[SUSE-SU-2020:0640-1] Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift
Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift
This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-puma, venv-openstack-swift fixes the following issues:
Security issues fixed:
The update of rubygem-crowbar-client, rubygem-puma fixes the following security issues:
- CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080).
- CVE-2019-16770: Fixed a denial-of-service vulnerability that was exploitable by clients sending extraneous keepalive requests (bsc#1158675).
The update of mariadb to 10.2.29 fixes several security issues:
- CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2019-18901: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388).
- CVE-2017-1002201: Fixed an issue where special characters did not escpae properly (bsc#1155089)
- CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2938, CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service (bsc#1156669)
Non-security issues fixed:
Changes in ardana-cinder:
- Update to version 8.0+git.1579279939.ee7da88:
* Add option to flatten snapshots when using SES (SOC-11054)
- Update to version 8.0+git.1571846011.1a2f62b:
- SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)
Changes in ardana-cobbler:
- Update to version 8.0+git.1575037115.0326803:
* Set root device on SLES autoyast templates (SOC-7365)
Changes in ardana-designate:
- Update to version 8.0+git.1573597788.15b7984:
* Update gerrit location (SOC-9140)
Changes in ardana-extensions-example:
- Switch to new Gerrit Server
- Update to version 8.0+git.1534266307.db1ec28:
- SCPL-409 Fix .gitreview for stable/pike
Changes in ardana-extensions-nsx:
- Update to version 8.0+git.1567529036.a41a037:
* Update policy json templates for vmware-nsx (SOC-10254)
- Switch to new Gerrit Server
Changes in ardana-glance:
- Update to version 8.0+git.1571846045.ab9e3ea:
* SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)
Changes in ardana-heat:
- Update to version 8.0+git.1571777596.14dce6a:
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in ardana-input-model:
- Update to version 8.0+git.1582147997.b9ed134:
* Enable port security extension neutron (SOC-11027)
- Update to version 8.0+git.1573658751.38e822a:
- Move manila share to controller (SOC-10938)
Changes in ardana-ironic:
- Update to version 8.0+git.1571845225.006843d:
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in ardana-keystone:
- Update to version 8.0+git.1573147067.09e3ea0:
* enable debug and insecure_debug on demand (SOC-10934)
Changes in ardana-logging:
- Update to version 8.0+git.1572452293.e65d714:
* use correct Keystone v3 params bsc#1117840 (SOC-9753)
Changes in ardana-monasca:
- Update to version 8.0+git.1572527728.9b34bdf:
* use correct Keystone v3 params bsc#1117840 (SOC-9753)
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in ardana-monasca-transform:
- Update to version 8.0+git.1571845965.97714fb:
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in ardana-mq:
- Update to version 8.0+git.1581024906.fbf0be3:
* Ensure HA queue sync wait fails (SOC-11083)
* Fix HA policy setting comments (SOC-10317, SOC-11082)
Update to version 8.0+git.1580853688.4e72fc1:
- Set HA policy accordingly (SOC-10317, SOC-11082)
Update to version 8.0+git.1579014733.a855e3a:
- Change the HA policy mirror (SOC-10317)
Changes in ardana-neutron:
- Update to version 8.0+git.1573050365.ff6fa06:
* Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230)
- Update to version 8.0+git.1571846086.19cb7eb:
- SCRD-4764 move v2.0 endpoints to v3 (SOC-9753)
Changes in ardana-nova:
- Update to version 8.0+git.1571846125.584d988:
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in ardana-octavia:
- Update to version 8.0+git.1575642049.1f321d0:
* Change event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig:
- Update to version 8.0+git.1581015942.2d21e63:
* Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
- Update to version 8.0+git.1580469528.0ac2a8b:
- Start OVS services before wicked service at boot (SOC-11067)
Changes in ardana-tempest:
- Update to version 8.0+git.1579261264.7dd213a:
* Create network resources needed by some heat tests (SOC-7028)
Update to version 8.0+git.1573571182.8fa9823:
- Restrore designate test (SOC-9753)
Update to version 8.0+git.1571846164.6279bc0:
- SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in crowbar-core:
- Update to version 5.0+git.1582968668.1a55c77c5:
* Ignore CVE-2020-7595 in CI (bsc#1161517)
Update to version 5.0+git.1582543433.f71d39544:
- Fix deployment queue display (SOC-10741)
Update to version 5.0+git.1580209640.80f2ba3d9:
- network: start OVS before wickedd (SOC-11067)
Update to version 5.0+git.1579705862.220974047:
- dns: add checks to designate migration (SOC-11047)
Update to version 5.0+git.1579271614.eac1c490c:
- upgrade: Add the upgrade menu entry (SOC-11053)
- upgrade: Fix upgrade link (SOC-11053)
Update to version 5.0+git.1578989446.a2d23b7e1:
- Do not log an error for a case that is correct (trivial)
Update to version 5.0+git.1578472131.b88a31055:
- apache2: Restart after enabling SSL flag (SOC-11029)
Update to version 5.0+git.1578295229.96952deab:
- Avoid nil crash when provisioner attributes are not set (bsc#1160048)
Update to version 5.0+git.1578063264.d0223905b:
- Ignore CVE-2019-16770 (SOC-10999)
Update to version 5.0+git.1576053049.a2f4c9820:
- upgrade: Remove DRBD specific code from the preparation parts (SOC-10985)
Update to version 5.0+git.1575020613.fc167f4dc:
- List XEN nodes when failing precheck (trivial)
Update to version 5.0+git.1574763025.0a6957f37:
- Disable installation repository (bsc#1152007)
- Disable automatic repo services (bsc#1152007)
- Designate: Don't add the admin node to the public network (SOC-10658)
Update to version 5.0+git.1574715523.ee8e58f4b:
- upgrade: Check the result after commiting proposal (noref)
- upgrade: Do not try to disable services that might not exist (noref)
Update to version 5.0+git.1574667034.76644f658:
- [upgrade] Remove existing upgrade directories from nodes (SOC-10956)
Update to version 5.0+git.1574348992.88de970a6:
- [upgrade] Wait for keystone to be ready after start (bsc#1157206)
Update to version 5.0+git.1574270784.294f0e830:
- upgrade: Ignore Cloud repository during repocheck (bsc#1152007)
Update to version 5.0+git.1574165163.52870c62e:
- [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942)
Update to version 5.0+git.1574103089.1fbb5a51d:
- Ignore CVE-2019-13117 in CI builds (bsc#1157028)
- upgrade: Make the time before next upgrade configurable (SOC-10955)
- upgrade: Make sure cinder-volume is really stopped (bsc#1156305)
Update to version 5.0+git.1573110008.449237f0d:
- Allow pacemaker remotes for upgrade (SOC-10133)
- upgrade: Precheck for unsaved proposals (SOC-10912)
Update to version 5.0+git.1572880575.4a6efa3a1:
- upgrade: Add a precheck for XEN compute nodes presence (SOC-10495)
- upgrade: Reload repo config in repochecks (SOC-10718)
Update to version 5.0+git.1572097431.519baa552:
- Ignore CVE-2017-1002201 in CI builds (bsc#1155089)
Update to version 5.0+git.1571210032.8648ab99c:
- Revert 'Use block-migration when needed' (SOC-10133)
Changes in crowbar-ha:
- Update to version 5.0+git.1574286229.e0364c3:
* Drop g-haproxy location before group deletion (bsc#1156914)
Changes in crowbar-openstack:
- Update to version 5.0+git.1582911795.5081ef1da:
* designate: Mark as user managed (SOC-10233)
* Designate: make sure dns-server is active on a non-admin node (SOC-10636)
Update to version 5.0+git.1580549331.ba1e1a0a3:
- [5.0] ec2-api: run keystone_register on cluster founder only (SOC-11079)
Update to version 5.0+git.1579182968.f54cfa8f5:
- tempest: tempest run filters as templates (SOC-11052)
Update to version 5.0+git.1578515319.fdab3a0b2:
- Install openstack client for neutron recipes (SOC-11039)
Update to version 5.0+git.1576764142.8efe58655:
- Do not read data from barclamp that has not been saved (SOC-11028)
Update to version 5.0+git.1576666547.b7a0b8814:
- Revert 'Octavia: Hide UI until complete (SOC-10550)'
Update to version 5.0+git.1576250115.67b80cbca:
- [5.0] tempest: Update default image on schema (SOC-11023)
Update to version 5.0+git.1576078873.ecc798ffe:
- neutron: Revert remove .openrc creation from neutron cookbooks (SOC-10378)
- keystone: Add OS_INTERFACE env var to .openrc (SOC-11006)
Update to version 5.0+git.1574927541.694ac3863:
- designate: move keystone resource lookup to convergence (SOC-10887)
Update to version 5.0+git.1574769056.07a7c373e:
- designate: declare all mdns servers as master on pool config (SOC-10952)
- designate: add support for SSL (SOC-10877)
- designate: change default configuration (SOC-10899)
Update to version 5.0+git.1574421761.ace345683:
- Add tempest filter for designate (SOC-10288)
Update to version 5.0+git.1574359417.113b616b2:
- horizon: install lbaas horizon dashboard (SOC-10883)
Update to version 5.0+git.1572937880.ffb86e88b:
- Make sure the input file with ssh key exists (SOC-10133)
Update to version 5.0+git.1571764038.ad48726d6:
- mysql: fix WSREP sync race (SOC-10717)
- mysql: stop service for mysql_install_db (SOC-10717)
- Do not use obsoleted --endpoint-type option with CLI
Update to version 5.0+git.1571323259.7402ef5eb:
- [5.0] Tempest: blacklist test_volume_boot_pattern (SOC-10874)
Update to version 5.0+git.1571241534.f4af21325:
- rabbitmq: fix migration 200 (SOC-10623)
- Fix Cloud 8 no-op migrations (SOC-10623)
- neutron-lbaas: remove loadbalancer/pool limit
- [5.0] Configurable timeout for Galera pre-sync
Update to version 5.0+git.1571138324.edb9e8b56:
- horizon: tighten check for existence of monasca while deploying grafana
- monasca: improve detection if monasca-server is available
- monasca: install agent before run setup monitors in server
- Monasca: Handle node reinstall (jsc#SOC-10440, bsc#1148158 )
Update to version 5.0+git.1570618886.06022a6ef:
- glance: Set barbican auth endpoint (bsc#1123191, SOC-10844)
- tempest: Add barbican run_filters from ardana (SOC-10844)
- Fix nova tempest tests (SOC-9298, SOC-10844)
Update to version 5.0+git.1570505588.4bdc5aa6f:
- No rndc key if no public DNS server (SOC-10835)
Changes in crowbar-ui:
- Update to version 1.2.0+git.1575896697.a01a3a08:
* upgrade: Added missing error title
* travis: Stop testing against nodejs4
- Update to version 1.2.0+git.1572871359.50fc6087:
- Add title for XEN compute nodes precheck (SOC-10495)
Changes in keepalived:
- update to 2.0.19
- new BR pkgconfig(libnftnl) to fix nftables support
- add nftables to the BR
- added patch
* linux-4.15.patch
- add buildrequires for file-devel
- used in the checker to verify scripts
- enable json stats and config dump support
new BR: pkgconfig(json-c)
- enable http regexp support: new BR pcre2-devel
- disable dbus instance creation support as it is marked as
dangerous
- Add BFD build option to keepalived.spec rpm file
Issue #1114 identified that the keepalived.spec file was not being
generated to build BFD support even if keepalived had been
configured to support it.
- full changelog
https://keepalived.org/changelog.html
Changes in mariadb:
- update to 10.2.31 GA [bsc#1162388]
* Fixes for the following security vulnerabilities:
* 10.2.31: CVE-2020-2574
* 10.2.30: none
* release notes and changelog:
https://mariadb.com/kb/en/library/mariadb-10231-release-notes
https://mariadb.com/kb/en/library/mariadb-10231-changelog
https://mariadb.com/kb/en/library/mariadb-10230-release-notes
https://mariadb.com/kb/en/library/mariadb-10230-changelog
- refresh mariadb-10.1.12-deharcode-libdir.patch
- remove mariadb-10.2.29-bufferoverflowstrncat.patch (upstreamed)
- pack pam_user_map.so module in the /%{_lib}/security directory
and user_map.conf configuration file in the /etc/security directory
- fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895]
move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade
to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't
use it for a symlink attack [bsc#1160912]on BTRFS systems /var/lib/mysql is created as a subvolume with
755 permissions during the system installaion. Fix it to 700 as
mysql_install_db doesn't do it [bsc#1077717]add important options to mariadb.service and mariadb@.service
(ProtectSystem, ProtectHome and UMask) [bsc#1160878]mysql-systemd-helper: use systemd-tmpfiles instead of shell
script operations for a cleaner and safer creating of /run/mysql
[bsc#1160883]update to 10.2.29 GA
- Fixes for the following security vulnerabilities:
- 10.2.29: none
- 10.2.28: CVE-2019-2974, CVE-2019-2938
- 10.2.27: none
- 10.2.26: CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2758
- release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10229-release-notes https://mariadb.com/kb/en/library/mariadb-10229-changelog https://mariadb.com/kb/en/library/mariadb-10228-release-notes https://mariadb.com/kb/en/library/mariadb-10228-changelog https://mariadb.com/kb/en/library/mariadb-10227-release-notes https://mariadb.com/kb/en/library/mariadb-10227-changelog https://mariadb.com/kb/en/library/mariadb-10226-release-notes https://mariadb.com/kb/en/library/mariadb-10226-changelog
refresh
mariadb-10.0.15-logrotate-su.patch
mariadb-10.2.4-logrotate.patchadd mariadb-10.2.29-bufferoverflowstrncat.patch to fix 'Statement
might be overflowing a buffer in strncat' errortracker bug [bsc#1156669]
add main.gis_notembedded to the skipped tests (fails when latin1
is not set)
Changes in openstack-cinder:
- Update to version cinder-11.2.3.dev23:
* Fix handling of 'cinder_encryption_key_id' image metadata
Update to version cinder-11.2.3.dev21:
- Add retry to LVM deactivation
Update to version cinder-11.2.3.dev19:
- Fix ceph: only close rbd image after snapshot iteration is finished
Update to version cinder-11.2.3.dev17:
- Exclude disabled API versions from listing
Changes in openstack-cinder:
- Update to version cinder-11.2.3.dev23:
* Fix handling of 'cinder_encryption_key_id' image metadata
Update to version cinder-11.2.3.dev21:
- Add retry to LVM deactivation
Update to version cinder-11.2.3.dev19:
- Fix ceph: only close rbd image after snapshot iteration is finished
Update to version cinder-11.2.3.dev17:
- Exclude disabled API versions from listing
Changes in openstack-dashboard:
- Update to version horizon-12.0.5.dev2:
* Use python 2.7 as the default interpreter in tox
* OpenDev Migration Patch
12.0.4
Changes in openstack-dashboard-theme-SUSE:
- Update to version 2017.2+git.1573629528.6b21fa5:
* SCRD-7984 fixed help links
Changes in openstack-heat:
- Update to version heat-9.0.8.dev22:
* Do deepcopy when copying templates
Update to version heat-9.0.8.dev21:
- Set stack.thread_group_mgr for cancel_update
- Eliminate client race condition in convergence delete
- Delete snapshots using contemporary resources
Update to version heat-9.0.8.dev15:
- Unskip StackSnapshotRestoreTest
Update to version heat-9.0.8.dev14:
- Fix translate tenants in flavor
Changes in openstack-heat:
- Update to version heat-9.0.8.dev22:
* Do deepcopy when copying templates
Update to version heat-9.0.8.dev21:
- Set stack.thread_group_mgr for cancel_update
- Eliminate client race condition in convergence delete
- Delete snapshots using contemporary resources
Update to version heat-9.0.8.dev15:
- Unskip StackSnapshotRestoreTest
Update to version heat-9.0.8.dev14:
- Fix translate tenants in flavor
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1560033670.e3b5a52:
* Add example for running Zun container
* OpenDev Migration Patch
* Replace openstack.org git:// URLs with https://
* Remove docs, deprecated hooks, tests
* Update the bugs link to storyboard
* Use octavia resources for autoscaling example
* Fix the incorrect cirros default password
Changes in openstack-horizon-plugin-designate-ui:
- Update to version designate-dashboard-5.0.3.dev2:
* Fix list zones updated at same time
* OpenDev Migration Patch
5.0.2
Changes in openstack-horizon-plugin-neutron-lbaas-ui:
- Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883)
The .pyc file needs to be removed when the package is uninstalled,
otherwise the panel will remain enabled in the dashboard and cause
errors.
Changes in openstack-ironic:
- Update to version ironic-9.1.8.dev8:
* Place upper bound on python-dracclient version
Changes in openstack-ironic:
- Update to version ironic-9.1.8.dev8:
* Place upper bound on python-dracclient version
Changes in openstack-keystone:
- Update to version keystone-12.0.4.dev5:
* Import LDAP job into project
Changes in openstack-keystone:
- Update to version keystone-12.0.4.dev5:
* Import LDAP job into project
Changes in openstack-monasca-agent:
- Added dependency:
* fdupes
* pwdutils and shadow-utils for useradd/groupadd
- added 0001-add-X.509-certificate-check-plugin.patch
Changes in openstack-neutron:
- Update to version neutron-11.0.9.dev60:
* Set DB retry for quota_enforcement pecan_wsgi hook
Update to version neutron-11.0.9.dev58:
- don't clear skb mark when ovs is hw-offload enabled
Update to version neutron-11.0.9.dev57:
- doc: add known limitation about attaching SR-IOV ports
Update to version neutron-11.0.9.dev56:
- raise priority of dead vlan drop
Update to version neutron-11.0.9.dev54:
- [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled
Update to version neutron-11.0.9.dev52:
- Initialize phys bridges before setup_rpc
Changes in openstack-neutron:
- Update neutron-ha-tool to latest version:
* Add DHCP agent evacuation (SOC-11046)
Update to version neutron-11.0.9.dev60:
- Set DB retry for quota_enforcement pecan_wsgi hook
Update to version neutron-11.0.9.dev58:
- don't clear skb mark when ovs is hw-offload enabled
neutron: Remove stop action from ovs-cleanup (bsc#1157482)
backport of https://review.opendev.org/#/c/695867/Update to version neutron-11.0.9.dev57:
- doc: add known limitation about attaching SR-IOV ports
Update to version neutron-11.0.9.dev56:
- raise priority of dead vlan drop
Update to version neutron-11.0.9.dev54:
- [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled
Update to version neutron-11.0.9.dev52:
- Initialize phys bridges before setup_rpc
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-7.3.1.dev72:
* Refactor static path code
Update to version group-based-policy-7.3.1.dev71:
- Support named ip protocols for SecurityGroupRules
Update to version group-based-policy-7.3.1.dev70:
- Allow both FIP and SNAT on a single port
Update to version group-based-policy-7.3.1.dev69:
- Fix active-active AAP RPC query
Update to version group-based-policy-7.3.1.dev67:
- [AIM] Add extra provided/consumed contracts to network extension
Update to version group-based-policy-7.3.1.dev66:
- Active active AAP feature
Update to version group-based-policy-7.3.1.dev64:
- Support cache option for legacy GBP driver
Update to version group-based-policy-7.3.1.dev63:
- Fix host ID length in VM names table
Update to version group-based-policy-7.3.1.dev62:
- Update_proj_descr in apic when project description is updated in os
Update to version group-based-policy-7.3.1.dev61:
- Send port notifications when host_route is getting updated
- Provide a control knob to use the internal EP interface
Update to version group-based-policy-7.3.1.dev57:
- Fix pep8 failures seen on submitted patches
Changes in openstack-neutron-vsphere:
- Update to version networking-vsphere-2.0.1.dev133:
* Update to use Agent model from neutron.db.models
* Fix neutron-dvs-agent startup errors
* OpenDev Migration Patch
- Remove 0001-fix-dvs-agent-config.patch as changes
had been backported to stable/pike
- See https://review.opendev.org/#/c/682482
Changes in openstack-nova:
- Update to version nova-16.1.9.dev49:
* Use stable constraint for Tempest pinned stable branches
Update to version nova-16.1.9.dev48:
- Avoid redundant initialize_connection on source post live migration
- Error out interrupted builds
- Skip checking of target_dev for vhostuser
- Functional reproduce for bug 1833581
- Prevent init_host test to interfere with other tests
- Add functional test for resize crash compute restart revert
- Move restart_compute_service to a common place
- lxc: make use of filter python3 compatible
- cleanup evacuated instances not on hypervisor
- Delete resource providers for all nodes when deleting compute service
Update to version nova-16.1.9.dev30:
- Explicitly fail if trying to attach SR-IOV port
- Stabilize unshelve notification sample tests
Update to version nova-16.1.9.dev26:
- Fix listing deleted servers with a marker
- Add functional regression test for bug 1849409
Update to version nova-16.1.9.dev22:
- Hook resource_tracker to remove stale node information
Update to version nova-16.1.9.dev20:
- Workaround missing RequestSpec.instance_group.uuid
- Add regression recreate test for bug 1830747
Update to version nova-16.1.9.dev16:
- Changing scheduler sync event from INFO to DEBUG
Update to version nova-16.1.9.dev14:
- Only nil az during shelve offload
- Delete instance_id_mappings record in instance_destroy
Update to version nova-16.1.9.dev11:
- Revert 'openstack server create' to 'nova boot' in nova docs
- doc: fix and clarify --block-device usage in user docs
Update to version nova-16.1.9.dev8:
- Functional reproduce for bug 1852207
Changes in openstack-nova:
- Update to version nova-16.1.9.dev49:
* Use stable constraint for Tempest pinned stable branches
Update to version nova-16.1.9.dev48:
- Avoid redundant initialize_connection on source post live migration
- Error out interrupted builds
- Skip checking of target_dev for vhostuser
- Functional reproduce for bug 1833581
- Prevent init_host test to interfere with other tests
- Add functional test for resize crash compute restart revert
- Move restart_compute_service to a common place
- lxc: make use of filter python3 compatible
- cleanup evacuated instances not on hypervisor
- Delete resource providers for all nodes when deleting compute service
Update to version nova-16.1.9.dev30:
- Explicitly fail if trying to attach SR-IOV port
- Stabilize unshelve notification sample tests
Update to version nova-16.1.9.dev26:
- Fix listing deleted servers with a marker
- Add functional regression test for bug 1849409
Update to version nova-16.1.9.dev22:
- Hook resource_tracker to remove stale node information
Update to version nova-16.1.9.dev20:
- Workaround missing RequestSpec.instance_group.uuid
- Add regression recreate test for bug 1830747
Update to version nova-16.1.9.dev16:
- Changing scheduler sync event from INFO to DEBUG
Update to version nova-16.1.9.dev14:
- Only nil az during shelve offload
- Delete instance_id_mappings record in instance_destroy
Update to version nova-16.1.9.dev11:
- Revert 'openstack server create' to 'nova boot' in nova docs
- doc: fix and clarify --block-device usage in user docs
Update to version nova-16.1.9.dev8:
- Functional reproduce for bug 1852207
Changes in openstack-octavia:
- Update to version octavia-1.0.6.dev3:
* Fix urgent amphora two-way auth security bug
Changes in openstack-octavia-amphora-image:
- Update image to 0.1.2 to include udated keepalived 2.0.19
Update image to 0.1.1 to include latest changes
Add keepalived service
Changes in openstack-resource-agents:Update to version 1.0+git.1569436425.8b9c49f:
- Add a configurable delay to Nova Evacuate calls
- OpenDev Migration Patch
- NovaEvacuate: fix a syntax error
- NovaEvacuate: Support the new split-out IHA fence agents with backwards compatibility
- NovaEvacuate: Correctly handle stopped hypervisors
- neutron-ha-tool: do not replicate dhcp
- NovaCompute: Support parsing host option from /etc/nova/nova.conf.d
- NovaCompute: Use variable to avoid calling crudini a second time
- NovaEvacuate: Allow debug logging to be turned on easily
Changes in openstack-sahara:
- Update to version sahara-7.0.5.dev4:
* Run sahara-scenario using Python 3
* Enforce python 2 for documentation build
* Fix requirements(bandit)
* OpenDev Migration Patch
7.0.4
Changes in openstack-sahara:
- Update to version sahara-7.0.5.dev4:
* Run sahara-scenario using Python 3
* Enforce python 2 for documentation build
* Fix requirements (bandit)
* OpenDev Migration Patch
7.0.4
Changes in openstack-trove:
- Update to version trove-8.0.2.dev2:
* Add local bindep.txt
* OpenDev Migration Patch
8.0.1
Changes in openstack-trove:
- Update to version trove-8.0.2.dev2:
* Add local bindep.txt
* OpenDev Migration Patch
8.0.1
Changes in python-cinderlm:
- Update to version 0.0.2+git.1571845893.27f0b7b:
* SCRD-4764 remove V2.0 auth end points (SOC-9753)
Changes in python-congressclient:
- update to version 1.8.1
- Update .gitreview for stable/pike
- Update UPPER_CONSTRAINTS_FILE for stable/pike
- import zuul job settings from project-config
- Updated from global requirements
Changes in python-designateclient:
- update to version 2.7.1
- Update .gitreview for stable/pike
- Updated from global requirements
- import zuul job settings from project-config
- Update UPPER_CONSTRAINTS_FILE for stable/pike
- server-get/update show wrong values about 'id' and 'update_at'
Changes in python-ironic-lib:
- update to version 2.10.2
- Replace openstack.org git:// URLs with https://
- Make search for config drive partition case insensitive
- Revert 'Use dd conv=sparse when writing images to nodes'
- Check GPT table with sgdisk insread of partprobe
- Avoid tox_install.sh for constraints support
- Fix GPT bug with whole disk images
- import zuul job settings from project-config
Changes in python-networking-cisco:
- Update to version networking-cisco-6.1.1.dev65:
* Nexus: Add CA Bundle path to https doc
* Improve Nexus Ironic related doc and logs
* Upgrade release notes to include Tripleo/puppet
* Fix socket not closed errors in unit test logs
* Add release note about adding support for Rocky OpenStack
* Update publish-openstack-python-branch-tarball job
* Remove MultiConfigParser from SAF application
* More fixes for networking_cisco rocky support
* Remove MultiConfigParser from the device manger config loader
* Ensure CFG agent is started after neutron config is written
* Removed older version of python added 3.5
* Begin process of supporting neutron Rocky
* Typo in tar command in doc install guide
* Add cisco providernet extension to Nexus doc
* Add missing policy to fix stable/queens unit tests
* Pin stestr version (1.1.0) for Mitaka
* Fix places in ucsm network driver using .ucsm instead of .ucsms
* Fix doc build under python3
* Fix mitaka bug with NeutronWorker missing parameter
* Eliminate 30 sec delay for Nexus replay thread
* Fix foreign key constraint violation while creating primary key with subnet_id
* Put upper constraint on ncclient version to prevent breakages
* Improvements to the networking-cisco zuul jobs
* Remove deprecated host/interface map config
* Include device manager configuration file when starting config agent
* Fix pep8 and other tox environments locally
* Add rocky to CI
* Add bandit to tox and resolve Nexus SA errors
* Deprecate old ML2 Nexus/UCSM documentation file
* Secure Nexus https certificates by default
- Add tempest_plugin subpackage
Changes in python-osc-lib:
- update to version 1.7.1
- import zuul job settings from project-config
- Update UPPER_CONSTRAINTS_FILE for stable/pike
- Updated from global requirements
- Update .gitreview for stable/pike
- Avoid tox_install.sh for constraints support
Changes iython-oslo.context:
- update to version 2.17.2
- Fix sphinx-docs job for stable branch
- import zuul job settings from project-config
Changes in python-oslo.rootwrap:
- update to version 5.9.3
- Avoid tox_install.sh for constraints support
- Follow the new PTI for document build
- import zuul job settings from project-config
Changes in python-oslo.serialization:
- update to version 2.20.3
- import zuul job settings from project-config
- Fix sphinx-docs job for stable branch
Changes in python-oslo.service:
- update to version 1.25.2
- import zuul job settings from project-config
- Fix sphinx-docs job for stable branch
Changes in python-stevedore:
- update to version 1.25.2
- move doc requirements to doc/requirements.txt
- Use stable branch for upper-constraints
- remove duplicate sphinx dependency
- Avoid tox_install.sh for constraints support
- import zuul job settings from project-config
Changes in python-taskflow:
- update to version 2.14.2
- don't let tox_install.sh error if there is nothing to do
- import zuul job settings from project-config
- Updated from global requirements
- Use doc/requirements.txt
Changes in rubygem-crowbar-client:
- Update to 3.9.1
- Fix repocheck table output (SOC-10718)
- Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)
Changes in rubygem-puma:
- Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770)
This patch fixes a DoS vulnerability a malicious client could use to
block a large amount of threads.
Changes in venv-openstack-swift:
- Fix lower version numver after inheriting the version from main
component (SCRD-8523)
Revert: 'Inherit version number of venv from main component
(SCRD-8523)' as zypper reports the new version number as older
than what is releasedInherit version number of venv from main component (SCRD-8523)
- ID
- SUSE-SU-2020:0640-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20200640-1/
- Published
-
2020-03-11T11:30:47
(4 years ago) - Modified
-
2020-03-11T11:30:47
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2019-1296
- ALAS-2019-1297
- ALAS-2020-1332
- ALAS-2020-1333
- ALAS-2020-1438
- ALAS2-2020-1387
- ALAS2-2020-1534
- ALAS2-2020-1537
- ALPINE:CVE-2019-13117
- ALPINE:CVE-2019-2737
- ALPINE:CVE-2019-2739
- ALPINE:CVE-2019-2740
- ALPINE:CVE-2019-2758
- ALPINE:CVE-2019-2805
- ALPINE:CVE-2019-2938
- ALPINE:CVE-2019-2974
- ALPINE:CVE-2020-2574
- ALPINE:CVE-2020-7595
- ALSA-2019:2511
- ALSA-2019:3708
- ALSA-2020:3732
- ALSA-2020:4479
- ALSA-2020:5500
- ALSA-2020:5503
- ASA-202011-15
- ELSA-2019-2511
- ELSA-2020-1100
- ELSA-2020-3732
- ELSA-2020-3996
- ELSA-2020-4026
- ELSA-2020-4479
- ELSA-2020-5500
- ELSA-2020-5503
- FEDORA-2019-48a0a07033
- FEDORA-2019-96516ce0ac
- FEDORA-2019-c106e46a95
- FEDORA-2019-c1fab3f139
- FEDORA-2019-d40df38271
- FEDORA-2019-fdf6ec39b4
- FEDORA-2020-0c71c00af4
- FEDORA-2020-35087800be
- FEDORA-2020-40fa1ae94b
- FEDORA-2020-41fe1680f6
- FEDORA-2020-7694e8be73
- FEDORA-2020-7dd29dacad
- FEDORA-2020-90c768a947
- FREEBSD:198E6220-AC8B-11E9-A1C7-B499BAEBFEAF
- FREEBSD:A6CF65AD-37D2-11EA-A1C7-B499BAEBFEAF
- FREEBSD:CB0183BB-45F6-11EA-A1C7-B499BAEBFEAF
- FREEBSD:E8483115-8B8E-11EA-BDCF-001B217B3468
- FREEBSD:FC91F2EF-FD7B-11E9-A1C7-B499BAEBFEAF
- GLSA-202007-27
- GLSA-202010-04
- GLSA-202105-27
- GLSA-202405-25
- MS:CVE-2020-7595
- openSUSE-SU-2019:2698-1
- openSUSE-SU-2020:0289-1
- openSUSE-SU-2020:0681-1
- openSUSE-SU-2020:0731-1
- openSUSE-SU-2020:1993-1
- openSUSE-SU-2020:2000-1
- RHSA-2019:2511
- RHSA-2019:3708
- RHSA-2020:1100
- RHSA-2020:3732
- RHSA-2020:3996
- RHSA-2020:4026
- RHSA-2020:4479
- RHSA-2020:5500
- RHSA-2020:5503
- RLSA-2019:2511
- RLSA-2019:3708
- RLSA-2020:3732
- RLSA-2020:5500
- RLSA-2020:5503
- RUBYSEC:HAML-2017-1002201
- RUBYSEC:NOKOGIRI-2019-13117
- RUBYSEC:NOKOGIRI-2020-7595
- RUBYSEC:NOKOGIRI-7RRM-V45F-JP64
- RUBYSEC:PUMA-2019-16770
- RUBYSEC:PUMA-2021-29509
- SSA:2019-213-01
- SUSE-SU-2019:1867-1
- SUSE-SU-2019:2461-1
- SUSE-SU-2019:2687-1
- SUSE-SU-2019:2932-1
- SUSE-SU-2019:3270-1
- SUSE-SU-2019:3306-1
- SUSE-SU-2019:3369-1
- SUSE-SU-2019:3370-1
- SUSE-SU-2020:0050-1
- SUSE-SU-2020:0081-1
- SUSE-SU-2020:0311-1
- SUSE-SU-2020:0496-1
- SUSE-SU-2020:0505-1
- SUSE-SU-2020:0523-1
- SUSE-SU-2020:0527-1
- SUSE-SU-2020:0642-1
- SUSE-SU-2020:0831-1
- SUSE-SU-2020:1299-1
- SUSE-SU-2020:1409-1
- SUSE-SU-2020:2060-1
- SUSE-SU-2020:2609-1
- SUSE-SU-2020:2876-1
- SUSE-SU-2020:2911-1
- SUSE-SU-2020:3036-1
- SUSE-SU-2020:3147-1
- SUSE-SU-2020:3160-1
- USN-4070-1
- USN-4070-2
- USN-4070-3
- USN-4164-1
- USN-4195-1
- USN-4195-2
- USN-4250-1
- USN-4250-2
- USN-4274-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |