SUSE alert SUSE-SU-2019:3068-1 (ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud)
| From: | sle-security-updates@lists.suse.com | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2019:3068-1: moderate: Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud | |
| Date: | Tue, 26 Nov 2019 18:11:23 +0100 (CET) | |
| Message-ID: | <20191126171123.23704F79E@maintenance.suse.de> |
SUSE Security Update: Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3068-1 Rating: moderate References: #1153304 #1155942 #1156525 Cross-References: CVE-2019-17134 CVE-2019-18874 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud fixes the following issues: Security fix for openstack-octavia: - CVE-2019-17134: Fixed an issue where Octavia Amphora-Agent not requiring Client-Certificate (bsc#1153304). Security fix for python-psutil: - CVE-2019-18874: Fixed a double-free vulnerability occured during converting system data into a Python object (bsc#1155089). - Update to version 9.0+git.1572311426.a6dc2fd: * Align Crowbar and Ardana MariaDB configs (SOC-10094) - Update to version 9.0+git.1573069087.15ffd1c: * enable debug and insecure_debug on demand (SOC-10934) - Update to version 9.0+git.1572019823.6650494: * Correctly setup ardana_notify_... fact (SOC-10902) - Update to version 9.0+git.1572618171.4460843: * Update gerrit FQDN in .gitreview (SOC-9140) - Update to version 6.0+git.1573825081.b1caf60f1: * Update the testsuite for new upgrade method (SOC-10761) * upgrade: cold start nova before live migration (SOC-10761) - Update to version 6.0+git.1573131992.3c660b413: * [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942) - Update to version 6.0+git.1573051151.3495e0e94: * Allow enabling bpdu-forwarding on OVS bridges (SOC-9172) - Update to version 6.0+git.1573754820.dd036ef77: * neutron: use octavia-api admin VIP URI for lbaasv2 (SOC-10906) * octavia: handle certificate ownership in barclamp (SOC-10906) * octavia: add SSL support to octavia-api (SOC-10906) - Update to version 6.0+git.1573174019.9965ae9b8: * designate: change default configuration (SOC-10899) - Update to version 6.0+git.1572855359.8efafea01: * Make sure the input file with ssh key exists (SOC-10133) - Update to version 6.0+git.1572636244.e12406629: * Change order of Octavia to 102 (SOC-10289) - Update to version 6.0+git.1572470261.49c0affe1: * designate: move keystone resource lookup to convergence (SOC-10887) - Update to version 1.3.0+git.1572871359.50fc6087: * Add title for XEN compute nodes precheck (SOC-10495) - Update to version barbican-7.0.1.dev21: * Fix duplicate paths in secret hrefs * Fix the bug of pep8 and building api-guide * OpenDev Migration Patch - Update to version barbican-7.0.1.dev21: * Fix duplicate paths in secret hrefs * Fix the bug of pep8 and building api-guide * OpenDev Migration Patch - remove 0001-Fix-duplicate-paths-in-secret-hrefs.patch as it had landed upstream - Replace openstack.org git:// URLs with https:// - Update to version keystone-14.1.1.dev28: * Allows to use application credentials through group membership - Update to version keystone-14.1.1.dev28: * Allows to use application credentials through group membership - Update to version neutron-13.0.6.dev8: * Retry creating iptables managers and adding metering rules - Update to version neutron-13.0.6.dev6: * Increase timeout when waiting for dnsmasq enablement - Update to version neutron-13.0.6.dev4: * Log OVS firewall conjunction creation - Update to version neutron-13.0.6.dev8: * Retry creating iptables managers and adding metering rules - Update to version neutron-13.0.6.dev6: * Increase timeout when waiting for dnsmasq enablement - Update to version neutron-13.0.6.dev4: * Log OVS firewall conjunction creation - Update to version group-based-policy-5.0.1.dev476: * Provide a control knob to use the internal EP interface * Send port notifications when host\_route is getting updated - Update to version group-based-policy-5.0.1.dev473: * Fix pep8 failures seen on submitted patches - Update to version neutron-lbaas-13.0.1.dev16: * "lbaas delete l7 rule" Parameter Passing Error - Update to version neutron-lbaas-13.0.1.dev16: * "lbaas delete l7 rule" Parameter Passing Error - Update to version nova-18.2.4.dev22: * Revert "openstack server create" to "nova boot" in nova docs * doc: fix and clarify --block-device usage in user docs - Update to version nova-18.2.4.dev20: * Avoid error 500 on shelve task\_state race - Update to version nova-18.2.4.dev19: * libvirt: Ignore volume exceptions during post\_live\_migration - Update to version nova-18.2.4.dev22: * Revert "openstack server create" to "nova boot" in nova docs * doc: fix and clarify --block-device usage in user docs - Update to version nova-18.2.4.dev20: * Avoid error 500 on shelve task\_state race - Update to version nova-18.2.4.dev19: * libvirt: Ignore volume exceptions during post\_live\_migration - Update to version octavia-3.2.1.dev3: * Improve the error message for bad pkcs12 bundles - Update to version octavia-3.2.1.dev2: * ipvsadm '--exact' arg to ensure outputs are ints - Update to version sahara-9.0.2.dev14: * Fixing image creation * Check MariaDB installation - Update to version sahara-9.0.2.dev14: * Fixing image creation * Check MariaDB installation - Update to version 9.20191025: * support OpenID Connect (SOC-10510) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-3068=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-3068=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1573825081.b1caf60f1-3.16.1 crowbar-core-branding-upstream-6.0+git.1573825081.b1caf60f1-3.16.1 python-psutil-5.4.6-3.3.1 python-psutil-debuginfo-5.4.6-3.3.1 python-psutil-debugsource-5.4.6-3.3.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-openstack-6.0+git.1573754820.dd036ef77-3.16.1 crowbar-ui-1.3.0+git.1572871359.50fc6087-14.1 openstack-barbican-7.0.1~dev21-3.3.1 openstack-barbican-api-7.0.1~dev21-3.3.1 openstack-barbican-keystone-listener-7.0.1~dev21-3.3.1 openstack-barbican-retry-7.0.1~dev21-3.3.1 openstack-barbican-worker-7.0.1~dev21-3.3.1 openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3.1 openstack-keystone-14.1.1~dev28-3.16.1 openstack-neutron-13.0.6~dev8-3.16.2 openstack-neutron-dhcp-agent-13.0.6~dev8-3.16.2 openstack-neutron-gbp-5.0.1~dev476-3.13.1 openstack-neutron-ha-tool-13.0.6~dev8-3.16.2 openstack-neutron-l3-agent-13.0.6~dev8-3.16.2 openstack-neutron-lbaas-13.0.1~dev16-3.13.1 openstack-neutron-lbaas-agent-13.0.1~dev16-3.13.1 openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16.2 openstack-neutron-macvtap-agent-13.0.6~dev8-3.16.2 openstack-neutron-metadata-agent-13.0.6~dev8-3.16.2 openstack-neutron-metering-agent-13.0.6~dev8-3.16.2 openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16.2 openstack-neutron-server-13.0.6~dev8-3.16.2 openstack-nova-18.2.4~dev22-3.16.2 openstack-nova-api-18.2.4~dev22-3.16.2 openstack-nova-cells-18.2.4~dev22-3.16.2 openstack-nova-compute-18.2.4~dev22-3.16.2 openstack-nova-conductor-18.2.4~dev22-3.16.2 openstack-nova-console-18.2.4~dev22-3.16.2 openstack-nova-novncproxy-18.2.4~dev22-3.16.2 openstack-nova-placement-api-18.2.4~dev22-3.16.2 openstack-nova-scheduler-18.2.4~dev22-3.16.2 openstack-nova-serialproxy-18.2.4~dev22-3.16.2 openstack-nova-vncproxy-18.2.4~dev22-3.16.2 openstack-octavia-3.2.1~dev3-3.16.1 openstack-octavia-amphora-agent-3.2.1~dev3-3.16.1 openstack-octavia-api-3.2.1~dev3-3.16.1 openstack-octavia-health-manager-3.2.1~dev3-3.16.1 openstack-octavia-housekeeping-3.2.1~dev3-3.16.1 openstack-octavia-worker-3.2.1~dev3-3.16.1 openstack-sahara-9.0.2~dev14-3.6.1 openstack-sahara-api-9.0.2~dev14-3.6.1 openstack-sahara-engine-9.0.2~dev14-3.6.1 python-barbican-7.0.1~dev21-3.3.1 python-keystone-14.1.1~dev28-3.16.1 python-neutron-13.0.6~dev8-3.16.2 python-neutron-gbp-5.0.1~dev476-3.13.1 python-neutron-lbaas-13.0.1~dev16-3.13.1 python-nova-18.2.4~dev22-3.16.2 python-octavia-3.2.1~dev3-3.16.1 python-sahara-9.0.2~dev14-3.6.1 release-notes-suse-openstack-cloud-9.20191025-3.15.1 - SUSE OpenStack Cloud 9 (x86_64): python-psutil-5.4.6-3.3.1 python-psutil-debuginfo-5.4.6-3.3.1 python-psutil-debugsource-5.4.6-3.3.1 - SUSE OpenStack Cloud 9 (noarch): ardana-db-9.0+git.1572311426.a6dc2fd-3.13.1 ardana-keystone-9.0+git.1573069087.15ffd1c-3.13.1 ardana-neutron-9.0+git.1572019823.6650494-3.16.1 ardana-nova-9.0+git.1572618171.4460843-3.13.1 openstack-barbican-7.0.1~dev21-3.3.1 openstack-barbican-api-7.0.1~dev21-3.3.1 openstack-barbican-keystone-listener-7.0.1~dev21-3.3.1 openstack-barbican-retry-7.0.1~dev21-3.3.1 openstack-barbican-worker-7.0.1~dev21-3.3.1 openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3.1 openstack-keystone-14.1.1~dev28-3.16.1 openstack-neutron-13.0.6~dev8-3.16.2 openstack-neutron-dhcp-agent-13.0.6~dev8-3.16.2 openstack-neutron-gbp-5.0.1~dev476-3.13.1 openstack-neutron-ha-tool-13.0.6~dev8-3.16.2 openstack-neutron-l3-agent-13.0.6~dev8-3.16.2 openstack-neutron-lbaas-13.0.1~dev16-3.13.1 openstack-neutron-lbaas-agent-13.0.1~dev16-3.13.1 openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16.2 openstack-neutron-macvtap-agent-13.0.6~dev8-3.16.2 openstack-neutron-metadata-agent-13.0.6~dev8-3.16.2 openstack-neutron-metering-agent-13.0.6~dev8-3.16.2 openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16.2 openstack-neutron-server-13.0.6~dev8-3.16.2 openstack-nova-18.2.4~dev22-3.16.2 openstack-nova-api-18.2.4~dev22-3.16.2 openstack-nova-cells-18.2.4~dev22-3.16.2 openstack-nova-compute-18.2.4~dev22-3.16.2 openstack-nova-conductor-18.2.4~dev22-3.16.2 openstack-nova-console-18.2.4~dev22-3.16.2 openstack-nova-novncproxy-18.2.4~dev22-3.16.2 openstack-nova-placement-api-18.2.4~dev22-3.16.2 openstack-nova-scheduler-18.2.4~dev22-3.16.2 openstack-nova-serialproxy-18.2.4~dev22-3.16.2 openstack-nova-vncproxy-18.2.4~dev22-3.16.2 openstack-octavia-3.2.1~dev3-3.16.1 openstack-octavia-amphora-agent-3.2.1~dev3-3.16.1 openstack-octavia-api-3.2.1~dev3-3.16.1 openstack-octavia-health-manager-3.2.1~dev3-3.16.1 openstack-octavia-housekeeping-3.2.1~dev3-3.16.1 openstack-octavia-worker-3.2.1~dev3-3.16.1 openstack-sahara-9.0.2~dev14-3.6.1 openstack-sahara-api-9.0.2~dev14-3.6.1 openstack-sahara-engine-9.0.2~dev14-3.6.1 python-barbican-7.0.1~dev21-3.3.1 python-keystone-14.1.1~dev28-3.16.1 python-neutron-13.0.6~dev8-3.16.2 python-neutron-gbp-5.0.1~dev476-3.13.1 python-neutron-lbaas-13.0.1~dev16-3.13.1 python-nova-18.2.4~dev22-3.16.2 python-octavia-3.2.1~dev3-3.16.1 python-sahara-9.0.2~dev14-3.6.1 release-notes-suse-openstack-cloud-9.20191025-3.15.1 venv-openstack-barbican-x86_64-7.0.1~dev21-3.13.1 venv-openstack-cinder-x86_64-13.0.8~dev8-3.13.1 venv-openstack-designate-x86_64-7.0.1~dev22-3.13.1 venv-openstack-heat-x86_64-11.0.3~dev23-3.13.1 venv-openstack-keystone-x86_64-14.1.1~dev28-3.13.1 venv-openstack-magnum-x86_64-7.1.1~dev28-4.13.1 venv-openstack-manila-x86_64-7.3.1~dev15-3.13.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.13.1 venv-openstack-neutron-x86_64-13.0.6~dev8-6.13.1 venv-openstack-nova-x86_64-18.2.4~dev22-3.13.1 venv-openstack-octavia-x86_64-3.2.1~dev3-4.13.1 venv-openstack-sahara-x86_64-9.0.2~dev14-3.13.1 References: https://www.suse.com/security/cve/CVE-2019-17134.html https://www.suse.com/security/cve/CVE-2019-18874.html https://bugzilla.suse.com/1153304 https://bugzilla.suse.com/1155942 https://bugzilla.suse.com/1156525 _______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates