SUSE-SU-2015:2064-1: moderate: Security update for openstack-dashboard

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Nov 20 09:13:13 MST 2015


   SUSE Security Update: Security update for openstack-dashboard
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2064-1
Rating:             moderate
References:         #928891 #931437 #933607 #933722 #935442 #936059 
                    #936368 #945052 #945515 
Cross-References:   CVE-2015-3219 CVE-2015-3988
Affected Products:
                    SUSE OpenStack Cloud 5
______________________________________________________________________________

   An update that solves two vulnerabilities and has 7 fixes
   is now available.

Description:


   This update provides fixes and enhancements for openstack-dashboard,
   crowbar-barclamp-nova_dashboard and python-django_openstack_auth.

   openstack-dashboard:

   - Reset flavors for other than "Boot from Image" source type. (bsc#945515)
   - Add deactivated status for glance image.
   - Fix TemplateSyntaxError at hypervisors view.
   - Fix addition of plugin panel to panel group.
   - Remove admin role name 'admin' hardcode. (bsc#935442)
   - Escape the description param from heat template. (bsc#933722,
     CVE-2015-3219)
   - Enhance policy rules to workflow actions and identity project.
   - Sanitation of metadata passed from Django to avoid persistent XSS.
     (bsc#931437, CVE-2015-3988)
   - Fix Terminate Instance on network topology page.
   - Show ports from shared nets in floating IP assoc.
   - Fix incorrect ca arguments for calling ceilometer client.
   - Fix dynamic select layout when help block is displayed.
   - Pass correct project ID to get tenant_usages. (bsc#928891)

   crowbar-barclamp-nova_dashboard:

   - Allow switching on multidomain support. (bsc#945052)
   - Fix quoting of supported_provider_types. (bsc#936368)
   - Enable the POLICY_FILES setting configuration.
   - Fix attribute being fetched from wrong node. (bsc#936059)

   python-django_openstack_auth:

   - Remove admin role name 'admin' hardcode in User.is_superuser().


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 5:

      zypper in -t patch sleclo50sp3-openstack-crowbar-dashboard-201510-12220=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 5 (x86_64):

      openstack-dashboard-2014.2.4~a0~dev12-13.2
      python-django_openstack_auth-1.1.7-11.3
      python-horizon-2014.2.4~a0~dev12-13.2

   - SUSE OpenStack Cloud 5 (noarch):

      crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3


References:

   https://www.suse.com/security/cve/CVE-2015-3219.html
   https://www.suse.com/security/cve/CVE-2015-3988.html
   https://bugzilla.suse.com/928891
   https://bugzilla.suse.com/931437
   https://bugzilla.suse.com/933607
   https://bugzilla.suse.com/933722
   https://bugzilla.suse.com/935442
   https://bugzilla.suse.com/936059
   https://bugzilla.suse.com/936368
   https://bugzilla.suse.com/945052
   https://bugzilla.suse.com/945515



More information about the sle-updates mailing list