones for dropped columns from legacy
      sstables (CASSANDRA-14912)
    * Throw exception if Columns serialized subset encode more columns than
      possible (CASSANDRA-14591)
    * Drop/add column name with different Kind can result in corruption
      (CASSANDRA-14843)
    * Fix missing rows when reading 2.1 SSTables with static columns in 3.0
      (CASSANDRA-14873)
    * Move TWCS message 'No compaction necessary for bucket size' to Trace
      level (CASSANDRA-14884)
    * Sstable min/max metadata can cause data loss (CASSANDRA-14861)
    * Dropped columns can cause reverse sstable iteration to return
      prematurely (CASSANDRA-14838)
    * Legacy sstables with  multi block range tombstones create invalid bound
      sequences (CASSANDRA-14823)
    * Expand range tombstone validation checks to multiple interim request
      stages (CASSANDRA-14824)
    * Reverse order reads can return incomplete results (CASSANDRA-14803)
    * Avoid calling iter.next() in a loop when notifying indexers about range
      tombstones (CASSANDRA-14794)
    * Fix purging semi-expired RT boundaries in reversed iterators
      (CASSANDRA-14672)
    * DESC order reads can fail to return the last Unfiltered in the
      partition (CASSANDRA-14766)
    * Fix corrupted collection deletions for dropped columns in 3.0 <->
      2.{1,2} messages (CASSANDRA-14568)
    * Fix corrupted static collection deletions in 3.0 <-> 2.{1,2} messages
      (CASSANDRA-14568)
    * Handle failures in parallelAllSSTableOperation
      (cleanup/upgradesstables/etc) (CASSANDRA-14657)
    * Improve TokenMetaData cache populating performance avoid long locking
      (CASSANDRA-14660)
    * Backport: Flush netty client messages immediately (not by default)
      (CASSANDRA-13651)
    * Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
    * sstableloader should use discovered broadcast address to connect
      intra-cluster (CASSANDRA-14522)
    * Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
    * Don't enable client transports when bootstrap is pending
      (CASSANDRA-14525)
    * MigrationManager attempts to pull schema from different major version
      nodes (CASSANDRA-14928)
    * Fix incorrect cqlsh results when selecting same columns multiple times
      (CASSANDRA-13262)
    * Returns null instead of NaN or Infinity in JSON strings
      (CASSANDRA-14377)
    * Paged Range Slice queries with DISTINCT can drop rows from results
      (CASSANDRA-14956)

   Changes in crowbar-openstack:
   - Update to version 6.0+git.1616146717.a89ae0f4e:
     * monasca: restart Kibana on update (bsc#1044849)

   Changes in grafana
   - Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
     * Prevent unauthenticated remote attackers from causing a DoS through
       the snapshots API.

   Changes in kibana:
   - Ensure /etc/sysconfig/kibana is present

   - Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14,
     ESA-2017-16)
     * [4.6] ignore forked code for babel transpile build phase (#13483)
     * Allow more than match queries in custom filters (#8614) (#10857)
     * [state] don't make extra $location.replace() calls (#9954)
     * [optimizer] move to querystring-browser package for up-to-date api
     * [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
     * server: refactor log_interceptor to be more DRY (#9617)
     * server: downgrade ECANCELED logs to debug (#9616)
     * server: do not treat logged warnings as errors (#8746) (#9610)
     * [server/logger] downgrade EPIPE errors to debug level (#9023)
     * Add basepath when redirecting from a trailling slash (#9035)
     * [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
     * [server/shortUrl] validate urls before shortening them
   - Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
     * This fixes an XSS vulnerability in URL fields
   - Remove %dir declaration from /opt/kibana/optimize to ensure no files
     owned by root end up in there
   - Exclude /opt/kibana/optimize from %fdupes
   - Restart service on upgrade
   - Do not copy LICENSE.txt and README.txt to /opt/kibana
   - Fix rpmlint warnings/errors
   - Switch to explicit patch application
   - Fix source URL
   - Fix logic for systemd/systemv detection

   - Add 0001-Configurable-custom-response-headers-for-server.patch
     (bsc#1171909, CVE-2020-10743)

   - Added kibana.yml symlink (bsc#1048688, FATE#323204) Changes in
     openstack-dashboard:
   - Update to version horizon-14.1.1.dev11:
     * Consume tempest-horizon from PyPI release

   Changes in openstack-ironic:
   - Update to version ironic-11.1.5.dev17:
     * Remove lower-constraints job

   Changes in openstack-ironic:
   - Update to version ironic-11.1.5.dev17:
     * Remove lower-constraints job

   Changes in openstack-neutron:
   - Update to version neutron-13.0.8.dev164:
     * Schedule networks to new segments if needed

   - Update to version neutron-13.0.8.dev162:
     * Fix invalid JSON generated by quota details

   - Update to version neutron-13.0.8.dev160:
     * Fix deletion of rfp interfaces when router is re-enabled

   - Update to version neutron-13.0.8.dev159:
     * [OVS FW] Allow egress ICMPv6 only for know addresses
     * [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID

   - Update to version neutron-13.0.8.dev155:
     * Fix removal of dvr-src mac flows when non-gateway port on router is
       deleted

   - Update to version neutron-13.0.8.dev153:
     * Add some wait time between stopping and starting again ovsdb monitor
     * Workaround for TCP checksum issue with ovs-dpdk and  veth pair

   - Update to version neutron-13.0.8.dev149:
     * Fix wrong packet\_type set for IPv6 GRE tunnels in OVS

   - Update to version neutron-13.0.8.dev148:
     * Fix losses of ovs flows when ovs is restarted

   Changes in openstack-neutron:
   - Update to version neutron-13.0.8.dev164:
     * Schedule networks to new segments if needed

   - Update to version neutron-13.0.8.dev162:
     * Fix invalid JSON generated by quota details

   - Update to version neutron-13.0.8.dev160:
     * Fix deletion of rfp interfaces when router is re-enabled

   - Update to version neutron-13.0.8.dev159:
     * [OVS FW] Allow egress ICMPv6 only for know addresses
     * [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID

   - Update to version neutron-13.0.8.dev155:
     * Fix removal of dvr-src mac flows when non-gateway port on router is
       deleted

   - Update to version neutron-13.0.8.dev153:
     * Add some wait time between stopping and starting again ovsdb monitor
     * Workaround for TCP checksum issue with ovs-dpdk and  veth pair

   - Update to version neutron-13.0.8.dev149:
     * Fix wrong packet\_type set for IPv6 GRE tunnels in OVS

   - Update to version neutron-13.0.8.dev148:
     * Fix losses of ovs flows when ovs is restarted

   Changes in openstack-neutron-gbp:
   - Update to version group-based-policy-12.0.1.dev29:
     * gbp-validate: Tenant and resource level scoping 2014.2.0rc1

   - Update to version group-based-policy-12.0.1.dev27:
     * Import data\_utils from the new location

   - Update to version group-based-policy-12.0.1.dev26:
     * Add SNAT port's Mac Address to the host\_snat\_ips dictionary

   - Update to version group-based-policy-12.0.1.dev25:
     * Add support for victoria 2014.2.rc1

   - Update to version group-based-policy-12.0.1.dev24:
     * Fix deletion of SVI networks

   - Update to version group-based-policy-12.0.1.dev23:
     * Allow per-port qos configuration on dhcp port 2014.2rc1

   - Update to version group-based-policy-12.0.1.dev22:
     * Add connectivity parameter to driver
     * [AIM] Fix ERSPAN extension 2014.2.rc1

   - Update to version group-based-policy-12.0.1.dev19:
     * Fix exception with cleanup 2014.2.0rc1

   - Update to version group-based-policy-12.0.1.dev18:
     * Add workaround to get\_subnets

   Changes in openstack-nova:
   - Update to version nova-18.3.1.dev82:
     * [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
     * Change default num\_retries for glance to 3

   Changes in openstack-nova:
   - Update to version nova-18.3.1.dev82:
     * [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
     * Change default num\_retries for glance to 3

   Changes in python-Django1:
   - Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
       * Fixed potential path-traversal via admindocs' TemplateDetailView.
   - Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
       * Prevented leading zeros in IPv4 addresses.

   - Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
       * Fixed CVE-2021-31542 -- Tightened path and file name sanitation in
         file uploads.

   - Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
     * Fixed potential directory-traversal via uploaded files

   - Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
     * Fixed web cache poisoning via django.utils.http.limited_parse_qsl()


   Changes in python-py:
   - Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
     * svnwc: fix regular expression vulnerable to DoS in blame functionality

   Changes in python-pysaml2:
   - Fix patches (SOC-11453)
     * 0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch
        - rename saml2.xml to saml2.samlxml to avoid overriding the xml
   module in the system module path
        - add missing __init__.py files
        - add missing saml2/data package to setup.py
     * 0007-Make-previous-commits-python2-compatible.patch so as not to
        - Adjust to saml2.xml to saml2.samlxml changes
        - Fix a few more syntax errors and Python2-isms.

   - Fix CVE-2021-21238, bsc#1181277 with 0002-Strengthen-XSW-tests.patch ,
     0003-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
     0004-Add-xsd-schemas.patch ,
     0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch . This adds a
     dependency on python-xmlschema, which depends on python-elementpath,
     thus both need to be added for this to work. The used python-xmlschema
     needs to support the sandbox argument which was added in 1.2.0 and
     refined in 1.2.1, but that version doesn't support python2, so a patched
     version that does both is needed. Add
     0007-Make-previous-commits-python2-compatible.patch to not add a
     dependency on reportlib_resources and make other changes python2
     compatible. . Fix CVE-2021-21239, bsc#1181278 with
     0006-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch

   Changes in python-xmlschema:

   - Add 3 patches to backport sandbox argument, which is needed by a
     security fix in python-pysaml2 and one patch to make backport python2
     compatible.
   - Upstream url changed
   - Add rpmlintrc to make it work on Leap 42.3
   - Update to 1.0.18:
     * Fix for *ModelVisitor.iter_unordered_content()*
     * Fixed default converter, AbderaConverter and JsonMLConverter for
       xs:anyType decode
     * Fixed validation tests with all converters
     * Added UnorderedConverter to validation tests
   - Update to 1.0.17:
     * Enhancement of validation-only speed (~15%)
     * Added *is_valid()* and *iter_errors()* to module API
   - Update to 1.0.16:
     * Improved XMLResource class for working with compressed files
     * Fix for validation with XSD wildcards and 'lax' process content
     * Fix ambiguous items validation for xs:choice and xs:sequence models

   - Handle UnicodeDecodeErrors during build process

   - Update to 1.0.15:
     * Improved XPath 2.0 bindings
     * Added logging for schema initialization and building (handled with
       argument loglevel)
     * Update encoding of collapsed contents with a new model based
       reordering method
     * Removed XLink namespace from meta-schema (loaded from a fallback
       location like XHTML)
     * Fixed half of failed W3C instance tests (remain 255 over 15344 tests)

   - Initial commit, needed by pytest 5.1.2 Changes in python-elementpath:

   - Update to 1.3.1:
     * Improved schema proxy
     * Improved XSD type matching using paths
     * Cached parent path for XPathContext (only Python 3)
     * Improve typed selection with TypedAttribute and TypedElement
       named-tuples
     * Add iter_results to XPathContext
     * Remove XMLSchemaProxy from package
     * Fix descendant shortcut operator '//'
     * Fix text() function
     * Fix typed select of '(name)' token
     * Fix 24-hour time for DateTime

   - Skip test_hashing to fix 32bit builds

   - Initial commit needed by python-xmlschema Changes in
     rubygem-activerecord-session_store:
   - added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
     * This requires CVE-2019-16782.patch to be included in
       rubygem-actionpack-4_2 to work correctly.

   Changes in venv-openstack-keystone
   - Add python-xmlschema and python-elementpath for new python-pysaml2
     version.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 9:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1962=1

   - SUSE OpenStack Cloud 9:

      zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1962=1



Package List:

   - SUSE OpenStack Cloud Crowbar 9 (noarch):

      crowbar-openstack-6.0+git.1616146717.a89ae0f4e-3.34.4
      openstack-dashboard-14.1.1~dev11-3.24.6
      openstack-ironic-11.1.5~dev17-3.25.5
      openstack-ironic-api-11.1.5~dev17-3.25.5
      openstack-ironic-conductor-11.1.5~dev17-3.25.5
      openstack-neutron-13.0.8~dev164-3.37.4
      openstack-neutron-dhcp-agent-13.0.8~dev164-3.37.4
      openstack-neutron-gbp-12.0.1~dev29-3.25.3
      openstack-neutron-ha-tool-13.0.8~dev164-3.37.4
      openstack-neutron-l3-agent-13.0.8~dev164-3.37.4
      openstack-neutron-linuxbridge-agent-13.0.8~dev164-3.37.4
      openstack-neutron-macvtap-agent-13.0.8~dev164-3.37.4
      openstack-neutron-metadata-agent-13.0.8~dev164-3.37.4
      openstack-neutron-metering-agent-13.0.8~dev164-3.37.4
      openstack-neutron-openvswitch-agent-13.0.8~dev164-3.37.4
      openstack-neutron-server-13.0.8~dev164-3.37.4
      openstack-nova-18.3.1~dev82-3.37.6
      openstack-nova-api-18.3.1~dev82-3.37.6
      openstack-nova-cells-18.3.1~dev82-3.37.6
      openstack-nova-compute-18.3.1~dev82-3.37.6
      openstack-nova-conductor-18.3.1~dev82-3.37.6
      openstack-nova-console-18.3.1~dev82-3.37.6
      openstack-nova-novncproxy-18.3.1~dev82-3.37.6
      openstack-nova-placement-api-18.3.1~dev82-3.37.6
      openstack-nova-scheduler-18.3.1~dev82-3.37.6
      openstack-nova-serialproxy-18.3.1~dev82-3.37.6
      openstack-nova-vncproxy-18.3.1~dev82-3.37.6
      python-Django1-1.11.29-3.25.1
      python-elementpath-1.3.1-1.3.2
      python-horizon-14.1.1~dev11-3.24.6
      python-ironic-11.1.5~dev17-3.25.5
      python-neutron-13.0.8~dev164-3.37.4
      python-neutron-gbp-12.0.1~dev29-3.25.3
      python-nova-18.3.1~dev82-3.37.6
      python-openstack_auth-14.1.1~dev11-3.24.6
      python-py-1.5.4-3.3.2
      python-pysaml2-4.5.0-4.6.2
      python-xmlschema-1.0.18-1.3.2

   - SUSE OpenStack Cloud Crowbar 9 (x86_64):

      cassandra-3.11.10-3.3.3
      cassandra-debuginfo-3.11.10-3.3.3
      cassandra-debugsource-3.11.10-3.3.3
      cassandra-tools-3.11.10-3.3.3
      grafana-6.7.4-3.23.2
      grafana-debuginfo-6.7.4-3.23.2
      kibana-4.6.6-4.9.2
      kibana-debuginfo-4.6.6-4.9.2
      ruby2.1-rubygem-activerecord-session_store-0.1.2-4.3.2

   - SUSE OpenStack Cloud 9 (noarch):

      ardana-neutron-9.0+git.1615223676.777f0b3-3.25.2
      ardana-swift-9.0+git.1618235096.90974ed-3.10.2
      openstack-dashboard-14.1.1~dev11-3.24.6
      openstack-ironic-11.1.5~dev17-3.25.5
      openstack-ironic-api-11.1.5~dev17-3.25.5
      openstack-ironic-conductor-11.1.5~dev17-3.25.5
      openstack-neutron-13.0.8~dev164-3.37.4
      openstack-neutron-dhcp-agent-13.0.8~dev164-3.37.4
      openstack-neutron-gbp-12.0.1~dev29-3.25.3
      openstack-neutron-ha-tool-13.0.8~dev164-3.37.4
      openstack-neutron-l3-agent-13.0.8~dev164-3.37.4
      openstack-neutron-linuxbridge-agent-13.0.8~dev164-3.37.4
      openstack-neutron-macvtap-agent-13.0.8~dev164-3.37.4
      openstack-neutron-metadata-agent-13.0.8~dev164-3.37.4
      openstack-neutron-metering-agent-13.0.8~dev164-3.37.4
      openstack-neutron-openvswitch-agent-13.0.8~dev164-3.37.4
      openstack-neutron-server-13.0.8~dev164-3.37.4
      openstack-nova-18.3.1~dev82-3.37.6
      openstack-nova-api-18.3.1~dev82-3.37.6
      openstack-nova-cells-18.3.1~dev82-3.37.6
      openstack-nova-compute-18.3.1~dev82-3.37.6
      openstack-nova-conductor-18.3.1~dev82-3.37.6
      openstack-nova-console-18.3.1~dev82-3.37.6
      openstack-nova-novncproxy-18.3.1~dev82-3.37.6
      openstack-nova-placement-api-18.3.1~dev82-3.37.6
      openstack-nova-scheduler-18.3.1~dev82-3.37.6
      openstack-nova-serialproxy-18.3.1~dev82-3.37.6
      openstack-nova-vncproxy-18.3.1~dev82-3.37.6
      python-Django1-1.11.29-3.25.1
      python-elementpath-1.3.1-1.3.2
      python-horizon-14.1.1~dev11-3.24.6
      python-ironic-11.1.5~dev17-3.25.5
      python-neutron-13.0.8~dev164-3.37.4
      python-neutron-gbp-12.0.1~dev29-3.25.3
      python-nova-18.3.1~dev82-3.37.6
      python-openstack_auth-14.1.1~dev11-3.24.6
      python-py-1.5.4-3.3.2
      python-pysaml2-4.5.0-4.6.2
      python-xmlschema-1.0.18-1.3.2
      venv-openstack-barbican-x86_64-7.0.1~dev24-3.23.1
      venv-openstack-cinder-x86_64-13.0.10~dev20-3.26.1
      venv-openstack-designate-x86_64-7.0.2~dev2-3.23.1
      venv-openstack-glance-x86_64-17.0.1~dev30-3.21.1
      venv-openstack-heat-x86_64-11.0.4~dev4-3.23.1
      venv-openstack-horizon-x86_64-14.1.1~dev11-4.27.3
      venv-openstack-ironic-x86_64-11.1.5~dev17-4.21.2
      venv-openstack-keystone-x86_64-14.2.1~dev4-3.24.3
      venv-openstack-magnum-x86_64-7.2.1~dev1-4.23.1
      venv-openstack-manila-x86_64-7.4.2~dev60-3.29.1
      venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.23.2
      venv-openstack-monasca-x86_64-2.7.1~dev10-3.21.1
      venv-openstack-neutron-x86_64-13.0.8~dev164-6.27.3
      venv-openstack-nova-x86_64-18.3.1~dev82-3.27.3
      venv-openstack-octavia-x86_64-3.2.3~dev7-4.23.1
      venv-openstack-sahara-x86_64-9.0.2~dev15-3.23.1
      venv-openstack-swift-x86_64-2.19.2~dev48-2.18.1

   - SUSE OpenStack Cloud 9 (x86_64):

      cassandra-3.11.10-3.3.3
      cassandra-debuginfo-3.11.10-3.3.3
      cassandra-debugsource-3.11.10-3.3.3
      cassandra-tools-3.11.10-3.3.3
      grafana-6.7.4-3.23.2
      grafana-debuginfo-6.7.4-3.23.2
      kibana-4.6.6-4.9.2
      kibana-debuginfo-4.6.6-4.9.2


References:

   https://www.suse.com/security/cve/CVE-2017-11481.html
   https://www.suse.com/security/cve/CVE-2017-11499.html
   https://www.suse.com/security/cve/CVE-2018-18623.html
   https://www.suse.com/security/cve/CVE-2018-18624.html
   https://www.suse.com/security/cve/CVE-2018-18625.html
   https://www.suse.com/security/cve/CVE-2018-19039.html
   https://www.suse.com/security/cve/CVE-2019-15043.html
   https://www.suse.com/security/cve/CVE-2019-25025.html
   https://www.suse.com/security/cve/CVE-2020-10743.html
   https://www.suse.com/security/cve/CVE-2020-11110.html
   https://www.suse.com/security/cve/CVE-2020-12052.html
   https://www.suse.com/security/cve/CVE-2020-13379.html
   https://www.suse.com/security/cve/CVE-2020-17516.html
   https://www.suse.com/security/cve/CVE-2020-24303.html
   https://www.suse.com/security/cve/CVE-2020-29651.html
   https://www.suse.com/security/cve/CVE-2021-21238.html
   https://www.suse.com/security/cve/CVE-2021-21239.html
   https://www.suse.com/security/cve/CVE-2021-23336.html
   https://www.suse.com/security/cve/CVE-2021-27358.html
   https://www.suse.com/security/cve/CVE-2021-28658.html
   https://www.suse.com/security/cve/CVE-2021-31542.html
   https://www.suse.com/security/cve/CVE-2021-33203.html
   https://www.suse.com/security/cve/CVE-2021-33571.html
   https://bugzilla.suse.com/1044849
   https://bugzilla.suse.com/1048688
   https://bugzilla.suse.com/1115960
   https://bugzilla.suse.com/1148383
   https://bugzilla.suse.com/1170657
   https://bugzilla.suse.com/1171909
   https://bugzilla.suse.com/1172409
   https://bugzilla.suse.com/1172450
   https://bugzilla.suse.com/1174583
   https://bugzilla.suse.com/1178243
   https://bugzilla.suse.com/1179805
   https://bugzilla.suse.com/1181277
   https://bugzilla.suse.com/1181278
   https://bugzilla.suse.com/1181689
   https://bugzilla.suse.com/1181690
   https://bugzilla.suse.com/1182317
   https://bugzilla.suse.com/1182433
   https://bugzilla.suse.com/1183174
   https://bugzilla.suse.com/1183803
   https://bugzilla.suse.com/1184148
   https://bugzilla.suse.com/1185623
   https://bugzilla.suse.com/1186608
   https://bugzilla.suse.com/1186611



More information about the sle-security-updates mailing list