[SUSE-SU-2022:3339-1] Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
Update to version group-based-policy-14.0.1.dev45:
- FIP Status active after dissociate
Update to version group-based-policy-14.0.1.dev43:
- fixed apic synchronization state for multiple erspan session
Update to version group-based-policy-14.0.1.dev41:
- Remove_legacy_service_chain_code(2)
Update to version group-based-policy-14.0.1.dev39:
- data-migrations spelling fixes 2014.2rc1
Update to version group-based-policy-14.0.1.dev38:
- Adding support for address group feature in upstream
Update to version group-based-policy-14.0.1.dev36:
- Add support for yoga 2014.2.rc1
Update to version group-based-policy-14.0.1.dev35:
- Removed_legacy_service_chain_code 2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
- Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
- SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
- ID
- SUSE-SU-2022:3339-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223339-1/
- Published
-
2022-09-22T14:16:26
(2 years ago) - Modified
-
2022-09-22T14:16:26
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2022-28346
- ALPINE:CVE-2022-34265
- ALSA-2021:3771
- ASA-202204-9
- CISA-2022:0825
- DSA-5146-1
- DSA-5254-1
- ELSA-2021-3771
- FEDORA-2019-6497f51791
- FEDORA-2019-74d2feb5be
- FEDORA-2021-01588ab0bf
- FEDORA-2021-dd83dc8b0b
- FEDORA-2022-52d0032596
- FEDORA-2022-7c8b29195f
- FEDORA-2022-de968d1b6c
- FEDORA-2023-8fed428c5e
- FEDORA-2023-a53ab7c969
- FREEBSD:0DB46F84-B9FA-11EC-89DF-080027240888
- FREEBSD:5BE19B0D-FB85-11EC-95CD-080027B24E86
- FREEBSD:757EE63B-269A-11EC-A616-6C3BE5272ACD
- GLSA-202208-28
- openSUSE-SU-2022:0081-1
- openSUSE-SU-2022:0140-1
- openSUSE-SU-2023:0005-1
- PYSEC-2020-6
- PYSEC-2022-190
- PYSEC-2022-213
- RHSA-2021:3771
- RLSA-2021:3771
- RLSA-2022:5498
- RLSA-2022:8506
- RUBYSEC:PUMA-2022-24790
- SUSE-SU-2020:3309-1
- SUSE-SU-2022:0138-1
- SUSE-SU-2022:0139-1
- SUSE-SU-2022:0310-1
- SUSE-SU-2022:0311-1
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:3338-1
- SUSE-SU-2022:3425-1
- SUSE-SU-2022:3571-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:2817-1
- USN-5004-1
- USN-5373-1
- USN-5373-2
- USN-5501-1
- USN-6682-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |