Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in OpenStack
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenStack
ID: SUSE-SU-2020:0081-1
Distribution: SUSE
Plattformen: SUSE OpenStack Cloud 7
Datum: Mo, 13. Januar 2020, 15:57
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3448
Applikationen: OpenStack

Originalnachricht


SUSE Security Update: Security update for crowbar-core, crowbar-openstack,
openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:0081-1
Rating: moderate
References: #1157028 #1157482 #1158675 #917802
Cross-References: CVE-2015-3448 CVE-2019-13117 CVE-2019-16770

Affected Products:
SUSE OpenStack Cloud 7
______________________________________________________________________________

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for crowbar-core, crowbar-openstack,
openstack-horizon-plugin-monasca-ui, openstack-monasca-api,
openstack-monasca-log-api, openstack-neutron, rubygem-puma,
rubygem-rest-client contains the following fixes:

Security issue fixed for rubygem-puma:

- CVE-2019-16770: Fixed a potential denial of service in Puma's reactor
(bsc#1158675, jsc#SOC-10999)

Security issue fixed for rubygem-rest-client:

- CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802)

Updates for crowbar-core:
- Update to version 4.0+git.1574788924.e4a6aeb0c:
* Allow pacemaker remotes for upgrade (SOC-10133)

- Update to version 4.0+git.1574713660.972029d1a:
* Ignore CVE-2019-13117 in CI builds (bsc#1157028)

Updates for crowbar-openstack:
- Update to version 4.0+git.1574869671.9c7bade2d:
* tempest: configure Kibana version (SOC-10131)

- Update to version 4.0+git.1574764112.c260c70e5:
* horizon: install lbaas horizon dashboard (SOC-10883)

Updates for openstack-horizon-plugin-monasca-ui:
- Refresh allow-raw-grafana-links.patch
- update to version 1.5.5~dev3
* Replace openstack.org git:// URLs with https://
* Fix the partial missing metrics in Create Alarm Definition flow
* import zuul job settings from project-config
* Fix incorrect splitting of dimension in ProxyView
* Fix Alarm status Panel on Overview page
* Change IntegerField to ChoiceField for notification period
* Imported Translations from Zanata
* Display unique metric names for alarm
* Fix Alarm Details section in Alarm History view
* Fix validators for creating and editing notifications
* Center the text for the button Deterministic
* Adding title to Filter Alarms pop-up
* Fix misleading validation error
* Fix nit found in monasca-ui
* Fix Breadcrumbs
* Fix description for name field
* Fixing 'Create Alarm Definition' for IE11
* Imported Translations from Zanata

Updates to openstack-monasca-api:
- added fix-metric-name-offset.patch (SOC-10131)
- removed 0001-Fix-InfluxDB-repository-list_dimension_values-to-sup.patch
(merged upstream)
- update to version 1.7.1~dev18
* Replace openstack.org git:// URLs with https://
* import zuul job settings from project-config
* Upgrade Apache Storm to 1.0.6
* Zuul: Remove project name

Updates to openstack-monasca-log-api:
- added fix-tempest-region.patch (SOC-10131)
- update to version 1.4.3~dev3
* Replace openstack.org git:// URLs with https://
* import zuul job settings from project-config
* Avoid tox\_install.sh for constraints support

Updates to openstack-neutron:
- neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of
https://review.opendev.org/#/c/695867/


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2020-81=1



Package List:

- SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):

crowbar-core-4.0+git.1574788924.e4a6aeb0c-9.60.2
crowbar-core-branding-upstream-4.0+git.1574788924.e4a6aeb0c-9.60.2
ruby2.1-rubygem-puma-2.16.0-4.3.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1
rubygem-puma-debugsource-2.16.0-4.3.1

- SUSE OpenStack Cloud 7 (noarch):

crowbar-openstack-4.0+git.1574869671.9c7bade2d-9.65.1
grafana-monasca-ui-drilldown-1.5.5~dev3-8.1
openstack-horizon-plugin-monasca-ui-1.5.5~dev3-8.1
openstack-monasca-api-1.7.1~dev18-12.1
openstack-monasca-log-api-1.4.3~dev3-5.1
openstack-neutron-9.4.2~dev21-7.38.1
openstack-neutron-dhcp-agent-9.4.2~dev21-7.38.1
openstack-neutron-doc-9.4.2~dev21-7.38.1
openstack-neutron-ha-tool-9.4.2~dev21-7.38.1
openstack-neutron-l3-agent-9.4.2~dev21-7.38.1
openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.38.1
openstack-neutron-macvtap-agent-9.4.2~dev21-7.38.1
openstack-neutron-metadata-agent-9.4.2~dev21-7.38.1
openstack-neutron-metering-agent-9.4.2~dev21-7.38.1
openstack-neutron-openvswitch-agent-9.4.2~dev21-7.38.1
openstack-neutron-server-9.4.2~dev21-7.38.1
python-horizon-plugin-monasca-ui-1.5.5~dev3-8.1
python-monasca-api-1.7.1~dev18-12.1
python-monasca-log-api-1.4.3~dev3-5.1
python-neutron-9.4.2~dev21-7.38.1


References:

https://www.suse.com/security/cve/CVE-2015-3448.html
https://www.suse.com/security/cve/CVE-2019-13117.html
https://www.suse.com/security/cve/CVE-2019-16770.html
https://bugzilla.suse.com/1157028
https://bugzilla.suse.com/1157482
https://bugzilla.suse.com/1158675
https://bugzilla.suse.com/917802

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung