drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Cloud7
Name: |
Zwei Probleme in Cloud7 |
|
ID: |
SUSE-SU-2019:1450-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE OpenStack Cloud 7, SUSE Enterprise Storage 4 |
|
Datum: |
Fr, 7. Juni 2019, 20:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000872 |
|
Applikationen: |
Cloud7 |
|
Originalnachricht |
SUSE Security Update: Security update for Cloud7 packages ______________________________________________________________________________
Announcement ID: SUSE-SU-2019:1450-1 Rating: moderate References: #1063535 #1074662 #1112767 #1113107 #1118004 #1120767 #1122053 #1122875 #1123709 #1127558 #1127752 #1128954 #1128987 #1130414 #1131053 Cross-References: CVE-2017-1000433 CVE-2018-1000872 Affected Products: SUSE OpenStack Cloud 7 SUSE Enterprise Storage 4 ______________________________________________________________________________
An update that solves two vulnerabilities and has 13 fixes is now available.
Description:
This update provides fixes for the following packages issues:
caasp-openstack-heat-templates:
- Update to version 1.0+git.1553079189.3bf8922: * SCRD-2813 Add support for CPI parameters - Update to version 1.0+git.1547562889.43707e7: * Switch LB protocol from HTTP to HTTPS
crowbar:
- Update to version 4.0+git.1551088848.823bcaa3: * install-chef-suse: filter comments from authorized_keys file
crowbar-core:
- Update to version 4.0+git.1556285635.ab602dd4d: * network: run wicked ifdown for interface cleanup (bsc#1063535) - Update to version 4.0+git.1554931881.d98412e0e: * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update to version 4.0+git.1552239940.5bc9aaac4: * crowbar: Do not rely on Chef::Util::FileEdit to write the file (bsc#1127752) - Update to version 4.0+git.1550493400.9787ea9ad: * upgrade: Delay status switch after upgrade ends - Update to version 4.0+git.1549474445.d9a35cf52: * fix hound warning * Support RAID 0 - Packaged default upgrade timeouts file - Update to version 4.0+git.1549136953.afcde921f: * apache2: enable sslsessioncache - Update to version 4.0+git.1548859099.0edbbfdc2: * upgrade: Add default upgrade timeouts file
crowbar-ha:
- Update to version 4.0+git.1556181005.47c643d: * pacemaker: wait more for founder if SBD is configured (SCRD-8462) * pacemaker: don't check cluster members on founder (SCRD-8462) - Update to version 4.0+git.1554215159.8a42a71: * improve galera HA setup (bsc#1122875)
crowbar-openstack:
- Update to version 4.0+git.1554887450.ff7c30c1c: * neutron: Added option to use L3 HA with Keepalived - Update to version 4.0+git.1554843756.5622551da: * ironic: Fix regression in helper - Update to version 4.0+git.1554814630.ec3c89f25: * ceilometer: Install package which contains cron file (bsc#1130414) - Update to version 4.0+git.1551459192.89433e13b: * rabbit: fix mirroring regex - Update to version 4.0+git.1550582615.f6b433ec7: * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107) - Update to version 4.0+git.1550262335.9667fa580: * mysql: Do not set a custom logfile for mysqld (bsc#1112767) * mysql: create .my.cnf in root home directory for mysql cmdline - Update to version 4.0+git.1549986893.df836d6cc: * mariadb: Remove installing the xtrabackup package * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709)
galera-python-clustercheck:
- readtimeout.patch: Add socket read timeout (bsc#1122053)
openstack-ceilometer:
- Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer This is needed in a clustered environment where multiple ceilometer-collector services are installed on different nodes (and due to that multiple expirer cron jobs installed). That can lead to deadlocks when the cron jobs run in parallel on the different nodes (bsc#1113107)
openstack-heat-gbp:
- switch to newton branch
python-PyKMIP:
- Fix a denial-of-service bug by setting the server socket timeout (bsc#1120767 CVE-2018-1000872)
python-pysaml2:
- Fix for the authentication bypass due to optimizations (CVE-2017-1000433, bsc#1074662)
rubygem-crowbar-client:
- Update to 3.9.0 - Add support for the restricted APIs - Add --raw to "proposal show" and "proposal edit" - Correctly parse error messages that we don't handle natively - Better upgrade repocheck output - Update to 3.7.0 - upgrade: Use cloud_version config for upgrade - ses: Add ses upload subcommand - Add cloud_version config field. - Wrap os-release file parsing for better reuse. - upgrade: Fix repocheck component in error message - upgrade: Better repocheck output - updated to version 3.6.1 * Hide the database step when it is not used (bsc#1118004) * Fix help strings * Describe how to upgrade more nodes with one command
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2019-1450=1
Package List:
- SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3 crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3 ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
- SUSE OpenStack Cloud 7 (noarch):
caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2 crowbar-4.0+git.1551088848.823bcaa3-7.29.2 crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2 crowbar-ha-4.0+git.1556181005.47c643d-4.46.3 crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3 galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2 openstack-ceilometer-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3 openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3 openstack-ceilometer-api-7.1.1~dev4-4.15.3 openstack-ceilometer-collector-7.1.1~dev4-4.15.3 openstack-ceilometer-doc-7.1.1~dev4-4.15.3 openstack-ceilometer-polling-7.1.1~dev4-4.15.3 openstack-heat-gbp-5.1.1~dev1-2.6.3 python-PyKMIP-0.5.0-3.3.3 python-ceilometer-7.1.1~dev4-4.15.3 python-heat-gbp-5.1.1~dev1-2.6.3 python-pysaml2-4.0.2-3.6.3
- SUSE Enterprise Storage 4 (aarch64 x86_64):
crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3 ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
- SUSE Enterprise Storage 4 (noarch):
crowbar-4.0+git.1551088848.823bcaa3-7.29.2
References:
https://www.suse.com/security/cve/CVE-2017-1000433.html https://www.suse.com/security/cve/CVE-2018-1000872.html https://bugzilla.suse.com/1063535 https://bugzilla.suse.com/1074662 https://bugzilla.suse.com/1112767 https://bugzilla.suse.com/1113107 https://bugzilla.suse.com/1118004 https://bugzilla.suse.com/1120767 https://bugzilla.suse.com/1122053 https://bugzilla.suse.com/1122875 https://bugzilla.suse.com/1123709 https://bugzilla.suse.com/1127558 https://bugzilla.suse.com/1127752 https://bugzilla.suse.com/1128954 https://bugzilla.suse.com/1128987 https://bugzilla.suse.com/1130414 https://bugzilla.suse.com/1131053
_______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|