SUSE-SU-2021:3729-1: moderate: Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 19 17:23:19 UTC 2021
SUSE Security Update: Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3729-1
Rating: moderate
References: #1180837 #1185836 #1186868 #1189052 #1191681
SOC-11543
Cross-References: CVE-2020-26298 CVE-2021-21419 CVE-2021-22141
CVE-2021-41136
CVSS scores:
CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22141 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________
An update that solves four vulnerabilities, contains one
feature and has one errata is now available.
Description:
This update for ardana-ansible, ardana-monasca, crowbar-openstack,
influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp,
openstack-heat-templates, openstack-horizon-plugin-gbp-ui,
openstack-keystone, openstack-neutron-gbp, openstack-nova,
python-eventlet, rubygem-redcarpet, rubygem-puma contains the following
fixes:
Security fixes included in this update:
kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).
python-eventlet: CVE-2021-21419: Fixed improper handling of highly
compressed data and memory allocation with excessive size value.
(bsc#1185836)
rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when
processing quotes. (bsc#1180837)
rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for
parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible:
* Patch service.py to skip blank lines.
Changes in ardana-monasca:
* Use specific TLS versions for monasca-thresh DB connections.
(SOC-11543)
Changes in crowbar-openstack:
* keystone wakeup: get new session on any error. (bsc#1189052)
Changes in influxdb:
- Set GO111MODULE=auto to fix build with go1.16 and later where default is
GO111MODULE=on
Canges in kibana:
- Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)
Changes in openstack-cinder:
* Fix typo in Dell EMC Unity driver documentation.
* Drop lower-constraints job.
* [stable-only] Cap bandit to v1.6.2 and fix constraints.
Changes in openstack-ec2-api:
* Remove jobs corresponds to obselete featuresets.
* OpenDev Migration Patch.
Changes in openstack-heat-gbp:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-heat-templates:
* [ussuri][goal] Update contributor documentation.
* Fix zuul config for heat-templates-check.
* Remove testr.
Changes in openstack-horizon-plugin-gbp-ui:
* Add support for Wallaby.
* Fix upstream gate.
Changes in openstack-keystone:
* Retry update\_user when sqlalchemy raises StaleDataErrors.
* Pin keystone-tempest-plugin for py27 compatibility.
Changes in openstack-neutron-gbp:
* Fix update router API.
* Fix HA IP DB migration.
* Revert "Fix HA IP DB migration".
* Fix HA IP DB migration.
* Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner
table.
* Use custom converter for extra attributes.
* Validate network before creating or updating router.
* Fix Data Migration query for HA IP table.
* System security grp:Add system sg in port sg list.
* Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table.
* [apic\_aim]: Fix HA IP UTs.
* Fixing the exception msg for IPAddressGenerationFailure.
* Enhancement regarding router/instance attachment to an external
network floating ip and snat subnets.
* Setting legacy-group-based-policy-dsvm-aim to non-voting gate.
* Add support for Wallaby.
* Bug fixes for gbp-validate.
* [apic\_aim]: Filter endpoint details.
* Bugfix: Policy Enforcement Pref.
* Fix unit-tests for tenant-scope validation.
* [AIM] Add Policy Enforcement Pref to network extension.
Changes in openstack-nova:
* [neutron] Get only ID and name of the SGs from Neutron.
* Remove allocations before setting vm\_status to SHELVED\_OFFLOADED.
* libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available.
* Update pci stat pools based on PCI device changes.
* Use subqueryload() instead of joinedload() for (system\_)metadata.
Changes in python-eventlet: Websocket: Limit maximum uncompressed frame
length to 8MiB. (bsc#1185836 CVE-2021-21419)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3729=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3729=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
influxdb-1.3.8-4.6.1
influxdb-debuginfo-1.3.8-4.6.1
kibana-4.6.6-4.12.1
kibana-debuginfo-4.6.6-4.12.1
ruby2.1-rubygem-puma-2.16.0-4.15.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-4.15.1
ruby2.1-rubygem-redcarpet-3.2.3-4.3.1
ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-4.3.1
rubygem-puma-debugsource-2.16.0-4.15.1
rubygem-redcarpet-debugsource-3.2.3-4.3.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-openstack-6.0+git.1630614261.26948f746-3.37.2
openstack-cinder-13.0.10~dev23-3.31.2
openstack-cinder-api-13.0.10~dev23-3.31.2
openstack-cinder-backup-13.0.10~dev23-3.31.2
openstack-cinder-scheduler-13.0.10~dev23-3.31.2
openstack-cinder-volume-13.0.10~dev23-3.31.2
openstack-ec2-api-7.1.1~dev6-3.3.2
openstack-ec2-api-api-7.1.1~dev6-3.3.2
openstack-ec2-api-metadata-7.1.1~dev6-3.3.2
openstack-ec2-api-s3-7.1.1~dev6-3.3.2
openstack-heat-gbp-12.0.1~dev4-3.6.1
openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1
openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
openstack-keystone-14.2.1~dev7-3.25.2
openstack-neutron-gbp-14.0.1~dev19-3.28.1
openstack-nova-18.3.1~dev91-3.40.1
openstack-nova-api-18.3.1~dev91-3.40.1
openstack-nova-cells-18.3.1~dev91-3.40.1
openstack-nova-compute-18.3.1~dev91-3.40.1
openstack-nova-conductor-18.3.1~dev91-3.40.1
openstack-nova-console-18.3.1~dev91-3.40.1
openstack-nova-novncproxy-18.3.1~dev91-3.40.1
openstack-nova-placement-api-18.3.1~dev91-3.40.1
openstack-nova-scheduler-18.3.1~dev91-3.40.1
openstack-nova-serialproxy-18.3.1~dev91-3.40.1
openstack-nova-vncproxy-18.3.1~dev91-3.40.1
python-cinder-13.0.10~dev23-3.31.2
python-ec2api-7.1.1~dev6-3.3.2
python-eventlet-0.20.0-8.3.1
python-heat-gbp-12.0.1~dev4-3.6.1
python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
python-keystone-14.2.1~dev7-3.25.2
python-neutron-gbp-14.0.1~dev19-3.28.1
python-nova-18.3.1~dev91-3.40.1
- SUSE OpenStack Cloud 9 (x86_64):
influxdb-1.3.8-4.6.1
influxdb-debuginfo-1.3.8-4.6.1
kibana-4.6.6-4.12.1
kibana-debuginfo-4.6.6-4.12.1
- SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1628097238.f6cbb0e-3.29.1
ardana-monasca-9.0+git.1627995376.30bdf85-3.25.1
openstack-cinder-13.0.10~dev23-3.31.2
openstack-cinder-api-13.0.10~dev23-3.31.2
openstack-cinder-backup-13.0.10~dev23-3.31.2
openstack-cinder-scheduler-13.0.10~dev23-3.31.2
openstack-cinder-volume-13.0.10~dev23-3.31.2
openstack-ec2-api-7.1.1~dev6-3.3.2
openstack-ec2-api-api-7.1.1~dev6-3.3.2
openstack-ec2-api-metadata-7.1.1~dev6-3.3.2
openstack-ec2-api-s3-7.1.1~dev6-3.3.2
openstack-heat-gbp-12.0.1~dev4-3.6.1
openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1
openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
openstack-keystone-14.2.1~dev7-3.25.2
openstack-neutron-gbp-14.0.1~dev19-3.28.1
openstack-nova-18.3.1~dev91-3.40.1
openstack-nova-api-18.3.1~dev91-3.40.1
openstack-nova-cells-18.3.1~dev91-3.40.1
openstack-nova-compute-18.3.1~dev91-3.40.1
openstack-nova-conductor-18.3.1~dev91-3.40.1
openstack-nova-console-18.3.1~dev91-3.40.1
openstack-nova-novncproxy-18.3.1~dev91-3.40.1
openstack-nova-placement-api-18.3.1~dev91-3.40.1
openstack-nova-scheduler-18.3.1~dev91-3.40.1
openstack-nova-serialproxy-18.3.1~dev91-3.40.1
openstack-nova-vncproxy-18.3.1~dev91-3.40.1
python-cinder-13.0.10~dev23-3.31.2
python-ec2api-7.1.1~dev6-3.3.2
python-eventlet-0.20.0-8.3.1
python-heat-gbp-12.0.1~dev4-3.6.1
python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1
python-keystone-14.2.1~dev7-3.25.2
python-neutron-gbp-14.0.1~dev19-3.28.1
python-nova-18.3.1~dev91-3.40.1
venv-openstack-barbican-x86_64-7.0.1~dev24-3.25.1
venv-openstack-cinder-x86_64-13.0.10~dev23-3.28.1
venv-openstack-designate-x86_64-7.0.2~dev2-3.25.1
venv-openstack-glance-x86_64-17.0.1~dev30-3.23.1
venv-openstack-heat-x86_64-11.0.4~dev4-3.25.1
venv-openstack-horizon-x86_64-14.1.1~dev11-4.29.1
venv-openstack-ironic-x86_64-11.1.5~dev17-4.23.1
venv-openstack-keystone-x86_64-14.2.1~dev7-3.26.1
venv-openstack-magnum-x86_64-7.2.1~dev1-4.25.1
venv-openstack-manila-x86_64-7.4.2~dev60-3.31.1
venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.25.1
venv-openstack-monasca-x86_64-2.7.1~dev10-3.23.1
venv-openstack-neutron-x86_64-13.0.8~dev164-6.29.1
venv-openstack-nova-x86_64-18.3.1~dev91-3.29.1
venv-openstack-octavia-x86_64-3.2.3~dev7-4.25.1
venv-openstack-sahara-x86_64-9.0.2~dev15-3.25.1
venv-openstack-swift-x86_64-2.19.2~dev48-2.20.1
References:
https://www.suse.com/security/cve/CVE-2020-26298.html
https://www.suse.com/security/cve/CVE-2021-21419.html
https://www.suse.com/security/cve/CVE-2021-22141.html
https://www.suse.com/security/cve/CVE-2021-41136.html
https://bugzilla.suse.com/1180837
https://bugzilla.suse.com/1185836
https://bugzilla.suse.com/1186868
https://bugzilla.suse.com/1189052
https://bugzilla.suse.com/1191681
More information about the sle-security-updates
mailing list