drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ardana-ansible, ardana-monasca, crowbar-openstack, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, p
Name: |
Mehrere Probleme in ardana-ansible, ardana-monasca, crowbar-openstack, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, p |
|
ID: |
SUSE-SU-2021:3729-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9 |
|
Datum: |
Fr, 19. November 2021, 23:29 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22141 |
|
Applikationen: |
ardana-monasca, crowbar-openstack, kibana, openstack-ec2-api, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, python-eventlet, rubygem-puma, rubygem-redcarpet, OpenStack, OpenStack, OpenStack, OpenStack, OpenStack, InfluxDB |
|
Originalnachricht |
SUSE Security Update: Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3729-1 Rating: moderate References: #1180837 #1185836 #1186868 #1189052 #1191681 SOC-11543 Cross-References: CVE-2020-26298 CVE-2021-21419 CVE-2021-22141 CVE-2021-41136 CVSS scores: CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22141 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________
An update that solves four vulnerabilities, contains one feature and has one errata is now available.
Description:
This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes:
Security fixes included in this update:
kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).
python-eventlet: CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836)
rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837)
rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible: * Patch service.py to skip blank lines.
Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543)
Changes in crowbar-openstack: * keystone wakeup: get new session on any error. (bsc#1189052)
Changes in influxdb: - Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on
Canges in kibana: - Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)
Changes in openstack-cinder: * Fix typo in Dell EMC Unity driver documentation. * Drop lower-constraints job. * [stable-only] Cap bandit to v1.6.2 and fix constraints.
Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets. * OpenDev Migration Patch.
Changes in openstack-heat-gbp: * Add support for Wallaby. * Fix upstream gate.
Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation. * Fix zuul config for heat-templates-check. * Remove testr.
Changes in openstack-horizon-plugin-gbp-ui: * Add support for Wallaby. * Fix upstream gate.
Changes in openstack-keystone: * Retry update\_user when sqlalchemy raises StaleDataErrors. * Pin keystone-tempest-plugin for py27 compatibility.
Changes in openstack-neutron-gbp: * Fix update router API. * Fix HA IP DB migration. * Revert "Fix HA IP DB migration". * Fix HA IP DB migration. * Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * Use custom converter for extra attributes. * Validate network before creating or updating router. * Fix Data Migration query for HA IP table. * System security grp:Add system sg in port sg list. * Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * [apic\_aim]: Fix HA IP UTs. * Fixing the exception msg for IPAddressGenerationFailure. * Enhancement regarding router/instance attachment to an external network floating ip and snat subnets. * Setting legacy-group-based-policy-dsvm-aim to non-voting gate. * Add support for Wallaby. * Bug fixes for gbp-validate. * [apic\_aim]: Filter endpoint details. * Bugfix: Policy Enforcement Pref. * Fix unit-tests for tenant-scope validation. * [AIM] Add Policy Enforcement Pref to network extension.
Changes in openstack-nova: * [neutron] Get only ID and name of the SGs from Neutron. * Remove allocations before setting vm\_status to SHELVED\_OFFLOADED. * libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available. * Update pci stat pools based on PCI device changes. * Use subqueryload() instead of joinedload() for (system\_)metadata.
Changes in python-eventlet: Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3729=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3729=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
influxdb-1.3.8-4.6.1 influxdb-debuginfo-1.3.8-4.6.1 kibana-4.6.6-4.12.1 kibana-debuginfo-4.6.6-4.12.1 ruby2.1-rubygem-puma-2.16.0-4.15.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.15.1 ruby2.1-rubygem-redcarpet-3.2.3-4.3.1 ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-4.3.1 rubygem-puma-debugsource-2.16.0-4.15.1 rubygem-redcarpet-debugsource-3.2.3-4.3.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-openstack-6.0+git.1630614261.26948f746-3.37.2 openstack-cinder-13.0.10~dev23-3.31.2 openstack-cinder-api-13.0.10~dev23-3.31.2 openstack-cinder-backup-13.0.10~dev23-3.31.2 openstack-cinder-scheduler-13.0.10~dev23-3.31.2 openstack-cinder-volume-13.0.10~dev23-3.31.2 openstack-ec2-api-7.1.1~dev6-3.3.2 openstack-ec2-api-api-7.1.1~dev6-3.3.2 openstack-ec2-api-metadata-7.1.1~dev6-3.3.2 openstack-ec2-api-s3-7.1.1~dev6-3.3.2 openstack-heat-gbp-12.0.1~dev4-3.6.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1 openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 openstack-keystone-14.2.1~dev7-3.25.2 openstack-neutron-gbp-14.0.1~dev19-3.28.1 openstack-nova-18.3.1~dev91-3.40.1 openstack-nova-api-18.3.1~dev91-3.40.1 openstack-nova-cells-18.3.1~dev91-3.40.1 openstack-nova-compute-18.3.1~dev91-3.40.1 openstack-nova-conductor-18.3.1~dev91-3.40.1 openstack-nova-console-18.3.1~dev91-3.40.1 openstack-nova-novncproxy-18.3.1~dev91-3.40.1 openstack-nova-placement-api-18.3.1~dev91-3.40.1 openstack-nova-scheduler-18.3.1~dev91-3.40.1 openstack-nova-serialproxy-18.3.1~dev91-3.40.1 openstack-nova-vncproxy-18.3.1~dev91-3.40.1 python-cinder-13.0.10~dev23-3.31.2 python-ec2api-7.1.1~dev6-3.3.2 python-eventlet-0.20.0-8.3.1 python-heat-gbp-12.0.1~dev4-3.6.1 python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 python-keystone-14.2.1~dev7-3.25.2 python-neutron-gbp-14.0.1~dev19-3.28.1 python-nova-18.3.1~dev91-3.40.1
- SUSE OpenStack Cloud 9 (x86_64):
influxdb-1.3.8-4.6.1 influxdb-debuginfo-1.3.8-4.6.1 kibana-4.6.6-4.12.1 kibana-debuginfo-4.6.6-4.12.1
- SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1628097238.f6cbb0e-3.29.1 ardana-monasca-9.0+git.1627995376.30bdf85-3.25.1 openstack-cinder-13.0.10~dev23-3.31.2 openstack-cinder-api-13.0.10~dev23-3.31.2 openstack-cinder-backup-13.0.10~dev23-3.31.2 openstack-cinder-scheduler-13.0.10~dev23-3.31.2 openstack-cinder-volume-13.0.10~dev23-3.31.2 openstack-ec2-api-7.1.1~dev6-3.3.2 openstack-ec2-api-api-7.1.1~dev6-3.3.2 openstack-ec2-api-metadata-7.1.1~dev6-3.3.2 openstack-ec2-api-s3-7.1.1~dev6-3.3.2 openstack-heat-gbp-12.0.1~dev4-3.6.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1 openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 openstack-keystone-14.2.1~dev7-3.25.2 openstack-neutron-gbp-14.0.1~dev19-3.28.1 openstack-nova-18.3.1~dev91-3.40.1 openstack-nova-api-18.3.1~dev91-3.40.1 openstack-nova-cells-18.3.1~dev91-3.40.1 openstack-nova-compute-18.3.1~dev91-3.40.1 openstack-nova-conductor-18.3.1~dev91-3.40.1 openstack-nova-console-18.3.1~dev91-3.40.1 openstack-nova-novncproxy-18.3.1~dev91-3.40.1 openstack-nova-placement-api-18.3.1~dev91-3.40.1 openstack-nova-scheduler-18.3.1~dev91-3.40.1 openstack-nova-serialproxy-18.3.1~dev91-3.40.1 openstack-nova-vncproxy-18.3.1~dev91-3.40.1 python-cinder-13.0.10~dev23-3.31.2 python-ec2api-7.1.1~dev6-3.3.2 python-eventlet-0.20.0-8.3.1 python-heat-gbp-12.0.1~dev4-3.6.1 python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 python-keystone-14.2.1~dev7-3.25.2 python-neutron-gbp-14.0.1~dev19-3.28.1 python-nova-18.3.1~dev91-3.40.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.25.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.28.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.25.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.23.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.25.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.29.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.23.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.26.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.25.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.31.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.25.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.23.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.29.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.29.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.25.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.25.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.20.1
References:
https://www.suse.com/security/cve/CVE-2020-26298.html https://www.suse.com/security/cve/CVE-2021-21419.html https://www.suse.com/security/cve/CVE-2021-22141.html https://www.suse.com/security/cve/CVE-2021-41136.html https://bugzilla.suse.com/1180837 https://bugzilla.suse.com/1185836 https://bugzilla.suse.com/1186868 https://bugzilla.suse.com/1189052 https://bugzilla.suse.com/1191681
|
|
|
|