Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in OpenStack
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in OpenStack
ID: SUSE-SU-2017:1443-1
Distribution: SUSE
Plattformen: SUSE OpenStack Cloud 7
Datum: Di, 30. Mai 2017, 18:44
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400
Applikationen: OpenStack

Originalnachricht

 
   SUSE Security Update: Security update for several openstack-components
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1443-1
Rating:             important
References:         #1024328 #1030406 #1032322 
Cross-References:   CVE-2017-7214 CVE-2017-7400
Affected Products:
                    SUSE OpenStack Cloud 7
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:


   This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat,
   -keystone, -manila, -magnum and
   -novaopenstack-keystone provides the latest code from OpenStack Newton.

   - nova: Add release note that legacy notification exception contexts
     appearing in ERROR level logs may include sensitive information such as
     account passwords and authorization tokens. (bsc#1030406, CVE-2017-7214)
   - nova: Remove PrivTmp from openstack-nova-compute service. (bsc#1024328)
   - dashboard: Remove dangerous safestring declaration. (bsc#1032322,
     CVE-2017-7400)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2017-882=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE OpenStack Cloud 7 (noarch):

      openstack-ceilometer-7.0.4~a0~dev7-3.1
      openstack-ceilometer-agent-central-7.0.4~a0~dev7-3.1
      openstack-ceilometer-agent-compute-7.0.4~a0~dev7-3.1
      openstack-ceilometer-agent-ipmi-7.0.4~a0~dev7-3.1
      openstack-ceilometer-agent-notification-7.0.4~a0~dev7-3.1
      openstack-ceilometer-api-7.0.4~a0~dev7-3.1
      openstack-ceilometer-collector-7.0.4~a0~dev7-3.1
      openstack-ceilometer-doc-7.0.4~a0~dev7-3.2
      openstack-ceilometer-polling-7.0.4~a0~dev7-3.1
      openstack-cinder-9.1.5~a0~dev1-3.1
      openstack-cinder-api-9.1.5~a0~dev1-3.1
      openstack-cinder-backup-9.1.5~a0~dev1-3.1
      openstack-cinder-doc-9.1.5~a0~dev1-3.1
      openstack-cinder-scheduler-9.1.5~a0~dev1-3.1
      openstack-cinder-volume-9.1.5~a0~dev1-3.1
      openstack-dashboard-10.0.4~a0~dev2-3.1
      openstack-glance-13.0.1~a0~dev6-3.1
      openstack-glance-api-13.0.1~a0~dev6-3.1
      openstack-glance-doc-13.0.1~a0~dev6-3.3
      openstack-glance-glare-13.0.1~a0~dev6-3.1
      openstack-glance-registry-13.0.1~a0~dev6-3.1
      openstack-heat-7.0.4~a0~dev4-4.1
      openstack-heat-api-7.0.4~a0~dev4-4.1
      openstack-heat-api-cfn-7.0.4~a0~dev4-4.1
      openstack-heat-api-cloudwatch-7.0.4~a0~dev4-4.1
      openstack-heat-doc-7.0.4~a0~dev4-4.2
      openstack-heat-engine-7.0.4~a0~dev4-4.1
      openstack-heat-plugin-heat_docker-7.0.4~a0~dev4-4.1
      openstack-heat-test-7.0.4~a0~dev4-4.1
      openstack-keystone-10.0.2~a0~dev2-6.1
      openstack-keystone-doc-10.0.2~a0~dev2-6.2
      openstack-magnum-3.1.2~a0~dev22-13.1
      openstack-magnum-api-3.1.2~a0~dev22-13.1
      openstack-magnum-conductor-3.1.2~a0~dev22-13.1
      openstack-magnum-doc-3.1.2~a0~dev22-13.1
      openstack-manila-3.0.1~a0~dev27-3.1
      openstack-manila-api-3.0.1~a0~dev27-3.1
      openstack-manila-data-3.0.1~a0~dev27-3.1
      openstack-manila-doc-3.0.1~a0~dev27-3.1
      openstack-manila-scheduler-3.0.1~a0~dev27-3.1
      openstack-manila-share-3.0.1~a0~dev27-3.1
      openstack-nova-14.0.6~a0~dev16-3.1
      openstack-nova-api-14.0.6~a0~dev16-3.1
      openstack-nova-cells-14.0.6~a0~dev16-3.1
      openstack-nova-cert-14.0.6~a0~dev16-3.1
      openstack-nova-compute-14.0.6~a0~dev16-3.1
      openstack-nova-conductor-14.0.6~a0~dev16-3.1
      openstack-nova-console-14.0.6~a0~dev16-3.1
      openstack-nova-consoleauth-14.0.6~a0~dev16-3.1
      openstack-nova-doc-14.0.6~a0~dev16-3.3
      openstack-nova-novncproxy-14.0.6~a0~dev16-3.1
      openstack-nova-placement-api-14.0.6~a0~dev16-3.1
      openstack-nova-scheduler-14.0.6~a0~dev16-3.1
      openstack-nova-serialproxy-14.0.6~a0~dev16-3.1
      openstack-nova-vncproxy-14.0.6~a0~dev16-3.1
      python-ceilometer-7.0.4~a0~dev7-3.1
      python-cinder-9.1.5~a0~dev1-3.1
      python-glance-13.0.1~a0~dev6-3.1
      python-heat-7.0.4~a0~dev4-4.1
      python-horizon-10.0.4~a0~dev2-3.1
      python-keystone-10.0.2~a0~dev2-6.1
      python-magnum-3.1.2~a0~dev22-13.1
      python-manila-3.0.1~a0~dev27-3.1
      python-nova-14.0.6~a0~dev16-3.1


References:

   https://www.suse.com/security/cve/CVE-2017-7214.html
   https://www.suse.com/security/cve/CVE-2017-7400.html
   https://bugzilla.suse.com/1024328
   https://bugzilla.suse.com/1030406
   https://bugzilla.suse.com/1032322

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung