Sicherheit: Mehrere Probleme in ardana-neutron, ardana-swift, cassandra, crowbar-openstack, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-a

Lesezeichen hinzufügen

SUSE Security Update: Security update for ardana-neutron, ardana-swift,
cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1962-1
Rating: moderate
References: #1044849 #1048688 #1115960 #1148383 #1170657
#1171909 #1172409 #1172450 #1174583 #1178243
#1179805 #1181277 #1181278 #1181689 #1181690
#1182317 #1182433 #1183174 #1183803 #1184148
#1185623 #1186608 #1186611 SOC-10357 SOC-11453

Cross-References: CVE-2017-11481 CVE-2017-11499 CVE-2018-18623
CVE-2018-18624 CVE-2018-18625 CVE-2018-19039
CVE-2019-15043 CVE-2019-25025 CVE-2020-10743
CVE-2020-11110 CVE-2020-12052 CVE-2020-13379
CVE-2020-17516 CVE-2020-24303 CVE-2020-29651
CVE-2021-21238 CVE-2021-21239 CVE-2021-23336
CVE-2021-27358 CVE-2021-28658 CVE-2021-31542
CVE-2021-33203 CVE-2021-33571
CVSS scores:
CVE-2017-11481 (NVD) : 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2017-11481 (SUSE): 5.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVE-2017-11499 (NVD) : 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-11499 (SUSE): 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-18623 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-18623 (SUSE): 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-18624 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-18624 (SUSE): 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-18625 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-18625 (SUSE): 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2018-19039 (NVD) : 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2018-19039 (SUSE): 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2019-15043 (NVD) : 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-15043 (SUSE): 7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2019-25025 (NVD) : 5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-25025 (SUSE): 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-10743 (NVD) : 4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2020-10743 (SUSE): 3.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CVE-2020-11110 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-11110 (SUSE): 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-12052 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-12052 (SUSE): 6.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVE-2020-13379 (NVD) : 8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2020-13379 (SUSE): 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-17516 (NVD) : 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-17516 (SUSE): 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-24303 (NVD) : 6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-24303 (SUSE): 5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-29651 (NVD) : 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-29651 (SUSE): 5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-21238 (NVD) : 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21238 (SUSE): 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21239 (NVD) : 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-21239 (SUSE): 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-23336 (NVD) : 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
CVE-2021-23336 (SUSE): 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
CVE-2021-27358 (NVD) : 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27358 (SUSE): 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28658 (NVD) : 5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-28658 (SUSE): 3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-31542 (NVD) : 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-31542 (SUSE): 6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-33571 (SUSE): 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________

An update that fixes 23 vulnerabilities, contains two
features is now available.

Description:

This update for ardana-neutron, ardana-swift, cassandra,
crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic,
openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1,
python-py, python-pysaml2, python-xmlschema,
rubygem-activerecord-session_store, venv-openstack-keystone contains the
following fixes:

Security fixes included in this update:

cassandra:
- CVE-2020-17516: Fixed an issue where encryption between nodes was not
enforced correctly for certain internode_encryption settings
(bsc#1181689)

grafana:
- CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple cross
site scripting vulnerabilities in the dashboard. (bsc#1172450)
- CVE-2021-27358: Fixed a denial of service via remote API call.
(bsc#1183803)
- CVE-2019-15043: Fixed a denial of service by an unauthenticated user in
the snapshot HTTP API (bsc#1148383)
- CVE-2020-13379: Fixed an information leak to unauthenticated users.
(bsc#1172409)
- CVE-2020-12052: Fixed a cross site scripting vulnerability with the
annotation popup (bsc#1170657)
- CVE-2018-19039: Fixed an issue where a privileged user could exfiltrate
files (bsc#1115960)
- CVE-2020-11110: Fixed a stored cross site scripting vulnerability.
(bsc#1174583)
- CVE-2020-24303: Fixed a cross site scripting vulnerability in a query
alias for ElasticSearch datasources (bsc#1178243)

kibana:
- CVE-2017-11499: Fixed a vulnerability in nodejs, related to the
HashTable implementation, which could cause a denial of service.
(bsc#1044849)
- CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL
fields. (bsc#1044849)
- CVE-2020-10743: Fixed a clickjacking issue because X-Frame-Option was
not used by default. (bsc#1171909)

python-Django:
- CVE-2021-23336: Fixed a web cache poisoning via
django.utils.http.limited_parse_qsl(). (bsc#1182433)
- CVE-2021-28658: Fixed a directory traversal via uploaded files.
(bsc#1184148)
- CVE-2021-31542: Fixed a directory traversal via uploaded files with
suitably crafted file names. (bsc#1185623)
- CVE-2021-33203: Fixed potential path-traversal via admindocs'
TemplateDetailView. (bsc#1186608)
- CVE-2021-33571: Tighten validator checks to not allow leading zeros in
IPv4 addresses, which potentially leads to further attacks. (bsc#1186611)

python-py:
- CVE-2020-29651: Fixed a denial of service via regular expressions.
(bsc#1179805)

python-pysaml2:
- CVE-2021-21238: Fixed improper verification of cryptographic signatures
for signed SAML documents. (bsc#1181277)
- CVE-2021-21239: Fixed improper verification of cryptographic signatures
when using CryptoBackendXmlSec1(). (bsc#1181278)

rubygem-activerecord-session_store:
- CVE-2019-25025: Fixed a timing attacks targeting the session id which
could allow an attack to hijack sessions. (bsc#1183174)

Non-security changes included in this update:

Changes in ardana-neutron:
- Update to version 9.0+git.1615223676.777f0b3:
* Allow users to stop monitoring rootwrap daemon (bsc#1182317)

Changes in ardana-swift:
- Update to version 9.0+git.1618235096.90974ed:
* Run swiftlm-scan in the UTC timezone (bsc#1181690)

Changes in cassandra:
- update to 3.11.10 (bsc#1181689, CVE-2020-17516)
* Fix digest computation for queries with fetched but non queried columns
(CASSANDRA-15962)
* Reduce amount of allocations during batch statement execution
(CASSANDRA-16201)
* Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393)
* Fix DecimalDeserializer#toString OOM (CASSANDRA-14925)
* Rate limit validation compactions using
compaction_throughput_mb_per_sec (CASSANDRA-16161)
* SASI's `max_compaction_flush_memory_in_mb` settings over 100GB revert
to default of 1GB (CASSANDRA-16071)
* Prevent unbounded number of pending flushing tasks (CASSANDRA-16261)
* Improve empty hint file handling during startup (CASSANDRA-16162)
* Allow empty string in collections with COPY FROM in cqlsh
(CASSANDRA-16372)
* Fix skipping on pre-3.0 created compact storage sstables due to missing
primary key liveness (CASSANDRA-16226)
* Extend the exclusion of replica filtering protection to other indices
instead of just SASI (CASSANDRA-16311)
* Synchronize transaction logs for JBOD (CASSANDRA-16225)
* Fix the counting of cells per partition (CASSANDRA-16259)
* Fix serial read/non-applying CAS linearizability (CASSANDRA-12126)
* Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294)
* Improved check of num_tokens against the length of initial_token
(CASSANDRA-14477)
* Fix a race condition on ColumnFamilyStore and TableMetrics
(CASSANDRA-16228)
* Remove the SEPExecutor blocking behavior (CASSANDRA-16186)
* Fix invalid cell value skipping when reading from disk (CASSANDRA-16223)
* Prevent invoking enable/disable gossip when not in NORMAL
(CASSANDRA-16146)
* Wait for schema agreement when bootstrapping (CASSANDRA-15158)
* Fix the histogram merge of the table metrics (CASSANDRA-16259)
* Synchronize Keyspace instance store/clear (CASSANDRA-16210)
* Fix ColumnFilter to avoid querying cells of unselected complex columns
(CASSANDRA-15977)
* Fix memory leak in CompressedChunkReader (CASSANDRA-15880)
* Don't attempt value skipping with mixed version cluster
(CASSANDRA-15833)
* Avoid failing compactions with very large partitions (CASSANDRA-15164)
* Make sure LCS handles duplicate sstable added/removed notifications
correctly (CASSANDRA-14103)
* Fix OOM when terminating repair session (CASSANDRA-15902)
* Avoid marking shutting down nodes as up after receiving gossip shutdown
message (CASSANDRA-16094)
* Check SSTables for latest version before dropping compact storage
(CASSANDRA-16063)
* Handle unexpected columns due to schema races (CASSANDRA-15899)
* Add flag to ignore unreplicated keyspaces during repair
(CASSANDRA-15160)
* Package tools/bin scripts as executable (CASSANDRA-16151)
* Fixed a NullPointerException when calling nodetool enablethrift
(CASSANDRA-16127)
* Correctly interpret SASI's `max_compaction_flush_memory_in_mb`
setting
in megabytes not bytes (CASSANDRA-16071)
* Fix short read protection for GROUP BY queries (CASSANDRA-15459)
* Frozen RawTuple is not annotated with frozen in the toString method
(CASSANDRA-15857) Merged from 3.0:
* Use IF NOT EXISTS for index and UDT create statements in snapshot
schema files (CASSANDRA-13935)
* Fix gossip shutdown order (CASSANDRA-15816)
* Remove broken 'defrag-on-read' optimization (CASSANDRA-15432)
* Check for endpoint collision with hibernating nodes (CASSANDRA-14599)
* Operational improvements and hardening for replica filtering protection
(CASSANDRA-15907)
* stop_paranoid disk failure policy is ignored on CorruptSSTableException
after node is up (CASSANDRA-15191)
* Forbid altering UDTs used in partition keys (CASSANDRA-15933)
* Fix empty/null json string representation (CASSANDRA-15896)
* 3.x fails to start if commit log has range tombstones from a column
which is also deleted (CASSANDRA-15970)
* Handle difference in timestamp precision between java8 and java11 in
LogFIle.java (CASSANDRA-16050) Merged from 2.2:
* Fix CQL parsing of collections when the column type is reversed
(CASSANDRA-15814)
* Only allow strings to be passed to JMX authentication (CASSANDRA-16077)
* Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905)
* Upgrade Jackson to 2.9.10 (CASSANDRA-15867)
* Fix CQL formatting of read command restrictions for slow query log
(CASSANDRA-15503)
* Allow sstableloader to use SSL on the native port (CASSANDRA-14904)
* Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948)
* Avoid hinted handoff per-host throttle being arounded to 0 in large
cluster (CASSANDRA-15859)
* Avoid emitting empty range tombstones from RangeTombstoneList
(CASSANDRA-15924)
* Avoid thread starvation, and improve compare-and-swap performance, in
the slab allocators (CASSANDRA-15922)
* Add token to tombstone warning and error messages (CASSANDRA-15890)
* Fixed range read concurrency factor computation and capped as 10 times
tpc cores (CASSANDRA-15752)
* Catch exception on bootstrap resume and init native transport
(CASSANDRA-15863)
* Fix replica-side filtering returning stale data with CL > ONE
(CASSANDRA-8272, CASSANDRA-8273)
* Fix duplicated row on 2.x upgrades when multi-rows range tombstones
interact with collection ones (CASSANDRA-15805)
* Rely on snapshotted session infos on StreamResultFuture.maybeComplete
to avoid race conditions (CASSANDRA-15667)
* EmptyType doesn't override writeValue so could attempt to write bytes
when expected not to (CASSANDRA-15790)
* Fix index queries on partition key columns when some partitions
contains only static data (CASSANDRA-13666)
* Avoid creating duplicate rows during major upgrades (CASSANDRA-15789)
* liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if
IndexSummaryRedistribution gets interrupted (CASSANDRA-15674)
* Fix Debian init start/stop (CASSANDRA-15770)
* Fix infinite loop on index query paging in tables with clustering
(CASSANDRA-14242)
* Fix chunk index overflow due to large sstable with small chunk length
(CASSANDRA-15595)
* Allow selecting static column only when querying static index
(CASSANDRA-14242)
* cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623)
* Don't skip sstables in slice queries based only on local
min/max/deletion timestamp (CASSANDRA-15690)
* Memtable memory allocations may deadlock (CASSANDRA-15367)
* Run evictFromMembership in GossipStage (CASSANDRA-15592)
* Fix nomenclature of allow and deny lists (CASSANDRA-15862)
* Remove generated files from source artifact (CASSANDRA-15849)
* Remove duplicated tools binaries from tarballs (CASSANDRA-15768)
* Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501)
* Disable JMX rebinding (CASSANDRA-15653)
* Fix writing of snapshot manifest when the table has table-backed
secondary indexes (CASSANDRA-10968)
* Fix parse error in cqlsh COPY FROM and formatting for map of blobs
(CASSANDRA-15679)
* Fix Commit log replays when static column clustering keys are
collections (CASSANDRA-14365)
* Fix Red Hat init script on newer systemd versions (CASSANDRA-15273)
* Allow EXTRA_CLASSPATH to work on tar/source installations
(CASSANDRA-15567)
* Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
upgrade and in sstablescrub (CASSANDRA-15035)
* Fix nodetool compactionstats showing extra pending task for TWCS -
patch implemented (CASSANDRA-15409)
* Fix SELECT JSON formatting for the "duration" type
(CASSANDRA-15075)
* Fix LegacyLayout to have same behavior as 2.x when handling unknown
column names (CASSANDRA-15081)
* Update nodetool help stop output (CASSANDRA-15401)
* Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
* Include updates to static column in mutation size calculations
(CASSANDRA-15293)
* Fix point-in-time recoevery ignoring timestamp of updates to static
columns (CASSANDRA-15292)
* GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
* Fix sstabledump's position key value when partitions have multiple
rows
(CASSANDRA-14721)
* Avoid over-scanning data directories in LogFile.verify()
(CASSANDRA-15364)
* Bump generations and document changes to system_distributed and
system_traces in 3.0, 3.11 (CASSANDRA-15441)
* Fix system_traces creation timestamp; optimise system keyspace upgrades
(CASSANDRA-15398)
* Fix various data directory prefix matching issues (CASSANDRA-13974)
* Minimize clustering values in metadata collector (CASSANDRA-15400)
* Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
* validate value sizes in LegacyLayout (CASSANDRA-15373)
* Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode
by
default (CASSANDRA-15385)
* Make sure index summary redistribution does not start when compactions
are paused (CASSANDRA-15265)
* Ensure legacy rows have primary key livenessinfo when they contain
illegal cells (CASSANDRA-15365)
* Fix race condition when setting bootstrap flags (CASSANDRA-14878)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
* In-JVM DTest: Set correct internode message version for upgrade test
(CASSANDRA-15371)
* In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
* Fix SASI non-literal string comparisons (range operators)
(CASSANDRA-15169)
* Make sure user defined compaction transactions are always closed
(CASSANDRA-15123)
* Fix cassandra-env.sh to use $CASSANDRA_CONF to find
cassandra-jaas.config (CASSANDRA-14305)
* Fixed nodetool cfstats printing index name twice (CASSANDRA-14903)
* Add flag to disable SASI indexes, and warnings on creation
(CASSANDRA-14866)
* Add ability to cap max negotiable protocol version (CASSANDRA-15193)
* Gossip tokens on startup if available (CASSANDRA-15335)
* Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340)
* Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289)
* Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when
upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172)
* Fix NPE when using allocate_tokens_for_keyspace on new DC/rack
(CASSANDRA-14952)
* Filter sstables earlier when running cleanup (CASSANDRA-15100)
* Use mean row count instead of mean column count for index selectivity
calculation (CASSANDRA-15259)
* Avoid updating unchanged gossip states (CASSANDRA-15097)
* Prevent recreation of previously dropped columns with a different kind
(CASSANDRA-14948)
* Prevent client requests from blocking on executor task queue
(CASSANDRA-15013)
* Toughen up column drop/recreate type validations (CASSANDRA-15204)
* LegacyLayout should handle paging states that cross a collection column
(CASSANDRA-15201)
* Prevent RuntimeException when username or password is empty/null
(CASSANDRA-15198)
* Multiget thrift query returns null records after digest mismatch
(CASSANDRA-14812)
* Skipping illegal legacy cells can break reverse iteration of indexed
partitions (CASSANDRA-15178)
* Handle paging states serialized with a different version than the
session's (CASSANDRA-15176)
* Throw IOE instead of asserting on unsupporter peer versions
(CASSANDRA-15066)
* Update token metadata when handling MOVING/REMOVING_TOKEN events
(CASSANDRA-15120)
* Add ability to customize cassandra log directory using
$CASSANDRA_LOG_DIR (CASSANDRA-15090)
* Skip cells with illegal column names when reading legacy sstables
(CASSANDRA-15086)
* Fix assorted gossip races and add related runtime checks
(CASSANDRA-15059)
* Fix mixed mode partition range scans with limit (CASSANDRA-15072)
* cassandra-stress works with frozen collections: list and set
(CASSANDRA-14907)
* Fix handling FS errors on writing and reading flat files -
LogTransaction and hints (CASSANDRA-15053)
* Avoid double closing the iterator to avoid overcounting the number of
requests (CASSANDRA-15058)
* Improve `nodetool status -r` speed (CASSANDRA-14847)
* Improve merkle tree size and time on heap (CASSANDRA-14096)
* Add missing commands to nodetool_completion (CASSANDRA-14916)
* Anti-compaction temporarily corrupts sstable state for readers
(CASSANDRA-15004)
* Catch non-IOException in FileUtils.close to make sure that all
resources are closed (CASSANDRA-15225)
* Handle exceptions during authentication/authorization (CASSANDRA-15041)
* Support cross version messaging in in-jvm upgrade dtests
(CASSANDRA-15078)
* Fix index summary redistribution cancellation (CASSANDRA-15045)
* Fixing invalid CQL in security documentation (CASSANDRA-15020)
* Allow instance class loaders to be garbage collected for inJVM dtest
(CASSANDRA-15170)
* Add support for network topology and query tracing for inJVM dtest
(CASSANDRA-15319)
* Correct sstable sorting for garbagecollect and levelled compaction
(CASSANDRA-14870)
* Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser
* Add a script to make running the cqlsh tests in cassandra repo easier
(CASSANDRA-14951)
* If SizeEstimatesRecorder misses a 'onDropTable' notification, the
size_estimates table will never be cleared for that table.
(CASSANDRA-14905)
* Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters
(CASSANDRA-14958)
* Streaming needs to synchronise access to LifecycleTransaction
(CASSANDRA-14554)
* Fix cassandra-stress write hang with default options (CASSANDRA-14616)
* Differentiate between slices and RTs when decoding legacy bounds
(CASSANDRA-14919)
* Netty epoll IOExceptions caused by unclean client disconnects being
logged at INFO (CASSANDRA-14909)
* Unfiltered.isEmpty conflicts with Row extends
AbstractCollection.isEmpty (CASSANDRA-14588)
* RangeTombstoneList doesn't properly clean up mergeable or superseded
rts in some cases (CASSANDRA-14894)
* Fix handling of collection tombstones for dropped columns from legacy
sstables (CASSANDRA-14912)
* Throw exception if Columns serialized subset encode more columns than
possible (CASSANDRA-14591)
* Drop/add column name with different Kind can result in corruption
(CASSANDRA-14843)
* Fix missing rows when reading 2.1 SSTables with static columns in 3.0
(CASSANDRA-14873)
* Move TWCS message 'No compaction necessary for bucket size' to
Trace
level (CASSANDRA-14884)
* Sstable min/max metadata can cause data loss (CASSANDRA-14861)
* Dropped columns can cause reverse sstable iteration to return
prematurely (CASSANDRA-14838)
* Legacy sstables with multi block range tombstones create invalid bound
sequences (CASSANDRA-14823)
* Expand range tombstone validation checks to multiple interim request
stages (CASSANDRA-14824)
* Reverse order reads can return incomplete results (CASSANDRA-14803)
* Avoid calling iter.next() in a loop when notifying indexers about range
tombstones (CASSANDRA-14794)
* Fix purging semi-expired RT boundaries in reversed iterators
(CASSANDRA-14672)
* DESC order reads can fail to return the last Unfiltered in the
partition (CASSANDRA-14766)
* Fix corrupted collection deletions for dropped columns in 3.0 <->
2.{1,2} messages (CASSANDRA-14568)
* Fix corrupted static collection deletions in 3.0 <-> 2.{1,2}
messages
(CASSANDRA-14568)
* Handle failures in parallelAllSSTableOperation
(cleanup/upgradesstables/etc) (CASSANDRA-14657)
* Improve TokenMetaData cache populating performance avoid long locking
(CASSANDRA-14660)
* Backport: Flush netty client messages immediately (not by default)
(CASSANDRA-13651)
* Fix static column order for SELECT * wildcard queries (CASSANDRA-14638)
* sstableloader should use discovered broadcast address to connect
intra-cluster (CASSANDRA-14522)
* Fix reading columns with non-UTF names from schema (CASSANDRA-14468)
* Don't enable client transports when bootstrap is pending
(CASSANDRA-14525)
* MigrationManager attempts to pull schema from different major version
nodes (CASSANDRA-14928)
* Fix incorrect cqlsh results when selecting same columns multiple times
(CASSANDRA-13262)
* Returns null instead of NaN or Infinity in JSON strings
(CASSANDRA-14377)
* Paged Range Slice queries with DISTINCT can drop rows from results
(CASSANDRA-14956)

Changes in crowbar-openstack:
- Update to version 6.0+git.1616146717.a89ae0f4e:
* monasca: restart Kibana on update (bsc#1044849)

Changes in grafana
- Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358)
* Prevent unauthenticated remote attackers from causing a DoS through
the snapshots API.

Changes in kibana:
- Ensure /etc/sysconfig/kibana is present

- Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14,
ESA-2017-16)
* [4.6] ignore forked code for babel transpile build phase (#13483)
* Allow more than match queries in custom filters (#8614) (#10857)
* [state] don't make extra $location.replace() calls (#9954)
* [optimizer] move to querystring-browser package for up-to-date api
* [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
* server: refactor log_interceptor to be more DRY (#9617)
* server: downgrade ECANCELED logs to debug (#9616)
* server: do not treat logged warnings as errors (#8746) (#9610)
* [server/logger] downgrade EPIPE errors to debug level (#9023)
* Add basepath when redirecting from a trailling slash (#9035)
* [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
* [server/shortUrl] validate urls before shortening them
- Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
* This fixes an XSS vulnerability in URL fields
- Remove %dir declaration from /opt/kibana/optimize to ensure no files
owned by root end up in there
- Exclude /opt/kibana/optimize from %fdupes
- Restart service on upgrade
- Do not copy LICENSE.txt and README.txt to /opt/kibana
- Fix rpmlint warnings/errors
- Switch to explicit patch application
- Fix source URL
- Fix logic for systemd/systemv detection

- Add 0001-Configurable-custom-response-headers-for-server.patch
(bsc#1171909, CVE-2020-10743)

- Added kibana.yml symlink (bsc#1048688, FATE#323204) Changes in
openstack-dashboard:
- Update to version horizon-14.1.1.dev11:
* Consume tempest-horizon from PyPI release

Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job

Changes in openstack-ironic:
- Update to version ironic-11.1.5.dev17:
* Remove lower-constraints job

Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed

- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details

- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled

- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID

- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is
deleted

- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair

- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS

- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted

Changes in openstack-neutron:
- Update to version neutron-13.0.8.dev164:
* Schedule networks to new segments if needed

- Update to version neutron-13.0.8.dev162:
* Fix invalid JSON generated by quota details

- Update to version neutron-13.0.8.dev160:
* Fix deletion of rfp interfaces when router is re-enabled

- Update to version neutron-13.0.8.dev159:
* [OVS FW] Allow egress ICMPv6 only for know addresses
* [OVS FW] Clean conntrack entries with mark == CT\_MARK\_INVALID

- Update to version neutron-13.0.8.dev155:
* Fix removal of dvr-src mac flows when non-gateway port on router is
deleted

- Update to version neutron-13.0.8.dev153:
* Add some wait time between stopping and starting again ovsdb monitor
* Workaround for TCP checksum issue with ovs-dpdk and veth pair

- Update to version neutron-13.0.8.dev149:
* Fix wrong packet\_type set for IPv6 GRE tunnels in OVS

- Update to version neutron-13.0.8.dev148:
* Fix losses of ovs flows when ovs is restarted

Changes in openstack-neutron-gbp:
- Update to version group-based-policy-12.0.1.dev29:
* gbp-validate: Tenant and resource level scoping 2014.2.0rc1

- Update to version group-based-policy-12.0.1.dev27:
* Import data\_utils from the new location

- Update to version group-based-policy-12.0.1.dev26:
* Add SNAT port's Mac Address to the host\_snat\_ips dictionary

- Update to version group-based-policy-12.0.1.dev25:
* Add support for victoria 2014.2.rc1

- Update to version group-based-policy-12.0.1.dev24:
* Fix deletion of SVI networks

- Update to version group-based-policy-12.0.1.dev23:
* Allow per-port qos configuration on dhcp port 2014.2rc1

- Update to version group-based-policy-12.0.1.dev22:
* Add connectivity parameter to driver
* [AIM] Fix ERSPAN extension 2014.2.rc1

- Update to version group-based-policy-12.0.1.dev19:
* Fix exception with cleanup 2014.2.0rc1

- Update to version group-based-policy-12.0.1.dev18:
* Add workaround to get\_subnets

Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3

Changes in openstack-nova:
- Update to version nova-18.3.1.dev82:
* [stable-only] gate: Pin CEPH\_RELEASE to nautilus in LM hook
* Change default num\_retries for glance to 3

Changes in python-Django1:
- Add CVE-2021-33203.patch (bsc#1186608, CVE-2021-33203)
* Fixed potential path-traversal via admindocs' TemplateDetailView.
- Add CVE-2021-33571.patch (bsc#1186611, CVE-2021-33571)
* Prevented leading zeros in IPv4 addresses.

- Add CVE-2021-31542.patch (bsc#1185623, CVE-2021-31542)
* Fixed CVE-2021-31542 -- Tightened path and file name sanitation in
file uploads.

- Add CVE-2021-28658.patch (bsc#1184148, CVE-2021-28658)
* Fixed potential directory-traversal via uploaded files

- Add CVE-2021-23336.patch (bsc#1182433, CVE-2021-23336)
* Fixed web cache poisoning via django.utils.http.limited_parse_qsl()

Changes in python-py:
- Add CVE-2020-29651.patch ((bsc#1179805, CVE-2020-29651)
* svnwc: fix regular expression vulnerable to DoS in blame functionality

Changes in python-pysaml2:
- Fix patches (SOC-11453)
* 0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch
- rename saml2.xml to saml2.samlxml to avoid overriding the xml
module in the system module path
- add missing __init__.py files
- add missing saml2/data package to setup.py
* 0007-Make-previous-commits-python2-compatible.patch so as not to
- Adjust to saml2.xml to saml2.samlxml changes
- Fix a few more syntax errors and Python2-isms.

- Fix CVE-2021-21238, bsc#1181277 with 0002-Strengthen-XSW-tests.patch ,
0003-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
0004-Add-xsd-schemas.patch ,
0005-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch . This adds a
dependency on python-xmlschema, which depends on python-elementpath,
thus both need to be added for this to work. The used python-xmlschema
needs to support the sandbox argument which was added in 1.2.0 and
refined in 1.2.1, but that version doesn't support python2, so a
patched
version that does both is needed. Add
0007-Make-previous-commits-python2-compatible.patch to not add a
dependency on reportlib_resources and make other changes python2
compatible. . Fix CVE-2021-21239, bsc#1181278 with
0006-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch

Changes in python-xmlschema:

- Add 3 patches to backport sandbox argument, which is needed by a
security fix in python-pysaml2 and one patch to make backport python2
compatible.
- Upstream url changed
- Add rpmlintrc to make it work on Leap 42.3
- Update to 1.0.18:
* Fix for *ModelVisitor.iter_unordered_content()*
* Fixed default converter, AbderaConverter and JsonMLConverter for
xs:anyType decode
* Fixed validation tests with all converters
* Added UnorderedConverter to validation tests
- Update to 1.0.17:
* Enhancement of validation-only speed (~15%)
* Added *is_valid()* and *iter_errors()* to module API
- Update to 1.0.16:
* Improved XMLResource class for working with compressed files
* Fix for validation with XSD wildcards and 'lax' process content
* Fix ambiguous items validation for xs:choice and xs:sequence models

- Handle UnicodeDecodeErrors during build process

- Update to 1.0.15:
* Improved XPath 2.0 bindings
* Added logging for schema initialization and building (handled with
argument loglevel)
* Update encoding of collapsed contents with a new model based
reordering method
* Removed XLink namespace from meta-schema (loaded from a fallback
location like XHTML)
* Fixed half of failed W3C instance tests (remain 255 over 15344 tests)

- Initial commit, needed by pytest 5.1.2 Changes in python-elementpath:

- Update to 1.3.1:
* Improved schema proxy
* Improved XSD type matching using paths
* Cached parent path for XPathContext (only Python 3)
* Improve typed selection with TypedAttribute and TypedElement
named-tuples
* Add iter_results to XPathContext
* Remove XMLSchemaProxy from package
* Fix descendant shortcut operator '//'
* Fix text() function
* Fix typed select of '(name)' token
* Fix 24-hour time for DateTime

- Skip test_hashing to fix 32bit builds

- Initial commit needed by python-xmlschema Changes in
rubygem-activerecord-session_store:
- added CVE-2019-25025.patch (CVE-2019-25025, bsc#1183174)
* This requires CVE-2019-16782.patch to be included in
rubygem-actionpack-4_2 to work correctly.

Changes in venv-openstack-keystone
- Add python-xmlschema and python-elementpath for new python-pysaml2
version.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud Crowbar 9:

zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1962=1

- SUSE OpenStack Cloud 9:

zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1962=1

Package List:

- SUSE OpenStack Cloud Crowbar 9 (noarch):

crowbar-openstack-6.0+git.1616146717.a89ae0f4e-3.34.4
openstack-dashboard-14.1.1~dev11-3.24.6
openstack-ironic-11.1.5~dev17-3.25.5
openstack-ironic-api-11.1.5~dev17-3.25.5
openstack-ironic-conductor-11.1.5~dev17-3.25.5
openstack-neutron-13.0.8~dev164-3.37.4
openstack-neutron-dhcp-agent-13.0.8~dev164-3.37.4
openstack-neutron-gbp-12.0.1~dev29-3.25.3
openstack-neutron-ha-tool-13.0.8~dev164-3.37.4
openstack-neutron-l3-agent-13.0.8~dev164-3.37.4
openstack-neutron-linuxbridge-agent-13.0.8~dev164-3.37.4
openstack-neutron-macvtap-agent-13.0.8~dev164-3.37.4
openstack-neutron-metadata-agent-13.0.8~dev164-3.37.4
openstack-neutron-metering-agent-13.0.8~dev164-3.37.4
openstack-neutron-openvswitch-agent-13.0.8~dev164-3.37.4
openstack-neutron-server-13.0.8~dev164-3.37.4
openstack-nova-18.3.1~dev82-3.37.6
openstack-nova-api-18.3.1~dev82-3.37.6
openstack-nova-cells-18.3.1~dev82-3.37.6
openstack-nova-compute-18.3.1~dev82-3.37.6
openstack-nova-conductor-18.3.1~dev82-3.37.6
openstack-nova-console-18.3.1~dev82-3.37.6
openstack-nova-novncproxy-18.3.1~dev82-3.37.6
openstack-nova-placement-api-18.3.1~dev82-3.37.6
openstack-nova-scheduler-18.3.1~dev82-3.37.6
openstack-nova-serialproxy-18.3.1~dev82-3.37.6
openstack-nova-vncproxy-18.3.1~dev82-3.37.6
python-Django1-1.11.29-3.25.1
python-elementpath-1.3.1-1.3.2
python-horizon-14.1.1~dev11-3.24.6
python-ironic-11.1.5~dev17-3.25.5
python-neutron-13.0.8~dev164-3.37.4
python-neutron-gbp-12.0.1~dev29-3.25.3
python-nova-18.3.1~dev82-3.37.6
python-openstack_auth-14.1.1~dev11-3.24.6
python-py-1.5.4-3.3.2
python-pysaml2-4.5.0-4.6.2
python-xmlschema-1.0.18-1.3.2

- SUSE OpenStack Cloud Crowbar 9 (x86_64):

cassandra-3.11.10-3.3.3
cassandra-debuginfo-3.11.10-3.3.3
cassandra-debugsource-3.11.10-3.3.3
cassandra-tools-3.11.10-3.3.3
grafana-6.7.4-3.23.2
grafana-debuginfo-6.7.4-3.23.2
kibana-4.6.6-4.9.2
kibana-debuginfo-4.6.6-4.9.2
ruby2.1-rubygem-activerecord-session_store-0.1.2-4.3.2

- SUSE OpenStack Cloud 9 (noarch):

ardana-neutron-9.0+git.1615223676.777f0b3-3.25.2
ardana-swift-9.0+git.1618235096.90974ed-3.10.2
openstack-dashboard-14.1.1~dev11-3.24.6
openstack-ironic-11.1.5~dev17-3.25.5
openstack-ironic-api-11.1.5~dev17-3.25.5
openstack-ironic-conductor-11.1.5~dev17-3.25.5
openstack-neutron-13.0.8~dev164-3.37.4
openstack-neutron-dhcp-agent-13.0.8~dev164-3.37.4
openstack-neutron-gbp-12.0.1~dev29-3.25.3
openstack-neutron-ha-tool-13.0.8~dev164-3.37.4
openstack-neutron-l3-agent-13.0.8~dev164-3.37.4
openstack-neutron-linuxbridge-agent-13.0.8~dev164-3.37.4
openstack-neutron-macvtap-agent-13.0.8~dev164-3.37.4
openstack-neutron-metadata-agent-13.0.8~dev164-3.37.4
openstack-neutron-metering-agent-13.0.8~dev164-3.37.4
openstack-neutron-openvswitch-agent-13.0.8~dev164-3.37.4
openstack-neutron-server-13.0.8~dev164-3.37.4
openstack-nova-18.3.1~dev82-3.37.6
openstack-nova-api-18.3.1~dev82-3.37.6
openstack-nova-cells-18.3.1~dev82-3.37.6
openstack-nova-compute-18.3.1~dev82-3.37.6
openstack-nova-conductor-18.3.1~dev82-3.37.6
openstack-nova-console-18.3.1~dev82-3.37.6
openstack-nova-novncproxy-18.3.1~dev82-3.37.6
openstack-nova-placement-api-18.3.1~dev82-3.37.6
openstack-nova-scheduler-18.3.1~dev82-3.37.6
openstack-nova-serialproxy-18.3.1~dev82-3.37.6
openstack-nova-vncproxy-18.3.1~dev82-3.37.6
python-Django1-1.11.29-3.25.1
python-elementpath-1.3.1-1.3.2
python-horizon-14.1.1~dev11-3.24.6
python-ironic-11.1.5~dev17-3.25.5
python-neutron-13.0.8~dev164-3.37.4
python-neutron-gbp-12.0.1~dev29-3.25.3
python-nova-18.3.1~dev82-3.37.6
python-openstack_auth-14.1.1~dev11-3.24.6
python-py-1.5.4-3.3.2
python-pysaml2-4.5.0-4.6.2
python-xmlschema-1.0.18-1.3.2
venv-openstack-barbican-x86_64-7.0.1~dev24-3.23.1
venv-openstack-cinder-x86_64-13.0.10~dev20-3.26.1
venv-openstack-designate-x86_64-7.0.2~dev2-3.23.1
venv-openstack-glance-x86_64-17.0.1~dev30-3.21.1
venv-openstack-heat-x86_64-11.0.4~dev4-3.23.1
venv-openstack-horizon-x86_64-14.1.1~dev11-4.27.3
venv-openstack-ironic-x86_64-11.1.5~dev17-4.21.2
venv-openstack-keystone-x86_64-14.2.1~dev4-3.24.3
venv-openstack-magnum-x86_64-7.2.1~dev1-4.23.1
venv-openstack-manila-x86_64-7.4.2~dev60-3.29.1
venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.23.2
venv-openstack-monasca-x86_64-2.7.1~dev10-3.21.1
venv-openstack-neutron-x86_64-13.0.8~dev164-6.27.3
venv-openstack-nova-x86_64-18.3.1~dev82-3.27.3
venv-openstack-octavia-x86_64-3.2.3~dev7-4.23.1
venv-openstack-sahara-x86_64-9.0.2~dev15-3.23.1
venv-openstack-swift-x86_64-2.19.2~dev48-2.18.1

- SUSE OpenStack Cloud 9 (x86_64):

cassandra-3.11.10-3.3.3
cassandra-debuginfo-3.11.10-3.3.3
cassandra-debugsource-3.11.10-3.3.3
cassandra-tools-3.11.10-3.3.3
grafana-6.7.4-3.23.2
grafana-debuginfo-6.7.4-3.23.2
kibana-4.6.6-4.9.2
kibana-debuginfo-4.6.6-4.9.2

References:

https://www.suse.com/security/cve/CVE-2017-11481.html
https://www.suse.com/security/cve/CVE-2017-11499.html
https://www.suse.com/security/cve/CVE-2018-18623.html
https://www.suse.com/security/cve/CVE-2018-18624.html
https://www.suse.com/security/cve/CVE-2018-18625.html
https://www.suse.com/security/cve/CVE-2018-19039.html
https://www.suse.com/security/cve/CVE-2019-15043.html
https://www.suse.com/security/cve/CVE-2019-25025.html
https://www.suse.com/security/cve/CVE-2020-10743.html
https://www.suse.com/security/cve/CVE-2020-11110.html
https://www.suse.com/security/cve/CVE-2020-12052.html
https://www.suse.com/security/cve/CVE-2020-13379.html
https://www.suse.com/security/cve/CVE-2020-17516.html
https://www.suse.com/security/cve/CVE-2020-24303.html
https://www.suse.com/security/cve/CVE-2020-29651.html
https://www.suse.com/security/cve/CVE-2021-21238.html
https://www.suse.com/security/cve/CVE-2021-21239.html
https://www.suse.com/security/cve/CVE-2021-23336.html
https://www.suse.com/security/cve/CVE-2021-27358.html
https://www.suse.com/security/cve/CVE-2021-28658.html
https://www.suse.com/security/cve/CVE-2021-31542.html
https://www.suse.com/security/cve/CVE-2021-33203.html
https://www.suse.com/security/cve/CVE-2021-33571.html
https://bugzilla.suse.com/1044849
https://bugzilla.suse.com/1048688
https://bugzilla.suse.com/1115960
https://bugzilla.suse.com/1148383
https://bugzilla.suse.com/1170657
https://bugzilla.suse.com/1171909
https://bugzilla.suse.com/1172409
https://bugzilla.suse.com/1172450
https://bugzilla.suse.com/1174583
https://bugzilla.suse.com/1178243
https://bugzilla.suse.com/1179805
https://bugzilla.suse.com/1181277
https://bugzilla.suse.com/1181278
https://bugzilla.suse.com/1181689
https://bugzilla.suse.com/1181690
https://bugzilla.suse.com/1182317
https://bugzilla.suse.com/1182433
https://bugzilla.suse.com/1183174
https://bugzilla.suse.com/1183803
https://bugzilla.suse.com/1184148
https://bugzilla.suse.com/1185623
https://bugzilla.suse.com/1186608
https://bugzilla.suse.com/1186611