SUSE-SU-2018:3563-1: important: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Oct 30 05:14:10 MDT 2018 

   SUSE Security Update: Security update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3563-1
Rating:             important
References:         #1094851 #1094971 #1102662 #1102920 
Cross-References:   CVE-2018-1288
Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves one vulnerability and has three fixes
   is now available.

Description:

   This update for ardana-monasca, ardana-spark, kafka, kafka-kit,
   openstack-monasca-api fixes the following issues:

   This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes
   these issues:

   - Requests Apache to reload on change (bsc#1102662)
   - Avoids managing non-Monasca users (bsc#1102662)
   - Line up perms on storm.conf to match rpm (bsc#1094971)

   This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes
   this issue:

   - Only set log dir perms on legacy install (bsc#1094851)

   This update for kafka to version 0.10.2.2 fixes this security issue:

   - CVE-2018-1288: Authenticated Kafka users may have performed action
     reserved for the Broker via a manually created fetch request interfering
     with data replication, resulting in data loss (bsc#1102920).

   This update for kafka to version 0.10.2.2 fixes these non-security issues:

   - set internal.leave.group.on.close to false in KafkaStreams
   - Improve message for Kafka failed startup with non-Kafka data in data.dirs
   - add max_number _of_retries to exponential backoff strategy
   - Mute logger for reflections.org at the warn level in system tests
   - Kafka connect: error with special characters in connector name
   - streams task gets stuck after re-balance due to LockException
   - CachingSessionStore doesn't use the default keySerde.
   - RocksDBSessionStore doesn't use default aggSerde.
   - Recommended values for Connect transformations contain the wrong class
     name
   - Kafka broker fails to start if a topic containing dot in its name is
     marked for delete but hasn't been deleted during previous uptime
   - GlobalKTable does not checkpoint offsets after restoring state
   - Log cleaning can increase message size and cause cleaner to crash with
     buffer overflow
   - Some socket connections not closed after restart of Kafka Streams
   - Distributed Herder Deadlocks on Shutdown
   - Log cleaner fails due to large offset in segment file
   - StreamsKafkaClient should not use StreamsConfig.POLL_MS_CONFIG
   - Refactor kafkatest docker support
   - ducktape kafka service: do not assume Service contains num_nodes
   - Using _DUCKTAPE_OPTIONS has no effect on executing tests
   - Connect WorkerSinkTask out of order offset commit can lead to
     inconsistent state
   - RocksDB segments not removed when store is closed causes
     re-initialization to fail
   - FetchMetadata creates unneeded Strings on instantiation
   - SourceTask#stop() not called after exception raised in poll()
   - Sink connectors that explicitly 'resume' topic partitions can resume a
     paused task
   - GlobalStateManagerImpl should not write offsets of in-memory stores in
     checkpoint file
   - Source KTable checkpoint is not correct
   - ConnectSchema#equals() broken for array-typed default values

   This update for openstack-monasca-api to version 2.2.1~dev24 fixes these
   issues:

   - devstack: download storm from archive.apache.org
   - Backport tempest test robustness improvements
   - 1724543-fixed kafka partition creation error in devstack installation
   - Fix:No alarms created if metric name in alarm def. expr. is mix case
   - Zuul: Remove project name
   - Run against Pike requirements


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-2523=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2018-2523=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2018-2523=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      openstack-monasca-api-2.2.1~dev24-3.6.1
      python-monasca-api-2.2.1~dev24-3.6.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      kafka-0.10.2.2-5.6.1

   - SUSE OpenStack Cloud 8 (noarch):

      ardana-monasca-8.0+git.1535031421.9262a47-3.12.1
      ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1
      openstack-monasca-api-2.2.1~dev24-3.6.1
      python-monasca-api-2.2.1~dev24-3.6.1

   - SUSE OpenStack Cloud 8 (x86_64):

      kafka-0.10.2.2-5.6.1

   - HPE Helion Openstack 8 (noarch):

      ardana-monasca-8.0+git.1535031421.9262a47-3.12.1
      ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1
      openstack-monasca-api-2.2.1~dev24-3.6.1
      python-monasca-api-2.2.1~dev24-3.6.1

   - HPE Helion Openstack 8 (x86_64):

      kafka-0.10.2.2-5.6.1


References:

   https://www.suse.com/security/cve/CVE-2018-1288.html
   https://bugzilla.suse.com/1094851
   https://bugzilla.suse.com/1094971
   https://bugzilla.suse.com/1102662
   https://bugzilla.suse.com/1102920

More information about the sle-updates mailing list