SUSE-RU-2014:0656-1: Feature-update to provide High Availability support for SUSE Cloud 3
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu May 15 11:06:35 MDT 2014
SUSE Recommended Update: Feature-update to provide High Availability support for SUSE Cloud 3
______________________________________________________________________________
Announcement ID: SUSE-RU-2014:0656-1
Rating: low
References: #840255 #847189 #861551 #863719 #865733 #869078
#869570 #870175 #870898 #871199 #871855 #872116
#872361 #872700 #872915 #873127 #874171 #874611
#874755 #876326
Affected Products:
SUSE Cloud 3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 15 fixes is
now available. It includes 33 new package versions.
Description:
This collective update provides the ability to remove single point of
failures from a SUSE Cloud deployment by enabling High Availability
support for the OpenStack services. Please refer to the updated deployment
guide to learn about how to configure High Availability support. The
update also includes fixes for several bugs and some security issues.
The following new packages have been added to the product: haproxy,
crowbar-barclamp-pacemaker, openstack-resource-agents, rubygem-bson-1_9,
rubygem-mongo and patterns-cloud.
Crowbar and the following Barclamps have been updated: ceilometer, ceph,
cinder, crowbar, database, deployer, dns, glance, heat, ipmi, keystone,
logging, network, neutron, nfs_client, nova, nova_dashboard, ntp,
provisioner, rabbitmq, suse-manager-client, swift and updater.
The following OpenStack modules have been updated: ceilometer, dashboard,
keystone, neutron, nova and suse.
The following Python modules have been updated: heatclient, neutronclient,
psycopg2 and amqp.
The YaST2 Crowbar module was also updated to enable the new High
Availability feature.
Finally, the update ships with the latest revision of the SUSE Cloud
Guide, now including information about how to make SUSE Cloud highly
available.
References to non-security issues fixed by this update:
* crowbar-barclamp-ceph: Recipe fails if libvirt is available but not
started. (bnc#861551)
* crowbar-barclamp-crowbar: Add crowbar_reset* scripts as unsupported
workarounds for bricked proposals. (bnc#840255)
* crowbar-barclamp-neutron: Make sure that the VLAN range is valid.
(bnc#870898)
* crowbar-barclamp-nova: Use neutron dhcp_domain in nova.conf.
(bnc#865733)
* crowbar-barclamp-nova: Recipe fails if libvirt is available but not
started. (bnc#861551)
* mongodb: Tell logrotate about log file ownership. (bnc#863719)
* mongodb: Avoid hitting virtual memory limits with mmaps. (bnc#876326)
* openstack-neutron: Fixes an issue where Neutron wouldn't reconnect
to DB after fail-over. (bnc#872361)
* openstack-nova: Fixes an issue where Nova wouldn't reconnect to DB
after fail-over. (bnc#872361)
* openstack-suse: Remove case of magic sed'ing that breaks OpenStack.
(bnc#871199)
* openstack-suse: Drop eventlet_backdoor.py and it's sole usage in
oslo-incubator code. (bnc#847189)
* python-amqp: Set TIMEOUT and KEEPALIVE values for TCP sockets in the
amqp library. (bnc#872700)
* yast2-crowbar: Added HA repositories. (bnc#870175)
References to security issues fixed by this update:
* openstack-dashboard: Introduces escaping in Horizon/Orchestration.
(bnc#871855, CVE-2014-0157)
* openstack-keystone: Sanitizes authentication methods received in
requests. (bnc#873127, CVE-2014-2828)
* openstack-neutron: Prevent cross plugging router ports from other
tenants (bnc#869570, CVE-2014-0056)
* openstack-nova: Add RBAC policy for ec2 API security groups calls.
(bnc#872116, CVE-2014-0167)
* openstack-nova: Persist image format to a file, to prevent attacks
based on changing it. (bnc#869078, CVE-2014-0134)
For a comprehensive list of changes and bugs fixed by this update, please
refer to the packages' change log.
Security Issues:
* CVE-2014-0157
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0157>
* CVE-2014-2828
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828>
* CVE-2014-0056
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0056>
* CVE-2014-0167
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0167>
* CVE-2014-0134
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0134>
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Cloud 3:
zypper in -t patch sleclo30sp3-cloud3-ha-201405-9200
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Cloud 3 (x86_64) [New Version: 0.2.6,2.3.4,2.5.2,2013.2.3.dev1.g54ec015,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:
haproxy-1.4.24-0.9.2
mongodb-2.4.3-0.13.1
openstack-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-agent-central-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-agent-compute-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-alarm-evaluator-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-alarm-notifier-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-api-2013.2.4.dev3.gd7b0634-0.9.1
openstack-ceilometer-collector-2013.2.4.dev3.gd7b0634-0.9.1
openstack-dashboard-2013.2.3.dev1.g54ec015-0.7.3
openstack-keystone-2013.2.4.dev2.ge7c2987-0.7.3
openstack-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-dhcp-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-ha-tool-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-l3-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-lbaas-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-linuxbridge-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-metadata-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-metering-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-mlnx-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-nec-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-openvswitch-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-plugin-cisco-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-ryu-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-server-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-vmware-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-neutron-vpn-agent-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-nova-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-api-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-cells-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-cert-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-compute-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-conductor-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-console-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-consoleauth-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-novncproxy-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-objectstore-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-scheduler-2013.2.4.dev10.g155262c-0.7.3
openstack-nova-vncproxy-2013.2.4.dev10.g155262c-0.7.3
patterns-cloud-20140224-0.21.2
python-amqp-1.2.0-0.9.1
python-ceilometer-2013.2.4.dev3.gd7b0634-0.9.1
python-heatclient-0.2.6-0.7.2
python-heatclient-doc-0.2.6-0.7.2
python-horizon-2013.2.3.dev1.g54ec015-0.7.3
python-keystone-2013.2.4.dev2.ge7c2987-0.7.3
python-neutron-2013.2.3.dev38.g1b9ceaf-0.7.3
python-neutronclient-2.3.4-0.7.3
python-nova-2013.2.4.dev10.g155262c-0.7.3
python-psycopg2-2.5.2-0.7.2
rubygem-bson-1_9-1.9.2-0.7.2
rubygem-mongo-1.9.2-0.7.2
- SUSE Cloud 3 (noarch) [New Version: 2.17.35,2013.2.3.dev38.g1b9ceaf,2013.2.4.dev10.g155262c,2013.2.4.dev2.ge7c2987 and 2013.2.4.dev3.gd7b0634]:
crowbar-1.7+git.1393415366.c7d7ed2-0.9.1
crowbar-barclamp-ceilometer-1.7+git.1397725532.6562e99-0.11.1
crowbar-barclamp-ceph-1.7+git.1394531703.94bc662-0.7.4
crowbar-barclamp-cinder-1.7+git.1397563537.c0e3c1f-0.7.4
crowbar-barclamp-crowbar-1.7+git.1397546986.0138729-0.7.5
crowbar-barclamp-database-1.7+git.1398437917.4d9d949-0.7.4
crowbar-barclamp-deployer-1.7+git.1395841488.9bd9b18-0.7.4
crowbar-barclamp-dns-1.7+git.1395139533.d8065e0-0.7.4
crowbar-barclamp-glance-1.7+git.1397563542.7f7adbd-0.7.4
crowbar-barclamp-heat-1.7+git.1397563528.5365573-0.7.4
crowbar-barclamp-ipmi-1.7+git.1394447661.823417e-0.7.4
crowbar-barclamp-keystone-1.7+git.1397563548.5e1f6f4-0.7.4
crowbar-barclamp-logging-1.7+git.1394447795.1352678-0.7.4
crowbar-barclamp-network-1.7+git.1397462393.b75b4a2-0.7.4
crowbar-barclamp-neutron-1.7+git.1399280715.7a6d30c-0.7.1
crowbar-barclamp-nfs_client-1.7+git.1394448673.eec60d0-0.7.4
crowbar-barclamp-nova-1.7+git.1397563532.b0a2cf3-0.7.4
crowbar-barclamp-nova_dashboard-1.7+git.1397195786.72f875c-0.7.4
crowbar-barclamp-ntp-1.7+git.1394526594.bd0925a-0.7.4
crowbar-barclamp-pacemaker-1.7+git.1399292086.c9d262e-0.7.1
crowbar-barclamp-provisioner-1.7+git.1398437839.2078a3c-0.7.1
crowbar-barclamp-rabbitmq-1.7+git.1398437927.2b9a534-0.7.4
crowbar-barclamp-suse-manager-client-1.7+git.1394449068.c91f840-0.7.4
crowbar-barclamp-swift-1.7+git.1398348658.e9aadc4-0.7.4
crowbar-barclamp-updater-1.7+git.1394449074.c15a84e-0.7.4
openstack-ceilometer-doc-2013.2.4.dev3.gd7b0634-0.9.1
openstack-keystone-doc-2013.2.4.dev2.ge7c2987-0.7.3
openstack-neutron-doc-2013.2.3.dev38.g1b9ceaf-0.7.3
openstack-nova-doc-2013.2.4.dev10.g155262c-0.7.3
openstack-resource-agents-1.0+git.1392632006.9b9b934-0.7.2
openstack-suse-sudo-2013.2-0.11.2
susecloud-admin_en-pdf-3.0-0.34.1
susecloud-deployment_en-pdf-3.0-0.34.1
susecloud-manuals_en-3.0-0.34.1
susecloud-user_en-pdf-3.0-0.34.1
yast2-crowbar-2.17.35-0.7.2
References:
http://support.novell.com/security/cve/CVE-2014-0056.html
http://support.novell.com/security/cve/CVE-2014-0134.html
http://support.novell.com/security/cve/CVE-2014-0157.html
http://support.novell.com/security/cve/CVE-2014-0167.html
http://support.novell.com/security/cve/CVE-2014-2828.html
https://bugzilla.novell.com/840255
https://bugzilla.novell.com/847189
https://bugzilla.novell.com/861551
https://bugzilla.novell.com/863719
https://bugzilla.novell.com/865733
https://bugzilla.novell.com/869078
https://bugzilla.novell.com/869570
https://bugzilla.novell.com/870175
https://bugzilla.novell.com/870898
https://bugzilla.novell.com/871199
https://bugzilla.novell.com/871855
https://bugzilla.novell.com/872116
https://bugzilla.novell.com/872361
https://bugzilla.novell.com/872700
https://bugzilla.novell.com/872915
https://bugzilla.novell.com/873127
https://bugzilla.novell.com/874171
https://bugzilla.novell.com/874611
https://bugzilla.novell.com/874755
https://bugzilla.novell.com/876326
http://download.suse.com/patch/finder/?keywords=6b6c2ab2019cacb05895c4274ff8b7b3
More information about the sle-updates
mailing list