[SUSE-SU-2022:3339-1] Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
Update to version group-based-policy-14.0.1.dev45:
- FIP Status active after dissociate
Update to version group-based-policy-14.0.1.dev43:
- fixed apic synchronization state for multiple erspan session
Update to version group-based-policy-14.0.1.dev41:
- Remove_legacy_service_chain_code(2)
Update to version group-based-policy-14.0.1.dev39:
- data-migrations spelling fixes 2014.2rc1
Update to version group-based-policy-14.0.1.dev38:
- Adding support for address group feature in upstream
Update to version group-based-policy-14.0.1.dev36:
- Add support for yoga 2014.2.rc1
Update to version group-based-policy-14.0.1.dev35:
- Removed_legacy_service_chain_code 2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
- Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
- SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
- ID
- SUSE-SU-2022:3339-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223339-1/
- Published
-
2022-09-22T14:16:26
(2 years ago) - Modified
-
2022-09-22T14:16:26
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2022-28346
-
ALPINE:CVE-2022-34265
-
ALSA-2021:3771
-
ASA-202204-9
-
CISA-2022:0825
-
DSA-5146-1
-
DSA-5254-1
-
ELSA-2021-3771
-
FEDORA-2019-6497f51791
-
FEDORA-2019-74d2feb5be
-
FEDORA-2021-01588ab0bf
-
FEDORA-2021-dd83dc8b0b
-
FEDORA-2022-52d0032596
-
FEDORA-2022-7c8b29195f
-
FEDORA-2022-de968d1b6c
-
FEDORA-2023-8fed428c5e
-
FEDORA-2023-a53ab7c969
-
FREEBSD:0DB46F84-B9FA-11EC-89DF-080027240888
-
FREEBSD:5BE19B0D-FB85-11EC-95CD-080027B24E86
-
FREEBSD:757EE63B-269A-11EC-A616-6C3BE5272ACD
-
GLSA-202208-28
-
openSUSE-SU-2022:0081-1
-
openSUSE-SU-2022:0140-1
-
openSUSE-SU-2023:0005-1
-
PYSEC-2020-6
-
PYSEC-2022-190
-
PYSEC-2022-213
-
RHSA-2021:3771
-
RLSA-2021:3771
-
RLSA-2022:5498
-
RLSA-2022:8506
-
RUBYSEC:PUMA-2022-24790
-
SUSE-SU-2020:3309-1
-
SUSE-SU-2022:0138-1
-
SUSE-SU-2022:0139-1
-
SUSE-SU-2022:0310-1
-
SUSE-SU-2022:0311-1
-
SUSE-SU-2022:0751-1
-
SUSE-SU-2022:1396-1
-
SUSE-SU-2022:2134-1
-
SUSE-SU-2022:3338-1
-
SUSE-SU-2022:3425-1
-
SUSE-SU-2022:3571-1
-
SUSE-SU-2024:0191-1
-
SUSE-SU-2024:2817-1
-
USN-5004-1
-
USN-5373-1
-
USN-5373-2
-
USN-5501-1
-
USN-6682-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |