Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3330 SUSE-SU-2019:2267-1 Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ard 3 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: git Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Existing Account Provide Misleading Information -- Remote with User Interaction Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-13611 CVE-2019-11324 CVE-2019-11236 CVE-2019-9740 CVE-2019-9735 CVE-2019-7548 CVE-2019-7164 CVE-2017-17051 CVE-2015-3448 Reference: ESB-2019.3326 ESB-2019.3298 ESB-2019.3244 ESB-2019.3229 ESB-2019.2954 ESB-2019.2942 ESB-2019.2851 Original Bulletin: https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmwar ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2267-1 Rating: moderate References: #1027315 #1129729 #1133719 #1134232 #1140512 #1141676 #1144026 #1144027 Cross-References: CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324 CVE-2019-13611 CVE-2019-7164 CVE-2019-7548 CVE-2019-9735 CVE-2019-9740 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ e-nsxlib, yast2-crowbar An update that fixes 9 vulnerabilities is now available. Description: This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues: o Update to version 9.0+git.1566374020.301191f: * Use raw image format when using SES backend on Nova (SOC-9285) o Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) o Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840) o Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/ https urls (SOC-10063) o Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for policy.yaml.j2. (SOC-0000) o Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non local ipv6 addresses (SOC-9330) o Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for ipv6 address comparison (SOC-9940) o Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with 'zypper' (SOC-9997) o Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for ipv6 (SOC-9369) o Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin for l2gw (SOC-5837) o Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway Service definition (SOC-5837) o Switch to new Gerrit Server o Update to version 9.0+git.1566375806.f0b2333: * Configure glance image_direct_url/multiple_locations (SOC-9285) o Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1564491141.602fdf9: * Default glance_default_store to rbd if SES enabled (SOC-8749) o Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from rule (SOC-10003) o Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json permission to be 664 (SOC-9872) o Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the minimal ardana-ci model (SOC-9800) o Update to version 9.0+git.1566255088.3443670: * Add server state column (SOC-9957) o Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677) (#357) o Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload option when ses is not configured (SOC-8555) (#356) o Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is created during upgrade (SOC-9923) o Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/ https urls (SOC-10063) o Update to version 9.0+git.1565691188.2309798: * Use systemd for monasca-thresh (SOC-10145) o Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on rabbitmq-server (SOC-9745) o Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/ https urls (SOC-10063) o Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure VPN and Firewall service providers (SOC-9935) o Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to neutron services (SOC-8746) o Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/ https urls (SOC-10063) o Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk discard when using RBD (SOC-10182) o Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint override (SOC-10130) o Update to version 9.0+git.1565366126.4993583: * Make default/ rpc_response_timeout configurable (SOC-9285) o Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy random status failures (SOC-9574) o Update to version 9.0+git.1566206502.6c87b41: * Use default values for amphora connection retries/timeout (SOC-9285) o Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/ https urls (SOC-10063) o Add ipaddr bower dependency (SOC-9679) o Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565380193.f006466: * Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939) o Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) o Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user for ovs as 'root' (SOC-8139) o Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url entry totally fictitious (SOC-6800) o Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry to lvm.conf (bsc#1140512) o Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for logrotate (SOC-8139) o Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in iptables command (SOC-9349) o Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on ovs-bridges anymore (SOC-9239) o Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677) o Update to version 9.0+git.1563468620.5035cf8: * Add support for ses integration (SOC-8555) o Update to version 9.0+git.1563461311.16ea2df: * Change url of upper-constraints file (SOC-9863) o Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook (SOC-9902) o Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint during deploy (SOC-9303) o Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls (SOC-10063) o Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade enhancements (SOC-10146) o Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter before deploying it (SOC-10287) o Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in parallel (SOC-9285) o Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve tests (SOC-9775) o Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve tests (SOC-9775) o Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby version for package installation (SOC-10010) o Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova services after upgrade o Update to version 6.0+git.1565859218.525130340: * upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164) o Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove controller for admin bridge (SOC-10073) o Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix get_proposal_json (SOC-9954) o Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 * dns: fix migration for designate o Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar batch error output (SOC-9954) o Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911) o Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup before upgrade (SOC-9482) * bind9: Fix spelling error in template o Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup clone_stateless_services leftovers (SOC-9842) o Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file names for 8 -> 9 (SOC-9029) o Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098) o Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby version for package installation (SOC-10010) o Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB pools configuration (SOC-9767) * horizon: Install designate plugin when configured (SOC-9695) o Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old ceilometer-api vhosts (SOC-9483) o Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp (SOC-6100) o Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure resource settings (SOC-9633) o Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029) o Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) o Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync (SOC-9981) o Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests (SOC-9298) * Fix nova tempest tests (SOC-9298) o Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation error if domain names dont end with a dot(.) o Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support (SOC-9298) o Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server node for VIP look ups (SOC-9631) o add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to run the barbican tempest test o Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup clone_stateless_services leftovers (SOC-9842) o Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for cinder using ceph as backenid (SOC-9298) o Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes (SOC-9683) o Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling error inside comments (SOC-6361) o Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when lookup by name (SOC-9339) o Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB creation o Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689) o Update to version 1.3.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version o Bumped package version to 1.3 to differentiate it from 8-9 version o Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom version to 1.3.0 o Remove cassandra.patch (merged upstream) o Fix license o Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common o Update to version ceilometer-11.0.2.dev14: * Fixing broken links o Update to version ceilometer-11.0.2.dev14: * Fixing broken links o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach support for HPE MSA" o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach support for HPE MSA" o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue * nimble: Fix missing ssl support (bsc#1027315) o Update to version designate-7.0.1.dev21: * Improve log message for better understanding o Update to version designate-7.0.1.dev21: * Improve log message for better understanding o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() o Do not exclude python bytecode files (see https://review.opendev.org/#/c/ 666611 for details) o Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for new upper constraints strategy * OpenDev Migration Patch o Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards o Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master o Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master o Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi from git master o Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a warning when lshw cannot be run o Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw output, collect it with other logs instead 3.3.2 o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0" o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0" o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy for discovery url" * Use rocky heat-container-agent for stable/rocky o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy for discovery url" * Use rocky heat-container-agent for stable/rocky o Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor o Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor o update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105 test failure o update to version 1.12.1~dev9 - Update all columns in metrics on an update to refresh TTL o update to version 1.12.1~dev7 - Widen exception catch for point parse failure o update to version 1.12.1~dev6 - some points unable to parse - OpenDev Migration Patch o Rebased patches: + 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream) o Update to version monasca-persister-1.12.1.dev9: * Update all columns in metrics on an update to refresh TTL * OpenDev Migration Patch o Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch o Update to version monasca-persister-1.12.1.dev4 * Java persister config: defaults and robustness * Add Cassandra db support o Remove java-persister-defaults.patch (merged upstream) o Remove cassandra.patch (merged upstream) o Add missing URLs for patches o Updated to kit tarball built from 1.12.1.dev4 o Updated README.updating for current version o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\ _dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug o Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port o Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\ _ports() o Update to version neutron-13.0.5.dev6: * Ignore first local port update notification o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\ _dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug o Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port o Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\ _ports() o Update to version neutron-13.0.5.dev6: * Ignore first local port update notification o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 * When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) o Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test for Connection Tracking o Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and icmp\_type for SG rule * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call o Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance gbp-validate to detect routed subnet overlap o Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent overlapping CIDRs in routed VRF * Disallow external subnets as router interfaces o Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\ _state display on neutron based on AIM status o Update to version group-based-policy-5.0.1.dev446: * Send the port updates for the SNAT use case if needed * Make DHCP provisioning blocks conditional o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky o add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky * Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051) o Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the gate queue o Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation function o Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP listener health o Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper constraints strategy o Add patches fixing tempest cleanup removing all networks https:// bugs.launchpad.net/tempest/+bug/1812660 * 0001-Remove-deprecated-services-from-cleanup.patch * 0002-Fix-tempest-cleanup.patch * 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch o Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to baremetal ServersValidator (SOC-9940) o Update to version 9.0+git.1565384645.8fcf5db: * Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939) o Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on MANAGEMENT network group (SOC-9939) o Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses for endpoint urls (SOC-9357) o added 0001-Fix-volume-revert-to-snapshot-tests.patch o update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override is used - OpenDev Migration Patch o added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch o added 0001-Use-unicode-literals-in-test_metrics.patch o update to version 3.16.2 (bsc#1144027, bsc#1144026) o update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org git:// URLs with https:// - Fixes for Unicode characters in python 2 requests - Fix functional tests on stable/rocky - Correct updating baremetal nodes by name or ID - Support bare metal service error messages - import zuul job settings from project-config - Correct update operations for baremetal - Add simple create/show/delete functional tests for all baremetal resources - Add a simple baremetal functional job - Pass microversion info through from Profile o update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation o Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) * python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server o Switch to new Gerrit Server o Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. o Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean orphaned section rules * OpenDev Migration Patch * Delete SG rules when deleting their remote group * NSX|V3: Limit number of subnet static routes per backend * NSX|V: Restrict creating conflicting address_pair in the same network * NSX|V3: Add verification of num defined address pairs * constrain rocky dependencies * Update rocky .gitreview branch * Handle multiple default SG creation in all plugins * update tox for stable branch * NSX|V3: remove redundent code in get_port/s * NSX|V3: Change status code of SG failure * NSX|V: enable allow_address_pairs upon request * Revert "NSX|V3: Simplify LBaaS implementation" * NSX|V3: Fix LBaaS loadbalancer creation * NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS implementation * Complete the init of the Neutron main process * NSX|V3: Respect default keyword for physical_net * NSX|V admin utils: Find and fix spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin * Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation * Revert "NSX|V3: Init FWaaS before spawn" * NSX|V3: prevent user from changing the NSX internal SG * Fix provider security group exception call * NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code & tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX| V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack: Delete old project before deciding how to get the new code * NSX|V3: Init FWaaS before spawn * Devstack: Fix failed of ml2 directory creation * Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints * NSX|V3: Do not allow external subnets overlapping with uplink cidr * Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully * NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2 config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use upper-constraints from stable/rocky * fix lower constraints * TVD: Add missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V use context reader for router driver * NSX|V Fix AdminUtils get apis to use the right context * TVD LBaaS: fix operational status api * Use tenant context to get router GW network * NSX-v3: Fix listener for pool not fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl * NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback * NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields * TVD verify loadbalancer project match the LB object project * TVD: Do not crash in case the project is not found * NSX|V3: Fix member fip error message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill VIF data for upgraded ports * Devstack plugin: fetch Neutron only when needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS operation status function params * NSX|V3: Add LB status calls validations * NSX|V3 remove lbaas import to allow the plugin to work without lbaas * NSX|V Allow updating port security and mac learning together * NSX|V3: Change external provider network error message * NSX|V+V3: Prevent adding different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX| V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception when deleting dhcp port * NSX|V3 Validate rate-limit value in admin utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix port MAC learning flag handling * NSX|V3 update port revision on update_port response * NSX|V: Avoid updating the default section at init * NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member create * Devstack: Use the right python version in cleanup * NSX|V: Fix host groups for DRS HA for AZ * NSX|V Fix policy security group update * NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make sure LB member is connected to the LB router * NSX|V3: Prevent adding an external net as a router interface * NSX|V: Shorten the L2 bridge edge name * NSX|V3: Fix port binding update on new ports o update to version 13.0.1~dev146 o Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. o update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX| V3+P: Change max allowed host routes * Adding the option to configure disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter for max subnet static routes * NSX|T: Add NSX limit of IP address association to port * Fix nsgroup update to access the logging field safely * Retry http requests on timeouts * Added retries if API call fails due to MP cluster reconfig * Fix check_manager_status to support older NSX versions * Improve Cluster validation checks * Add apis to get tier0 uplink cidrs and not just ips * Support response status codes for LB HM * Add manager status validation to validate connection * Handle get_default_headers errors * Update the max NS groups criteria tags number dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and codes in strict mode * Fix cluster connectivity * Fix the revision needed for security rules version * New api for getting VPN session status * New api for getting the LB virtual servers status * NSX|V3: Support new icmp codes and types list- o update to version 13.0.1~dev24 o Fix the Requires: format in spec file (bsc#1134232) o 3.4.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1566321308.1de18b9a4-3.6.1 crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.6.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-ha-6.0+git.1566406179.7549de2-3.6.1 crowbar-openstack-6.0+git.1566404979.41279a88e-3.6.1 crowbar-ui-1.3.0+git.1563181545.65360af5-3.3.1 openstack-ceilometer-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3 openstack-ceilometer-polling-11.0.2~dev14-3.6.3 openstack-cinder-13.0.7~dev3-3.6.3 openstack-cinder-api-13.0.7~dev3-3.6.3 openstack-cinder-backup-13.0.7~dev3-3.6.3 openstack-cinder-scheduler-13.0.7~dev3-3.6.3 openstack-cinder-volume-13.0.7~dev3-3.6.3 openstack-designate-7.0.1~dev21-3.6.3 openstack-designate-agent-7.0.1~dev21-3.6.3 openstack-designate-api-7.0.1~dev21-3.6.3 openstack-designate-central-7.0.1~dev21-3.6.3 openstack-designate-producer-7.0.1~dev21-3.6.3 openstack-designate-sink-7.0.1~dev21-3.6.3 openstack-designate-worker-7.0.1~dev21-3.6.3 openstack-heat-11.0.3~dev19-3.6.3 openstack-heat-api-11.0.3~dev19-3.6.3 openstack-heat-api-cfn-11.0.3~dev19-3.6.3 openstack-heat-engine-11.0.3~dev19-3.6.3 openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3 openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 openstack-ironic-11.1.4~dev9-3.6.3 openstack-ironic-api-11.1.4~dev9-3.6.3 openstack-ironic-conductor-11.1.4~dev9-3.6.3 openstack-ironic-python-agent-3.3.3~dev4-3.6.3 openstack-keystone-14.1.1~dev8-3.6.4 openstack-magnum-7.1.1~dev28-3.6.3 openstack-magnum-api-7.1.1~dev28-3.6.3 openstack-magnum-conductor-7.1.1~dev28-3.6.3 openstack-manila-7.3.1~dev3-4.6.3 openstack-manila-api-7.3.1~dev3-4.6.3 openstack-manila-data-7.3.1~dev3-4.6.3 openstack-manila-scheduler-7.3.1~dev3-4.6.3 openstack-manila-share-7.3.1~dev3-4.6.3 openstack-monasca-notification-1.14.2~dev1-6.6.4 openstack-monasca-persister-1.12.1~dev9-4.3.3 openstack-monasca-persister-java-1.12.1~dev9-4.3.2 openstack-neutron-13.0.5~dev22-3.6.3 openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3 openstack-neutron-gbp-5.0.1~dev459-3.6.3 openstack-neutron-ha-tool-13.0.5~dev22-3.6.3 openstack-neutron-l3-agent-13.0.5~dev22-3.6.3 openstack-neutron-lbaas-13.0.1~dev14-3.6.2 openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2 openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3 openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3 openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3 openstack-neutron-metering-agent-13.0.5~dev22-3.6.3 openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3 openstack-neutron-server-13.0.5~dev22-3.6.3 openstack-nova-18.2.2~dev9-3.6.2 openstack-nova-api-18.2.2~dev9-3.6.2 openstack-nova-cells-18.2.2~dev9-3.6.2 openstack-nova-compute-18.2.2~dev9-3.6.2 openstack-nova-conductor-18.2.2~dev9-3.6.2 openstack-nova-console-18.2.2~dev9-3.6.2 openstack-nova-novncproxy-18.2.2~dev9-3.6.2 openstack-nova-placement-api-18.2.2~dev9-3.6.2 openstack-nova-scheduler-18.2.2~dev9-3.6.2 openstack-nova-serialproxy-18.2.2~dev9-3.6.2 openstack-nova-vncproxy-18.2.2~dev9-3.6.2 openstack-octavia-3.1.2~dev8-3.6.3 openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3 openstack-octavia-api-3.1.2~dev8-3.6.3 openstack-octavia-health-manager-3.1.2~dev8-3.6.3 openstack-octavia-housekeeping-3.1.2~dev8-3.6.3 openstack-octavia-worker-3.1.2~dev8-3.6.3 openstack-tempest-19.0.0-7.3.3 openstack-tempest-test-19.0.0-7.3.3 python-ceilometer-11.0.2~dev14-3.6.3 python-cinder-13.0.7~dev3-3.6.3 python-cinder-tempest-plugin-0.1.0-3.3.1 python-designate-7.0.1~dev21-3.6.3 python-heat-11.0.3~dev19-3.6.3 python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 python-ironic-11.1.4~dev9-3.6.3 python-ironicclient-2.5.3-4.6.2 python-ironicclient-doc-2.5.3-4.6.2 python-keystone-14.1.1~dev8-3.6.4 python-keystonemiddleware-5.2.0-3.3.2 python-magnum-7.1.1~dev28-3.6.3 python-manila-7.3.1~dev3-4.6.3 python-monasca-notification-1.14.2~dev1-6.6.4 python-monasca-persister-1.12.1~dev9-4.3.3 python-monasca-tempest-plugin-0.3.0-3.3.1 python-neutron-13.0.5~dev22-3.6.3 python-neutron-gbp-5.0.1~dev459-3.6.3 python-neutron-lbaas-13.0.1~dev14-3.6.2 python-nova-18.2.2~dev9-3.6.2 python-octavia-3.1.2~dev8-3.6.3 python-openstackclient-3.16.2-3.3.2 python-openstacksdk-0.17.3-3.3.2 python-proliantutils-2.8.4-3.3.1 python-tempest-19.0.0-7.3.3 python-vmware-nsx-13.0.1~dev146-4.3.1 python-vmware-nsxlib-13.0.1~dev24-3.3.1 yast2-crowbar-3.4.2-3.3.1 o SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1566374020.301191f-3.6.1 ardana-barbican-9.0+git.1566251498.be02ca4-3.6.1 ardana-cinder-9.0+git.1565678764.c3a9b9f-3.6.1 ardana-cluster-9.0+git.1559333871.40508f7-3.6.1 ardana-cobbler-9.0+git.1566336494.93967dd-3.6.1 ardana-db-9.0+git.1564409964.b7e4fc3-3.6.1 ardana-designate-9.0+git.1565680593.df7a432-3.6.1 ardana-extensions-nsx-9.0+git.1566213657.69862ab-3.3.2 ardana-glance-9.0+git.1566375806.f0b2333-3.6.1 ardana-heat-9.0+git.1565721273.f44b8d7-3.6.1 ardana-horizon-9.0+git.1565891518.2a545a1-3.6.1 ardana-input-model-9.0+git.1562848565.91e75b2-3.6.1 ardana-installer-ui-9.0+git.1566255088.3443670-3.6.1 ardana-installer-ui-debugsource-9.0+git.1566255088.3443670-3.6.1 ardana-ironic-9.0+git.1565721987.ddc59c8-3.6.1 ardana-keystone-9.0+git.1565891593.cad6d1a-3.6.1 ardana-logging-9.0+git.1565761582.2dc823a-3.6.1 ardana-magnum-9.0+git.1565762005.016032a-3.6.1 ardana-monasca-9.0+git.1566332665.ad894c0-3.6.1 ardana-mq-9.0+git.1565115025.148d092-3.6.1 ardana-neutron-9.0+git.1566251310.3a1e8f9-3.6.1 ardana-nova-9.0+git.1566332515.e232568-3.6.1 ardana-octavia-9.0+git.1566206502.6c87b41-3.6.1 ardana-opsconsole-9.0+git.1566251377.b1caeaa-3.6.1 ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.6.1 ardana-osconfig-9.0+git.1565764394.545b573-3.6.1 ardana-service-9.0+git.1564706915.edd44c4-3.6.1 ardana-ses-9.0+git.1565962617.523149b-3.6.1 ardana-swift-9.0+git.1565891872.73fc3c7-3.6.1 ardana-swiftlm-drive-provision-9.0+git.1541434883.e0ebe69-3.3.1 ardana-swiftlm-log-tailer-9.0+git.1541434883.e0ebe69-3.3.1 ardana-swiftlm-uptime-mon-9.0+git.1541434883.e0ebe69-3.3.1 ardana-tempest-9.0+git.1566471752.a3c5c9c-3.6.1 openstack-ceilometer-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3 openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3 openstack-ceilometer-polling-11.0.2~dev14-3.6.3 openstack-cinder-13.0.7~dev3-3.6.3 openstack-cinder-api-13.0.7~dev3-3.6.3 openstack-cinder-backup-13.0.7~dev3-3.6.3 openstack-cinder-scheduler-13.0.7~dev3-3.6.3 openstack-cinder-volume-13.0.7~dev3-3.6.3 openstack-designate-7.0.1~dev21-3.6.3 openstack-designate-agent-7.0.1~dev21-3.6.3 openstack-designate-api-7.0.1~dev21-3.6.3 openstack-designate-central-7.0.1~dev21-3.6.3 openstack-designate-producer-7.0.1~dev21-3.6.3 openstack-designate-sink-7.0.1~dev21-3.6.3 openstack-designate-worker-7.0.1~dev21-3.6.3 openstack-heat-11.0.3~dev19-3.6.3 openstack-heat-api-11.0.3~dev19-3.6.3 openstack-heat-api-cfn-11.0.3~dev19-3.6.3 openstack-heat-engine-11.0.3~dev19-3.6.3 openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3 openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 openstack-ironic-11.1.4~dev9-3.6.3 openstack-ironic-api-11.1.4~dev9-3.6.3 openstack-ironic-conductor-11.1.4~dev9-3.6.3 openstack-ironic-python-agent-3.3.3~dev4-3.6.3 openstack-keystone-14.1.1~dev8-3.6.4 openstack-magnum-7.1.1~dev28-3.6.3 openstack-magnum-api-7.1.1~dev28-3.6.3 openstack-magnum-conductor-7.1.1~dev28-3.6.3 openstack-manila-7.3.1~dev3-4.6.3 openstack-manila-api-7.3.1~dev3-4.6.3 openstack-manila-data-7.3.1~dev3-4.6.3 openstack-manila-scheduler-7.3.1~dev3-4.6.3 openstack-manila-share-7.3.1~dev3-4.6.3 openstack-monasca-notification-1.14.2~dev1-6.6.4 openstack-monasca-persister-1.12.1~dev9-4.3.3 openstack-monasca-persister-java-1.12.1~dev9-4.3.2 openstack-neutron-13.0.5~dev22-3.6.3 openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3 openstack-neutron-gbp-5.0.1~dev459-3.6.3 openstack-neutron-ha-tool-13.0.5~dev22-3.6.3 openstack-neutron-l3-agent-13.0.5~dev22-3.6.3 openstack-neutron-lbaas-13.0.1~dev14-3.6.2 openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2 openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3 openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3 openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3 openstack-neutron-metering-agent-13.0.5~dev22-3.6.3 openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3 openstack-neutron-server-13.0.5~dev22-3.6.3 openstack-nova-18.2.2~dev9-3.6.2 openstack-nova-api-18.2.2~dev9-3.6.2 openstack-nova-cells-18.2.2~dev9-3.6.2 openstack-nova-compute-18.2.2~dev9-3.6.2 openstack-nova-conductor-18.2.2~dev9-3.6.2 openstack-nova-console-18.2.2~dev9-3.6.2 openstack-nova-novncproxy-18.2.2~dev9-3.6.2 openstack-nova-placement-api-18.2.2~dev9-3.6.2 openstack-nova-scheduler-18.2.2~dev9-3.6.2 openstack-nova-serialproxy-18.2.2~dev9-3.6.2 openstack-nova-vncproxy-18.2.2~dev9-3.6.2 openstack-octavia-3.1.2~dev8-3.6.3 openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3 openstack-octavia-api-3.1.2~dev8-3.6.3 openstack-octavia-health-manager-3.1.2~dev8-3.6.3 openstack-octavia-housekeeping-3.1.2~dev8-3.6.3 openstack-octavia-worker-3.1.2~dev8-3.6.3 openstack-tempest-19.0.0-7.3.3 openstack-tempest-test-19.0.0-7.3.3 python-ardana-configurationprocessor-9.0+git.1566405927.c5c03d4-3.7.1 python-ceilometer-11.0.2~dev14-3.6.3 python-cinder-13.0.7~dev3-3.6.3 python-cinder-tempest-plugin-0.1.0-3.3.1 python-designate-7.0.1~dev21-3.6.3 python-heat-11.0.3~dev19-3.6.3 python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3 python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3 python-ironic-11.1.4~dev9-3.6.3 python-ironicclient-2.5.3-4.6.2 python-ironicclient-doc-2.5.3-4.6.2 python-keystone-14.1.1~dev8-3.6.4 python-keystonemiddleware-5.2.0-3.3.2 python-magnum-7.1.1~dev28-3.6.3 python-manila-7.3.1~dev3-4.6.3 python-monasca-notification-1.14.2~dev1-6.6.4 python-monasca-persister-1.12.1~dev9-4.3.3 python-monasca-tempest-plugin-0.3.0-3.3.1 python-neutron-13.0.5~dev22-3.6.3 python-neutron-gbp-5.0.1~dev459-3.6.3 python-neutron-lbaas-13.0.1~dev14-3.6.2 python-nova-18.2.2~dev9-3.6.2 python-octavia-3.1.2~dev8-3.6.3 python-openstackclient-3.16.2-3.3.2 python-openstacksdk-0.17.3-3.3.2 python-proliantutils-2.8.4-3.3.1 python-python-engineio-2.0.2-4.3.1 python-swiftlm-9.0+git.1541434883.e0ebe69-3.3.1 python-tempest-19.0.0-7.3.3 python-vmware-nsx-13.0.1~dev146-4.3.1 python-vmware-nsxlib-13.0.1~dev24-3.3.1 References: o https://www.suse.com/security/cve/CVE-2015-3448.html o https://www.suse.com/security/cve/CVE-2017-17051.html o https://www.suse.com/security/cve/CVE-2019-11236.html o https://www.suse.com/security/cve/CVE-2019-11324.html o https://www.suse.com/security/cve/CVE-2019-13611.html o https://www.suse.com/security/cve/CVE-2019-7164.html o https://www.suse.com/security/cve/CVE-2019-7548.html o https://www.suse.com/security/cve/CVE-2019-9735.html o https://www.suse.com/security/cve/CVE-2019-9740.html o https://bugzilla.suse.com/1027315 o https://bugzilla.suse.com/1129729 o https://bugzilla.suse.com/1133719 o https://bugzilla.suse.com/1134232 o https://bugzilla.suse.com/1140512 o https://bugzilla.suse.com/1141676 o https://bugzilla.suse.com/1144026 o https://bugzilla.suse.com/1144027 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXW29V2aOgq3Tt24GAQhwtg/9GyzIAes6XrZsDAe/9wsqnzWrcIrTA9IA cYLDuZkr4gZKZAquuOHStnOxB0pEz/fgva1E3qaCQjf6R2tSC6r4clruacR3y2hU sIDJU8E/6Lp0b3IZmXjWLtQRn9Y+M9wkqoYLmlTFzc5SwOXHiW+hSKj82lwBNq3z tEX1jyAGF+ToQT3VcbiZUGSzszkz2JAJWxOBgC+ZouLxVZ206DMEbkPm/bwDTUuP OPBaLPaxCuKtuqF5kiUicLL65Tt9SRgJhz1jiT5mP1PUfhGvP7muJR/1QIS+j1ID 29e/2vWsBvaGE2H7Cl05XKcbGjTxQYHuzIYGl3B4EyCrt/npae6gI3MQHSuZcHlX gq6p5dobR2fo6HM61INm5lc/X/LQvn3gBzvIG7drw3SrLOU6FL1w4m/lAgTS1584 EvnUW9VQTjYKQAuWbAuOAwh5jWBJ7rMxjyKmSSyF8nSizxQ7Q2rZEyFd/Ysshjz+ G1zC3sU5ZfkvOrUr4orXcO+naanXK5dgSCG+GS4H95QbEl77/2bDAeRe7o+DY5qn Jsu/lBeO1oacCEyQPl6OjxU8kXrriJRm74pknZsjF4rXjR8iLLF4ewovzItc/YmA JQbemT117YKNdPFA9EwEYgX/SN8/OrUZjrM8squAGTDI3nTLPJna5dOEuM0qki0d 6/CpkjmjNvo= =r+2j -----END PGP SIGNATURE-----