Operating System:

[SUSE]

Published:

03 September 2019

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.3330
 SUSE-SU-2019:2267-1 Security update for ardana-ansible, ardana-barbican,
ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate,
    ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon,
        ardana-input-model, ardana-installer-ui, ardana-ironic, ard
                             3 September 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           git
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Denial of Service               -- Existing Account            
                   Provide Misleading Information  -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-13611 CVE-2019-11324 CVE-2019-11236
                   CVE-2019-9740 CVE-2019-9735 CVE-2019-7548
                   CVE-2019-7164 CVE-2017-17051 CVE-2015-3448

Reference:         ESB-2019.3326
                   ESB-2019.3298
                   ESB-2019.3244
                   ESB-2019.3229
                   ESB-2019.2954
                   ESB-2019.2942
                   ESB-2019.2851

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for ardana-ansible, ardana-barbican,
ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate,
ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon,
ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone,
ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron,
ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui,
ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest,
crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common,
java-monasca-common-kit, openstack-ceilometer, openstack-cinder,
openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui,
openstack-horizon-plugin-neutron-lbaas-ui,
openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic,
openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
openstack-manila, openstack-monasca-notification, openstack-monasca-persister,
openstack-monasca-persister-java, openstack-monasca-persister-java-kit,
openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-tempest,
python-ardana-configurationprocessor, python-cinder-tempest-plugin,
python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin,
python-openstackclient, python-openstacksdk, python-proliantutils,
python-python-engineio, python-swiftlm, python-vmware-nsx,
python-vmwar

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:2267-1
Rating:            moderate
References:        #1027315 #1129729 #1133719 #1134232 #1140512 #1141676
                   #1144026 #1144027
Cross-References:  CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324
                   CVE-2019-13611 CVE-2019-7164 CVE-2019-7548 CVE-2019-9735
                   CVE-2019-9740
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud 9
______________________________________________________________________________

e-nsxlib, yast2-crowbar

An update that fixes 9 vulnerabilities is now available.

Description:

This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster,
ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx,
ardana-glance, ardana-heat, ardana-horizon, ardana-input-model,
ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging,
ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova,
ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig,
ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core,
crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common,
java-monasca-common-kit, openstack-ceilometer, openstack-cinder,
openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui,
openstack-horizon-plugin-neutron-lbaas-ui,
openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic,
openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
openstack-manila, openstack-monasca-notification, openstack-monasca-persister,
openstack-monasca-persister-java, openstack-monasca-persister-java-kit,
openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-tempest,
python-ardana-configurationprocessor, python-cinder-tempest-plugin,
python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin,
python-openstackclient, python-openstacksdk, python-proliantutils,
python-python-engineio, python-swiftlm, python-vmware-nsx,
python-vmware-nsxlib, yast2-crowbar fixes the following issues:

  o Update to version 9.0+git.1566374020.301191f: * Use raw image format when
    using SES backend on Nova (SOC-9285)


  o Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs
    works for dist-upgrade (SOC-9857)


  o Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3
    repps still served (SOC-9840)


  o Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/
    https urls (SOC-10063)


  o Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for
    policy.yaml.j2. (SOC-0000)


  o Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non
    local ipv6 addresses (SOC-9330)


  o Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for
    ipv6 address comparison (SOC-9940)


  o Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with
    'zypper' (SOC-9997)


  o Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for
    ipv6 (SOC-9369)


  o Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin
    for l2gw (SOC-5837)


  o Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway
    Service definition (SOC-5837)


  o Switch to new Gerrit Server


  o Update to version 9.0+git.1566375806.f0b2333: * Configure glance
    image_direct_url/multiple_locations (SOC-9285)


  o Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1564491141.602fdf9: * Default
    glance_default_store to rbd if SES enabled (SOC-8749)


  o Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from
    rule (SOC-10003)


  o Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json
    permission to be 664 (SOC-9872)


  o Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the
    minimal ardana-ci model (SOC-9800)


  o Update to version 9.0+git.1566255088.3443670: * Add server state column
    (SOC-9957)


  o Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677)
    (#357)


  o Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload
    option when ses is not configured (SOC-8555) (#356)


  o Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is
    created during upgrade (SOC-9923)


  o Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/
    https urls (SOC-10063)


  o Update to version 9.0+git.1565691188.2309798: * Use systemd for
    monasca-thresh (SOC-10145)


  o Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on
    rabbitmq-server (SOC-9745)


  o Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/
    https urls (SOC-10063)


  o Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure
    VPN and Firewall service providers (SOC-9935)


  o Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to
    neutron services (SOC-8746)


  o Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/
    https urls (SOC-10063)


  o Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk
    discard when using RBD (SOC-10182)


  o Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint
    override (SOC-10130)


  o Update to version 9.0+git.1565366126.4993583: * Make default/
    rpc_response_timeout configurable (SOC-9285)


  o Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy
    random status failures (SOC-9574)


  o Update to version 9.0+git.1566206502.6c87b41: * Use default values for
    amphora connection retries/timeout (SOC-9285)


  o Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/
    https urls (SOC-10063)


  o Add ipaddr bower dependency (SOC-9679)


  o Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565380193.f006466: * Introduce conditional
    forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)


  o Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs
    works for dist-upgrade (SOC-9857)


  o Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user
    for ovs as 'root' (SOC-8139)


  o Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url
    entry totally fictitious (SOC-6800)


  o Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry
    to lvm.conf (bsc#1140512)


  o Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for
    logrotate (SOC-8139)


  o Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in
    iptables command (SOC-9349)


  o Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on
    ovs-bridges anymore (SOC-9239)


  o Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677)


  o Update to version 9.0+git.1563468620.5035cf8: * Add support for ses
    integration (SOC-8555)


  o Update to version 9.0+git.1563461311.16ea2df: * Change url of
    upper-constraints file (SOC-9863)


  o Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook
    (SOC-9902)


  o Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint
    during deploy (SOC-9303)


  o Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls
    (SOC-10063)


  o Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade
    enhancements (SOC-10146)


  o Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter
    before deploying it (SOC-10287)


  o Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in
    parallel (SOC-9285)


  o Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve
    tests (SOC-9775)


  o Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve
    tests (SOC-9775)


  o Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby
    version for package installation (SOC-10010)


  o Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova
    services after upgrade


  o Update to version 6.0+git.1565859218.525130340: * upgrade: remove
    nova-consoleauth service entries on upgrade (SOC-10164)


  o Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove
    controller for admin bridge (SOC-10073)


  o Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix
    get_proposal_json (SOC-9954)


  o Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar
    batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 *
    dns: fix migration for designate


  o Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar
    batch error output (SOC-9954)


  o Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist
    CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range
    (SOC-9911)


  o Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup
    before upgrade (SOC-9482) * bind9: Fix spelling error in template


  o Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup
    clone_stateless_services leftovers (SOC-9842)


  o Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file
    names for 8 -> 9 (SOC-9029)


  o Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip
    helper to NetworkHelper (SOC-6098)


  o Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby
    version for package installation (SOC-10010)


  o Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB
    pools configuration (SOC-9767) * horizon: Install designate plugin when
    configured (SOC-9695)


  o Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old
    ceilometer-api vhosts (SOC-9483)


  o Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp
    (SOC-6100)


  o Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure
    resource settings (SOC-9633)


  o Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set
    port_admin_state_change to false when using linuxbridge (SOC-10029)


  o Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add
    max_threads_per_process tuneable (SOC-10001, bsc#1133719)


  o Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based
    on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync
    (SOC-9981)


  o Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests
    (SOC-9298) * Fix nova tempest tests (SOC-9298)


  o Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation
    error if domain names dont end with a dot(.)


  o Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support
    (SOC-9298)


  o Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server
    node for VIP look ups (SOC-9631)


  o add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to
    run the barbican tempest test


  o Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup
    clone_stateless_services leftovers (SOC-9842)


  o Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for
    cinder using ceph as backenid (SOC-9298)


  o Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes
    (SOC-9683)


  o Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling
    error inside comments (SOC-6361)


  o Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when
    lookup by name (SOC-9339)


  o Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB
    creation


  o Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update
    repocheck keys * Update texts for 8-9 upgrade (SOC-9689)


  o Update to version 1.3.0+git.1562579063.5690a1bc: * Pin
    gulp-angular-templatecache version


  o Bumped package version to 1.3 to differentiate it from 8-9 version


  o Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom
    version to 1.3.0
  o Remove cassandra.patch (merged upstream)


  o Fix license


  o Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common


  o Update to version ceilometer-11.0.2.dev14: * Fixing broken links


  o Update to version ceilometer-11.0.2.dev14: * Fixing broken links


  o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in
    attachment\_reserve


  o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions
    list


  o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach
    support for HPE MSA"


  o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul
    config


  o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue


  o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in
    attachment\_reserve


  o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions
    list


  o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach
    support for HPE MSA"


  o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul
    config


  o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue


* nimble: Fix missing ssl support (bsc#1027315)

  o Update to version designate-7.0.1.dev21: * Improve log message for better
    understanding


  o Update to version designate-7.0.1.dev21: * Improve log message for better
    understanding


  o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair
    validation


  o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if
    service record is not updated twice * Allow update of previously-replaced
    resources * Do not perform the tenant stack limit check for admin user


  o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo
    policy scripts


  o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties
    for OS::Heat::None resource


  o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and
    limit bandit version * Retry on DB deadlock in event\_create()


  o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair
    validation


  o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if
    service record is not updated twice * Allow update of previously-replaced
    resources * Do not perform the tenant stack limit check for admin user


  o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo
    policy scripts


  o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties
    for OS::Heat::None resource


  o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and
    limit bandit version * Retry on DB deadlock in event\_create()


  o Do not exclude python bytecode files (see https://review.opendev.org/#/c/
    666611 for details)


  o Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for
    new upper constraints strategy * OpenDev Migration Patch


  o Update to latest spec from rpm-packaging * Don't exclude python bytecode
    files in dashboards


  o Update to version ironic-11.1.4.dev9: * Filter security group list on the
    ID's we expect * Ansible module: fix deployment for private and/or shared
    images


  o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with
    serial specified as root device hint * CI: stop using pyghmi from git
    master


  o Update to version ironic-11.1.4.dev9: * Filter security group list on the
    ID's we expect * Ansible module: fix deployment for private and/or shared
    images


  o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with
    serial specified as root device hint * CI: stop using pyghmi from git
    master


  o Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi
    from git master


  o Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a
    warning when lshw cannot be run


  o Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw
    output, collect it with other logs instead 3.3.2


  o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0"


  o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0"


  o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy
    for discovery url" * Use rocky heat-container-agent for stable/rocky


  o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy
    for discovery url" * Use rocky heat-container-agent for stable/rocky


  o Update to version manila-7.3.1.dev3: * Remove the redunant table from
    windows' editor


  o Update to version manila-7.3.1.dev3: * Remove the redunant table from
    windows' editor


  o update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105
    test failure


  o update to version 1.12.1~dev9 - Update all columns in metrics on an update
    to refresh TTL


  o update to version 1.12.1~dev7 - Widen exception catch for point parse
    failure


  o update to version 1.12.1~dev6 - some points unable to parse - OpenDev
    Migration Patch


  o Rebased patches: +
    0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped
    (merged upstream)


  o Update to version monasca-persister-1.12.1.dev9: * Update all columns in
    metrics on an update to refresh TTL * OpenDev Migration Patch


  o Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch


  o Update to version monasca-persister-1.12.1.dev4 * Java persister config:
    defaults and robustness * Add Cassandra db support
  o Remove java-persister-defaults.patch (merged upstream)
  o Remove cassandra.patch (merged upstream)
  o Add missing URLs for patches


  o Updated to kit tarball built from 1.12.1.dev4
  o Updated README.updating for current version


  o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating
    packets * Stop OVS agent before starting it again * Fix sort issue in test\
    _dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug


  o Update to version neutron-13.0.5.dev15: * Check for agent restarted after
    checking for DVR port


  o Update to version neutron-13.0.5.dev14: * Retry trunk status updates
    failing with StaleDataError


  o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during
    reconfigure of phys bridges


  o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq
    instead of --bind-interfaces * Yield control to other greenthreads while
    processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\
    _ports()


  o Update to version neutron-13.0.5.dev6: * Ignore first local port update
    notification


  o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing
    13.0.4


  o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating
    packets * Stop OVS agent before starting it again * Fix sort issue in test\
    _dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug


  o Update to version neutron-13.0.5.dev15: * Check for agent restarted after
    checking for DVR port


  o Update to version neutron-13.0.5.dev14: * Retry trunk status updates
    failing with StaleDataError


  o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during
    reconfigure of phys bridges


  o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq
    instead of --bind-interfaces * Yield control to other greenthreads while
    processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\
    _ports()


  o Update to version neutron-13.0.5.dev6: * Ignore first local port update
    notification


  o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing
    13.0.4


* When converting sg rules to iptables, do not emit dport if not supported
(CVE-2019-9735, bsc#1129729)

  o Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test
    for Connection Tracking


  o Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and
    icmp\_type for SG rule * A VM could be associated with multiple ports *
    Optimize the extend\_router\_dict() call


  o Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance
    gbp-validate to detect routed subnet overlap


  o Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent
    overlapping CIDRs in routed VRF * Disallow external subnets as router
    interfaces


  o Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\
    _state display on neutron based on AIM status


  o Update to version group-based-policy-5.0.1.dev446: * Send the port updates
    for the SNAT use case if needed * Make DHCP provisioning blocks conditional


  o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new
    upper constraints strategy * Remove the release notes job from stable/rocky


  o add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch


  o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new
    upper constraints strategy * Remove the release notes job from stable/rocky


* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051)

  o Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the
    gate queue


  o Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation
    function


  o Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP
    listener health


  o Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper
    constraints strategy


  o Add patches fixing tempest cleanup removing all networks https://
    bugs.launchpad.net/tempest/+bug/1812660 *
    0001-Remove-deprecated-services-from-cleanup.patch *
    0002-Fix-tempest-cleanup.patch *
    0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch


  o Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to
    baremetal ServersValidator (SOC-9940)


  o Update to version 9.0+git.1565384645.8fcf5db: * Ensure
    forward_normal_on_post_up is set for every OVS bridge (SOC-9939)


  o Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on
    MANAGEMENT network group (SOC-9939)


  o Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses
    for endpoint urls (SOC-9357)


  o added 0001-Fix-volume-revert-to-snapshot-tests.patch


  o update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override
    is used - OpenDev Migration Patch


  o added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch


  o added 0001-Use-unicode-literals-in-test_metrics.patch


  o update to version 3.16.2 (bsc#1144027, bsc#1144026)
  o update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org
    git:// URLs with https:// - Fixes for Unicode characters in python 2
    requests - Fix functional tests on stable/rocky - Correct updating
    baremetal nodes by name or ID - Support bare metal service error messages -
    import zuul job settings from project-config - Correct update operations
    for baremetal - Add simple create/show/delete functional tests for all
    baremetal resources - Add a simple baremetal functional job - Pass
    microversion info through from Profile


  o update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation


  o Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) *
    python-python-engineio: An issue was discovered in python-engineio through
    3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that
    allows attackers to make WebSocket connections to a server


  o Switch to new Gerrit Server


  o Switch to opendev as external projects are not longer synced to github. As
    a result, there is also no automatic change log.
  o Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean
    orphaned section rules * OpenDev Migration Patch * Delete SG rules when
    deleting their remote group * NSX|V3: Limit number of subnet static routes
    per backend * NSX|V: Restrict creating conflicting address_pair in the same
    network * NSX|V3: Add verification of num defined address pairs * constrain
    rocky dependencies * Update rocky .gitreview branch * Handle multiple
    default SG creation in all plugins * update tox for stable branch * NSX|V3:
    remove redundent code in get_port/s * NSX|V3: Change status code of SG
    failure * NSX|V: enable allow_address_pairs upon request * Revert "NSX|V3:
    Simplify LBaaS implementation" * NSX|V3: Fix LBaaS loadbalancer creation *
    NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS
    implementation * Complete the init of the Neutron main process * NSX|V3:
    Respect default keyword for physical_net * NSX|V admin utils: Find and fix
    spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin
    * Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation *
    Revert "NSX|V3: Init FWaaS before spawn" * NSX|V3: prevent user from
    changing the NSX internal SG * Fix provider security group exception call *
    NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for
    dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code
    & tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX|
    V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack:
    Delete old project before deciding how to get the new code * NSX|V3: Init
    FWaaS before spawn * Devstack: Fix failed of ml2 directory creation *
    Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints
    * NSX|V3: Do not allow external subnets overlapping with uplink cidr *
    Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support
    expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully *
    NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp
    error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics
    getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2
    config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use
    upper-constraints from stable/rocky * fix lower constraints * TVD: Add
    missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V
    use context reader for router driver * NSX|V Fix AdminUtils get apis to use
    the right context * TVD LBaaS: fix operational status api * Use tenant
    context to get router GW network * NSX-v3: Fix listener for pool not
    fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin
    context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl *
    NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback
    * NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS
    is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields
    * TVD verify loadbalancer project match the LB object project * TVD: Do not
    crash in case the project is not found * NSX|V3: Fix member fip error
    message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add
    NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should
    complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill
    VIF data for upgraded ports * Devstack plugin: fetch Neutron only when
    needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS
    operation status function params * NSX|V3: Add LB status calls validations
    * NSX|V3 remove lbaas import to allow the plugin to work without lbaas *
    NSX|V Allow updating port security and mac learning together * NSX|V3:
    Change external provider network error message * NSX|V+V3: Prevent adding
    different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get
    operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX|
    V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception
    when deleting dhcp port * NSX|V3 Validate rate-limit value in admin
    utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on
    unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix
    port MAC learning flag handling * NSX|V3 update port revision on
    update_port response * NSX|V: Avoid updating the default section at init *
    NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member
    create * Devstack: Use the right python version in cleanup * NSX|V: Fix
    host groups for DRS HA for AZ * NSX|V Fix policy security group update *
    NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks
    notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make
    sure LB member is connected to the LB router * NSX|V3: Prevent adding an
    external net as a router interface * NSX|V: Shorten the L2 bridge edge name
    * NSX|V3: Fix port binding update on new ports


  o update to version 13.0.1~dev146


  o Switch to opendev as external projects are not longer synced to github. As
    a result, there is also no automatic change log.
  o update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX|
    V3+P: Change max allowed host routes * Adding the option to configure
    disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter
    for max subnet static routes * NSX|T: Add NSX limit of IP address
    association to port * Fix nsgroup update to access the logging field safely
    * Retry http requests on timeouts * Added retries if API call fails due to
    MP cluster reconfig * Fix check_manager_status to support older NSX
    versions * Improve Cluster validation checks * Add apis to get tier0 uplink
    cidrs and not just ips * Support response status codes for LB HM * Add
    manager status validation to validate connection * Handle
    get_default_headers errors * Update the max NS groups criteria tags number
    dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and
    codes in strict mode * Fix cluster connectivity * Fix the revision needed
    for security rules version * New api for getting VPN session status * New
    api for getting the LB virtual servers status * NSX|V3: Support new icmp
    codes and types list-


  o update to version 13.0.1~dev24


  o Fix the Requires: format in spec file (bsc#1134232)
  o 3.4.2

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       crowbar-core-6.0+git.1566321308.1de18b9a4-3.6.1
       crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.6.1
  o SUSE OpenStack Cloud Crowbar 9 (noarch):
       crowbar-ha-6.0+git.1566406179.7549de2-3.6.1
       crowbar-openstack-6.0+git.1566404979.41279a88e-3.6.1
       crowbar-ui-1.3.0+git.1563181545.65360af5-3.3.1
       openstack-ceilometer-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
       openstack-ceilometer-polling-11.0.2~dev14-3.6.3
       openstack-cinder-13.0.7~dev3-3.6.3
       openstack-cinder-api-13.0.7~dev3-3.6.3
       openstack-cinder-backup-13.0.7~dev3-3.6.3
       openstack-cinder-scheduler-13.0.7~dev3-3.6.3
       openstack-cinder-volume-13.0.7~dev3-3.6.3
       openstack-designate-7.0.1~dev21-3.6.3
       openstack-designate-agent-7.0.1~dev21-3.6.3
       openstack-designate-api-7.0.1~dev21-3.6.3
       openstack-designate-central-7.0.1~dev21-3.6.3
       openstack-designate-producer-7.0.1~dev21-3.6.3
       openstack-designate-sink-7.0.1~dev21-3.6.3
       openstack-designate-worker-7.0.1~dev21-3.6.3
       openstack-heat-11.0.3~dev19-3.6.3
       openstack-heat-api-11.0.3~dev19-3.6.3
       openstack-heat-api-cfn-11.0.3~dev19-3.6.3
       openstack-heat-engine-11.0.3~dev19-3.6.3
       openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
       openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
       openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
       openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
       openstack-ironic-11.1.4~dev9-3.6.3
       openstack-ironic-api-11.1.4~dev9-3.6.3
       openstack-ironic-conductor-11.1.4~dev9-3.6.3
       openstack-ironic-python-agent-3.3.3~dev4-3.6.3
       openstack-keystone-14.1.1~dev8-3.6.4
       openstack-magnum-7.1.1~dev28-3.6.3
       openstack-magnum-api-7.1.1~dev28-3.6.3
       openstack-magnum-conductor-7.1.1~dev28-3.6.3
       openstack-manila-7.3.1~dev3-4.6.3
       openstack-manila-api-7.3.1~dev3-4.6.3
       openstack-manila-data-7.3.1~dev3-4.6.3
       openstack-manila-scheduler-7.3.1~dev3-4.6.3
       openstack-manila-share-7.3.1~dev3-4.6.3
       openstack-monasca-notification-1.14.2~dev1-6.6.4
       openstack-monasca-persister-1.12.1~dev9-4.3.3
       openstack-monasca-persister-java-1.12.1~dev9-4.3.2
       openstack-neutron-13.0.5~dev22-3.6.3
       openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
       openstack-neutron-gbp-5.0.1~dev459-3.6.3
       openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
       openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
       openstack-neutron-lbaas-13.0.1~dev14-3.6.2
       openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
       openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
       openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
       openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
       openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
       openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
       openstack-neutron-server-13.0.5~dev22-3.6.3
       openstack-nova-18.2.2~dev9-3.6.2
       openstack-nova-api-18.2.2~dev9-3.6.2
       openstack-nova-cells-18.2.2~dev9-3.6.2
       openstack-nova-compute-18.2.2~dev9-3.6.2
       openstack-nova-conductor-18.2.2~dev9-3.6.2
       openstack-nova-console-18.2.2~dev9-3.6.2
       openstack-nova-novncproxy-18.2.2~dev9-3.6.2
       openstack-nova-placement-api-18.2.2~dev9-3.6.2
       openstack-nova-scheduler-18.2.2~dev9-3.6.2
       openstack-nova-serialproxy-18.2.2~dev9-3.6.2
       openstack-nova-vncproxy-18.2.2~dev9-3.6.2
       openstack-octavia-3.1.2~dev8-3.6.3
       openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
       openstack-octavia-api-3.1.2~dev8-3.6.3
       openstack-octavia-health-manager-3.1.2~dev8-3.6.3
       openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
       openstack-octavia-worker-3.1.2~dev8-3.6.3
       openstack-tempest-19.0.0-7.3.3
       openstack-tempest-test-19.0.0-7.3.3
       python-ceilometer-11.0.2~dev14-3.6.3
       python-cinder-13.0.7~dev3-3.6.3
       python-cinder-tempest-plugin-0.1.0-3.3.1
       python-designate-7.0.1~dev21-3.6.3
       python-heat-11.0.3~dev19-3.6.3
       python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
       python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
       python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
       python-ironic-11.1.4~dev9-3.6.3
       python-ironicclient-2.5.3-4.6.2
       python-ironicclient-doc-2.5.3-4.6.2
       python-keystone-14.1.1~dev8-3.6.4
       python-keystonemiddleware-5.2.0-3.3.2
       python-magnum-7.1.1~dev28-3.6.3
       python-manila-7.3.1~dev3-4.6.3
       python-monasca-notification-1.14.2~dev1-6.6.4
       python-monasca-persister-1.12.1~dev9-4.3.3
       python-monasca-tempest-plugin-0.3.0-3.3.1
       python-neutron-13.0.5~dev22-3.6.3
       python-neutron-gbp-5.0.1~dev459-3.6.3
       python-neutron-lbaas-13.0.1~dev14-3.6.2
       python-nova-18.2.2~dev9-3.6.2
       python-octavia-3.1.2~dev8-3.6.3
       python-openstackclient-3.16.2-3.3.2
       python-openstacksdk-0.17.3-3.3.2
       python-proliantutils-2.8.4-3.3.1
       python-tempest-19.0.0-7.3.3
       python-vmware-nsx-13.0.1~dev146-4.3.1
       python-vmware-nsxlib-13.0.1~dev24-3.3.1
       yast2-crowbar-3.4.2-3.3.1
  o SUSE OpenStack Cloud 9 (noarch):
       ardana-ansible-9.0+git.1566374020.301191f-3.6.1
       ardana-barbican-9.0+git.1566251498.be02ca4-3.6.1
       ardana-cinder-9.0+git.1565678764.c3a9b9f-3.6.1
       ardana-cluster-9.0+git.1559333871.40508f7-3.6.1
       ardana-cobbler-9.0+git.1566336494.93967dd-3.6.1
       ardana-db-9.0+git.1564409964.b7e4fc3-3.6.1
       ardana-designate-9.0+git.1565680593.df7a432-3.6.1
       ardana-extensions-nsx-9.0+git.1566213657.69862ab-3.3.2
       ardana-glance-9.0+git.1566375806.f0b2333-3.6.1
       ardana-heat-9.0+git.1565721273.f44b8d7-3.6.1
       ardana-horizon-9.0+git.1565891518.2a545a1-3.6.1
       ardana-input-model-9.0+git.1562848565.91e75b2-3.6.1
       ardana-installer-ui-9.0+git.1566255088.3443670-3.6.1
       ardana-installer-ui-debugsource-9.0+git.1566255088.3443670-3.6.1
       ardana-ironic-9.0+git.1565721987.ddc59c8-3.6.1
       ardana-keystone-9.0+git.1565891593.cad6d1a-3.6.1
       ardana-logging-9.0+git.1565761582.2dc823a-3.6.1
       ardana-magnum-9.0+git.1565762005.016032a-3.6.1
       ardana-monasca-9.0+git.1566332665.ad894c0-3.6.1
       ardana-mq-9.0+git.1565115025.148d092-3.6.1
       ardana-neutron-9.0+git.1566251310.3a1e8f9-3.6.1
       ardana-nova-9.0+git.1566332515.e232568-3.6.1
       ardana-octavia-9.0+git.1566206502.6c87b41-3.6.1
       ardana-opsconsole-9.0+git.1566251377.b1caeaa-3.6.1
       ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.6.1
       ardana-osconfig-9.0+git.1565764394.545b573-3.6.1
       ardana-service-9.0+git.1564706915.edd44c4-3.6.1
       ardana-ses-9.0+git.1565962617.523149b-3.6.1
       ardana-swift-9.0+git.1565891872.73fc3c7-3.6.1
       ardana-swiftlm-drive-provision-9.0+git.1541434883.e0ebe69-3.3.1
       ardana-swiftlm-log-tailer-9.0+git.1541434883.e0ebe69-3.3.1
       ardana-swiftlm-uptime-mon-9.0+git.1541434883.e0ebe69-3.3.1
       ardana-tempest-9.0+git.1566471752.a3c5c9c-3.6.1
       openstack-ceilometer-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
       openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
       openstack-ceilometer-polling-11.0.2~dev14-3.6.3
       openstack-cinder-13.0.7~dev3-3.6.3
       openstack-cinder-api-13.0.7~dev3-3.6.3
       openstack-cinder-backup-13.0.7~dev3-3.6.3
       openstack-cinder-scheduler-13.0.7~dev3-3.6.3
       openstack-cinder-volume-13.0.7~dev3-3.6.3
       openstack-designate-7.0.1~dev21-3.6.3
       openstack-designate-agent-7.0.1~dev21-3.6.3
       openstack-designate-api-7.0.1~dev21-3.6.3
       openstack-designate-central-7.0.1~dev21-3.6.3
       openstack-designate-producer-7.0.1~dev21-3.6.3
       openstack-designate-sink-7.0.1~dev21-3.6.3
       openstack-designate-worker-7.0.1~dev21-3.6.3
       openstack-heat-11.0.3~dev19-3.6.3
       openstack-heat-api-11.0.3~dev19-3.6.3
       openstack-heat-api-cfn-11.0.3~dev19-3.6.3
       openstack-heat-engine-11.0.3~dev19-3.6.3
       openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
       openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
       openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
       openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
       openstack-ironic-11.1.4~dev9-3.6.3
       openstack-ironic-api-11.1.4~dev9-3.6.3
       openstack-ironic-conductor-11.1.4~dev9-3.6.3
       openstack-ironic-python-agent-3.3.3~dev4-3.6.3
       openstack-keystone-14.1.1~dev8-3.6.4
       openstack-magnum-7.1.1~dev28-3.6.3
       openstack-magnum-api-7.1.1~dev28-3.6.3
       openstack-magnum-conductor-7.1.1~dev28-3.6.3
       openstack-manila-7.3.1~dev3-4.6.3
       openstack-manila-api-7.3.1~dev3-4.6.3
       openstack-manila-data-7.3.1~dev3-4.6.3
       openstack-manila-scheduler-7.3.1~dev3-4.6.3
       openstack-manila-share-7.3.1~dev3-4.6.3
       openstack-monasca-notification-1.14.2~dev1-6.6.4
       openstack-monasca-persister-1.12.1~dev9-4.3.3
       openstack-monasca-persister-java-1.12.1~dev9-4.3.2
       openstack-neutron-13.0.5~dev22-3.6.3
       openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
       openstack-neutron-gbp-5.0.1~dev459-3.6.3
       openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
       openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
       openstack-neutron-lbaas-13.0.1~dev14-3.6.2
       openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
       openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
       openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
       openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
       openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
       openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
       openstack-neutron-server-13.0.5~dev22-3.6.3
       openstack-nova-18.2.2~dev9-3.6.2
       openstack-nova-api-18.2.2~dev9-3.6.2
       openstack-nova-cells-18.2.2~dev9-3.6.2
       openstack-nova-compute-18.2.2~dev9-3.6.2
       openstack-nova-conductor-18.2.2~dev9-3.6.2
       openstack-nova-console-18.2.2~dev9-3.6.2
       openstack-nova-novncproxy-18.2.2~dev9-3.6.2
       openstack-nova-placement-api-18.2.2~dev9-3.6.2
       openstack-nova-scheduler-18.2.2~dev9-3.6.2
       openstack-nova-serialproxy-18.2.2~dev9-3.6.2
       openstack-nova-vncproxy-18.2.2~dev9-3.6.2
       openstack-octavia-3.1.2~dev8-3.6.3
       openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
       openstack-octavia-api-3.1.2~dev8-3.6.3
       openstack-octavia-health-manager-3.1.2~dev8-3.6.3
       openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
       openstack-octavia-worker-3.1.2~dev8-3.6.3
       openstack-tempest-19.0.0-7.3.3
       openstack-tempest-test-19.0.0-7.3.3
       python-ardana-configurationprocessor-9.0+git.1566405927.c5c03d4-3.7.1
       python-ceilometer-11.0.2~dev14-3.6.3
       python-cinder-13.0.7~dev3-3.6.3
       python-cinder-tempest-plugin-0.1.0-3.3.1
       python-designate-7.0.1~dev21-3.6.3
       python-heat-11.0.3~dev19-3.6.3
       python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
       python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
       python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
       python-ironic-11.1.4~dev9-3.6.3
       python-ironicclient-2.5.3-4.6.2
       python-ironicclient-doc-2.5.3-4.6.2
       python-keystone-14.1.1~dev8-3.6.4
       python-keystonemiddleware-5.2.0-3.3.2
       python-magnum-7.1.1~dev28-3.6.3
       python-manila-7.3.1~dev3-4.6.3
       python-monasca-notification-1.14.2~dev1-6.6.4
       python-monasca-persister-1.12.1~dev9-4.3.3
       python-monasca-tempest-plugin-0.3.0-3.3.1
       python-neutron-13.0.5~dev22-3.6.3
       python-neutron-gbp-5.0.1~dev459-3.6.3
       python-neutron-lbaas-13.0.1~dev14-3.6.2
       python-nova-18.2.2~dev9-3.6.2
       python-octavia-3.1.2~dev8-3.6.3
       python-openstackclient-3.16.2-3.3.2
       python-openstacksdk-0.17.3-3.3.2
       python-proliantutils-2.8.4-3.3.1
       python-python-engineio-2.0.2-4.3.1
       python-swiftlm-9.0+git.1541434883.e0ebe69-3.3.1
       python-tempest-19.0.0-7.3.3
       python-vmware-nsx-13.0.1~dev146-4.3.1
       python-vmware-nsxlib-13.0.1~dev24-3.3.1


References:

  o https://www.suse.com/security/cve/CVE-2015-3448.html
  o https://www.suse.com/security/cve/CVE-2017-17051.html
  o https://www.suse.com/security/cve/CVE-2019-11236.html
  o https://www.suse.com/security/cve/CVE-2019-11324.html
  o https://www.suse.com/security/cve/CVE-2019-13611.html
  o https://www.suse.com/security/cve/CVE-2019-7164.html
  o https://www.suse.com/security/cve/CVE-2019-7548.html
  o https://www.suse.com/security/cve/CVE-2019-9735.html
  o https://www.suse.com/security/cve/CVE-2019-9740.html
  o https://bugzilla.suse.com/1027315
  o https://bugzilla.suse.com/1129729
  o https://bugzilla.suse.com/1133719
  o https://bugzilla.suse.com/1134232
  o https://bugzilla.suse.com/1140512
  o https://bugzilla.suse.com/1141676
  o https://bugzilla.suse.com/1144026
  o https://bugzilla.suse.com/1144027

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXW29V2aOgq3Tt24GAQhwtg/9GyzIAes6XrZsDAe/9wsqnzWrcIrTA9IA
cYLDuZkr4gZKZAquuOHStnOxB0pEz/fgva1E3qaCQjf6R2tSC6r4clruacR3y2hU
sIDJU8E/6Lp0b3IZmXjWLtQRn9Y+M9wkqoYLmlTFzc5SwOXHiW+hSKj82lwBNq3z
tEX1jyAGF+ToQT3VcbiZUGSzszkz2JAJWxOBgC+ZouLxVZ206DMEbkPm/bwDTUuP
OPBaLPaxCuKtuqF5kiUicLL65Tt9SRgJhz1jiT5mP1PUfhGvP7muJR/1QIS+j1ID
29e/2vWsBvaGE2H7Cl05XKcbGjTxQYHuzIYGl3B4EyCrt/npae6gI3MQHSuZcHlX
gq6p5dobR2fo6HM61INm5lc/X/LQvn3gBzvIG7drw3SrLOU6FL1w4m/lAgTS1584
EvnUW9VQTjYKQAuWbAuOAwh5jWBJ7rMxjyKmSSyF8nSizxQ7Q2rZEyFd/Ysshjz+
G1zC3sU5ZfkvOrUr4orXcO+naanXK5dgSCG+GS4H95QbEl77/2bDAeRe7o+DY5qn
Jsu/lBeO1oacCEyQPl6OjxU8kXrriJRm74pknZsjF4rXjR8iLLF4ewovzItc/YmA
JQbemT117YKNdPFA9EwEYgX/SN8/OrUZjrM8squAGTDI3nTLPJna5dOEuM0qki0d
6/CpkjmjNvo=
=r+2j
-----END PGP SIGNATURE-----