Published:
31 October 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4048.2
SUSE-SU-2019:2867-1 Security update for ardana-ansible, ardana-glance,
ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron,
ardana-nova, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha,
crowbar-openstack, crowbar-ui, galera-3, grafana, mariadb, mariadb
31 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ardana
Publisher: SUSE
Impact/Access: Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15043 CVE-2019-13611 CVE-2019-5477
CVE-2019-2628 CVE-2019-2627 CVE-2019-2614
CVE-2018-558213 CVE-2018-19039 CVE-2018-15727
CVE-2016-10127 CVE-2015-3448
Reference: ASB-2019.0120
ESB-2019.3865
ESB-2019.3854
ESB-2019.3711
ESB-2019.3633
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20192867-1.html
Revision History: October 31 2019: fixed affected error in affected product
and formatting issue
October 31 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ardana-ansible, ardana-glance,
ardana-horizon, ardana-input-model, ardana-manila, ardana-neutron, ardana-nova,
ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack,
crowbar-ui, galera-3, grafana, mariadb, mariadb-connector-c, novnc,
openstack-cinder, openstack-glance, openstack-heat,
openstack-horizon-plugin-neutron-vpnaas-ui, openstack-keystone,
openstack-monasca-installer, openstack-neutron, openstack-neutron-gbp,
openstack-neutron-lbaas, openstack-nova, python-amqp, python-ovs,
python-pysaml2, python-python-engineio, python-urllib3,
release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6,
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:2867-1
Rating: moderate
References: #1019074 #1096985 #1106515 #1115960 #1116846 #1118900
#1120657 #1125893 #1126088 #1132593 #1132666 #1136035
#1141121 #1141676 #1143215 #1145796 #1146578 #1148158
#1148383 #1150895 #917802
Cross-References: CVE-2015-3448 CVE-2016-10127 CVE-2018-15727 CVE-2018-19039
CVE-2018-558213 CVE-2019-13611 CVE-2019-15043 CVE-2019-2614
CVE-2019-2627 CVE-2019-2628 CVE-2019-5477
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
venv-openstack-keystone
An update that solves 11 vulnerabilities and has 10 fixes is now available.
Description:
This update for ardana-ansible, ardana-glance, ardana-horizon,
ardana-input-model, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia,
ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui,
galera-3, grafana, mariadb, mariadb-connector-c, novnc, openstack-cinder,
openstack-glance, openstack-heat, openstack-horizon-plugin-neutron-vpnaas-ui,
openstack-keystone, openstack-monasca-installer, openstack-neutron,
openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, python-amqp,
python-ovs, python-pysaml2, python-python-engineio, python-urllib3,
release-notes-suse-openstack-cloud, rubygem-easy_diff, rubygem-rest-client-1_6,
venv-openstack-keystone contains the following fixes:
o Update to version 8.0+git.1566374355.c509923: * Use raw image format when
using SES backend on Nova (SOC-9285)
o Update to version 8.0+git.1566376789.be0fe01: * Configure glance
image_direct_url/multiple_locations (SOC-9285)
o Update to version 8.0+git.1565816064.5d4f73f: * Removed None condition from
rule (SOC-10003)
o Update to version 8.0+git.1566517401.98450e6: * Add neutron-fwaas.json when
neutron-l3-agent is deployed (SOC-10280)
o Update to version 8.0+git.1568835837.2452e7a: * Ensure Manila services
don't auto start on reboot (SOC-10641)
o Update to version 8.0+git.1568220097.74ee4b4: * API extension paths
separated by colon (SOC-10447)
o Update to version 8.0+git.1567555448.5ecd5b0: * Add dependent services to
neutron services (SOC-8746)
o Update to version 8.0+git.1566517377.f2a8c54: * Add policy.d/
neutron-fwaas.json.j2 (SOC-10280)
o Update to version 8.0+git.1566902754.c58ff69: * Install libosinfo package
(SOC-10295)
o Update to version 8.0+git.1565946419.a76c00e: * Set diskcachemode and disk
discard when using RBD (SOC-10182)
o Update to version 8.0+git.1568373448.bcaee7e: * Make octavia heartbeat
frequency options configurable (SOC-9285)
o Update to version 8.0+git.1566374572.a3c91d9: * Include SES variables when
configuring image (SOC-9285)
o Update to version 8.0+git.1566208257.5213d93: * Use default values for
amphora connection retries/timeout (SOC-9285)
o Update to version 8.0+git.1566471887.fd2fec7: * Delete existing run filter
before deploying it (SOC-10287)
o Update to version 5.0+git.1569597589.1f025c557: * barclamp_lib: Sync
timeout with other barclamps (SOC-10513, SOC-10011)
o Update to version 5.0+git.1569231378.ac645b753: * Revert "batch: Use
easy_merge for merging (SOC-10505)"
o Update to version 5.0+git.1569103607.ee4a6cbc9: * upgrade: Fix pie chart
colors on dashboard (SOC-10619)
o Update to version 5.0+git.1568983947.70c39b8c7: * batch: Use easy_merge for
merging (SOC-10505)
o Update to version 5.0+git.1568317972.dfb856def: * upgrade: Fix pre-checks
tests (SOC-9868) * Allow designate rndc for all nodes (SOC-10339)
o Update to version 5.0+git.1568210854.4f87b86f8: * gems: Update easy_diff to
1.0.0 (SOC-10505)
o Update to version 5.0+git.1567531836.e06d68030: * Public ips for dns nodes
when designate integration is in use (SOC-9635)
o Update to version 5.0+git.1567513044.e9ef28b03: * crowbar: Do not read /etc
/crowbar.install.key in non-SUSE init script * transition.sh: Do not read /
etc/crowbar.install.key * gather_logs: Make it a bit useful again *
gather_logs: Do not read /etc/crowbar.install.key * network: Check existing
upper layers before bond setup (bsc#1120657) * network: never plug two
interface into the same ovs bridge (bsc#1120657) * network: Avoid plugging
the same interface to two ovs bridges (bsc#1120657) * nic library: some
helper for identifying base interface (bsc#1120657) * network: Rework the
vlan port replugging code (bsc#1120657) * network: DRY out "kill_nic_files"
(noref)
o Update to version 5.0+git.1567161136.fa34ac9f2: * Add CVE-2019-5477 the to
travis ignore list (SOC-9635)
o Update to version 5.0+git.1567094388.48f2be817: * upgrade: Add more
prechecks for 8->9 (SOC-9868)
o Update to version 5.0+git.1567673535.607aada: * Fix typo in error message
o add cirros-0.4.0-x86_64-disk.img (SOC-9298, SOC-10844)
o the disk img is required to run the barbican tempest test
o Update to version 5.0+git.1570141351.058c8bd44: * tempest:install designate
tempest plugin for SOC8 (SOC-10288)
o Update to version 5.0+git.1569972328.9d475ceb9: * [5.0] Designate: Add
dns_domain_ports config (SOC-10740)
o Update to version 5.0+git.1569933916.d38d07e2d: * Install barbican tempest
plugin for SOC8 (SOC-10191) * Designate: Filter out the admin node
(SOC-10658)
o Update to version 5.0+git.1569885207.573f090bd: * 5.0: designate: Fix the
keys syntax error on migrations (SOC-10660)
o Update to version 5.0+git.1569620621.21c6c5459: * helper:move
config_for_role_exists from horizon to crowbar-openstack(SOC-10191)
o Update to version 5.0+git.1569431597.02675553d: * tempest: don't rely on
service catalogue (SOC-10633) * glance: don't reuse sync mark names
(SOC-10348) * enable LDAP chase_referrals configuration (SOC-7364) * nova:
set default attribute for max_threads_per_process
o Update to version 5.0+git.1569053854.bb65c0fd1: * Make ovs
of_inactivity_probe configurable from neutron barclamp
o Update to version 5.0+git.1568904694.4d6e71fd1: * Revert "designate: Mark
as user managed (SOC-10233)"
o Update to version 5.0+git.1568762121.5889ee9c4: * Octavia: Hide UI until
complete (SOC-10550)
o Update to version 5.0+git.1568721569.5927d34b8: * designate: Mark as user
managed (SOC-10233)
o Update to version 5.0+git.1568593066.8a7e963dd: * designate: cleanup
producer HA deployment (SOC-9766)
o Update to version 5.0+git.1568373930.d508e93f7: * designate: Correct
missing variable (SOC-10549)
o Update to version 5.0+git.1568323106.c080edcc1: * neutron: Add 'insecure'
to old cli calls (SOC-10453)
o Update to version 5.0+git.1568303804.bd258bef6: * designate: No longer care
about master/slave (SOC-10456)
o Update to version 5.0+git.1568173760.4a32699b1: * nova: raise neutron
client timeout to 5 minutes * neutron: Small cleanup to neutron_lbaas.conf
template
o Update to version 5.0+git.1568117991.15d77c6ea: * Designate default Bind9
pool config (SOC-10339)
o Update to version 5.0+git.1568034797.254b8fb85: * tempest: Skip manila and
ceilometer tests (SOC-9799)
o Update to version 5.0+git.1567660321.885064382: * nova: Don't put
nova-compute roles on monasca node (SOC-10373)
o Update to version 5.0+git.1567513535.f2939eeed: * designate: Update
ns_records with all nameservers (SOC-9636) * designate: Deploy producer on
a server node (SOC-9766)
o Update to version 5.0+git.1567165725.8d5b4fa26: * horizon: fix Grafana in
HA clouds (bsc#1116846)
o Update to version 5.0+git.1567094879.c918a5e23: * Fix barbican SSL support
(SOC-9298) * Add/fix run_filters * Add tempest filters based on services
(SOC-9298)
o Update to version 5.0+git.1566858336.891ddbf31: * Fix magnum tempest tests
(SOC-9298) * tempest: only assign creator role if needed * database:
Hardcode ruby version for package installation (SOC-10010)
o Update to version 5.0+git.1566838653.efe3b147d: * memcache: lookup
memcached servers port only on local node (SOC-10173) * designate:
initialize email in default designate proposal * horizon: Install designate
plugin when configured (SOC-9695)
o Update to version 5.0+git.1566629404.88dae370a: * Designate: Update DB
pools configuration (SOC-9767)
o Update to version 5.0+git.1566256160.59ebd76c0: * designate: Configure
resource settings (SOC-9633)
o Update to version 1.2.0+git.1568396400.0344a727: * upgrade: Add missing
precheck titles
o Update to 25.3.25: * A new Galera configuration parameter
cert.optimistic_pa was added. If the parameter value is set to true, full
parallellization in applying write sets is allowed as determined by
certification algorithm. If set to false, no more parallellism is allowed
in applying than seen on the master. * Support for ECDH OpenSSL engines on
CentOS 6 (galera#520) * Fixed compilation on Debian testing and unstable
(galera#516, galera#528)
o Add unescape_IPv6_bind_ip.patch *
https://github.com/dciabrin/galera-1/commit/0f6f8aeeb09809280c956514cfd5844
b8acad4f9
o Add CVE-2019-15043.patch (SOC-10357) * Adds authentication to a few rest
endpoints see: https://github.com/grafana/grafana/compare/v5.4.4...v5.4.5
o Update to version 4.6.5: * release 4.6.5 CVE-2018-19039 (jsc#SOC-9976) File
Exfiltration vulnerability Security fix * Updated version to 4.6.4.
CVE-2018-558213/CVE-2018-558213 (jsc#SOC-9980) Important fix for LDAP &
OAuth login vulnerability * Updated version to 4.6.4. * sql: added code
migration type * release 4.6.3 * fix default alias * fixes broken alert
eval when first condition is using OR * fix: alert list panel now works
correctly after adding manual annotation on dashboard, fixes #9951 * fix:
fix for avatar images when gzip is turned on, fixes #5952 * sets version to
4.6.2 * prom: add support for default step param (#9866) * build: fixed
jshint error * fix: Html escaping caused issue in InfluxDB query editor,
could not pick greater than or less then operators, fixes #9871 * heatmap:
fix tooltip in "Time series bucket" mode, #9332 (#9867) * fix cloudwatch
ec2_instance_attribute (#9718) * colorpicker: fix color string change #9769
(#9780) * changes version to 4.6.1 * fix: panel view now wraps, no
scrolling required, fixes #9746 * plugins: fix for loading external plugins
behind auth proxy, fixes #9509 * fix: color picker bug at series overrides
page, #9715 (#9738) * tech: switch to golang 1.9.2 * tech: add missing
include * save as should only delete threshold for panels with alerts *
fix: graphite annotation tooltip included undefined, fixes #9707 * build:
updated version to v4.6.0 * plugins: added backward compatible path for
rxjs * ux: updated singlestat default colors * prometheus: fixed unsaved
changes warning when changing time range due to step option on query model
was changed in datasource.query code, fixes #9675 * fix: firefox can now
create region annotations, fixes #9638 * alerting: only editors can pause
rules * fix: another fix for playlist view state, #9639 * fix: fixed
playlist controls and view state, fixes #9639 * prom: adds pre built
grafana dashboard * bump version for publish_testing.sh * update version to
4.6.0-beta3 * plugins: expose dashboard impression store * modify
$__timeGroup macro so it can be used in select clause (#9527) * plugins:
fixes path issue on Windows * prometheus: enable gzip for /metrics endpoint
* fix: fixed save to file button in export modal, fixes #9586 * mysql: add
usage stats for mysql * pluginloader: esModule true for systemjs config *
Fix heatmap Y axis rendering (#9580) * fix vector range * prometheus: add
builtin template variable as range vectors * fix: fixed prometheus step
issue that caused browser crash, fixes #9575 * fix: getting started panel
and mark adding data source as done, fixes #9568 * Fixes for annotations
API (#9577) * bump packagecloud script * build: added imports of rxjs
utility functions * prepare for v4.6.0-beta2 release * fix template
variable expanding * annotations: quote reserved fields (#9550) * ux: align
alert and btn colors * fix: fixed color pickers that were broken in
minified builds, fixes #9549 * textpanel: fixes #9491 * csv: fix import for
saveAs shim * plugins: expose more util and flot dependencies * alert_tab:
clear test result when testing rules * (cloudwatch) fix cloudwatch query
error over 24h (#9536) * show error message when cloudwatch datasource
can't add * update packagecloud script for 4.6.0-beta1 * changelog: adds
note about closing #9516 * alerting: add count_non_null reducer * Update
rpm.md * fix: can now remove annotation tags without popover closing *
tech: add backward compatibility for directive (#9510) * fix: fixed links
on new 404 page, fixes #9493 * logging: dont use cli logger in http_server
* oauth: raise error if session state is missing * oauth: provide more
logging for failed oauth requests * prepare for 4.6.0-beta1 release * docs:
updated whats new article * docs: initial draft release v46 * graph: fix
y-axis decimalTick check. Fixes #9405 * minor docs update * docs:
annotation docs update * changelog: adds note about closing #7104 *
changelog: adds note about closing #9373 * metrics: disable gzip for /
metrics endpoint (#9468) * Annotation docs (#9506) * Update CHANGELOG.md *
Update PLUGIN_DEV.md * Update PLUGIN_DEV.md * Update README.md * Fixed link
issue in CHANGELOG * Create PLUGIN_DEV.md * changelog: adds note about
closing #9371,#5334,#8812 * ds_edit: placeholder should only be cert header
* fixed minor styling issus (#9497) * fix: alert api limit param did not
work and caused SQL syntax error, fixes #9492 * annotations: add endpoint
for writing graphite-like events (#9495) * Update unsaved_changes_modal.ts
* fix: set lastSeenAt date when creating users to then years in past
insteasd of empty date, fixes #9260 * ux: minor ux fix * Retain old name
for TLS client auth * Return error if datasource TLS CA not parsed *
Datasource settings: Make HTTP all caps * Datasource HTTP settings: Add TLS
skip verify * Make URL capitalisation consistent in UI * Alias macron
package in app_routes.go * Verify datasource TLS and split client auth and
CA * Tidy spacing in datasource TLS settings * Tests: Clarify what
InsecureSkipVerify does * postgres: add missing ngInject decorator * docs:
initial docs for new annotation features, #9483 * Adds note for #9209 to
changelog * Postgres Data Source (#9475) * tech: expose more to plugins,
closes #9456 * Fix NaN handling (#9469) * snapshots: improve snapshot
listing performance, #9314 (#9477) * mysql: fix interpolation for numbers
in temp vars * Added docs for Kafka alerting * Fixed failing go tests *
gofmt fixes * Added tests * Kafka REST Proxy works with Grafana * added
insrtuctions for oauth2 okta bitbucket (#9471) * Unified Color picker fixes
(#9466) * Show min interval query option for mixed datasource (#9467) *
gzip: plugin readme content set explicitly * ignore pattern for vendored
libs * fix: escape metric segment auto complete, fixes #9423 * Corrected a
PostgreSQL SELECT statement. (#9460) * tests: found the unhandled promise
issue in the dash import tests * testing: fixing tests * annotations: minor
change to default/edit annotation color * Create annotations (#8197) *
OAuth: Rename sslcli * OAuth: Separate TLS client auth and CA config *
OAuth: Check both TLS client cert and key * Always verify TLS unless
explicitly told otherwise * fix: threshold's colors in table panels (#9445)
(#9453) * singlestat: fix sizing bug #9337 (#9448) * Revert "Fix coloring
in singlestat if null value (#9438)" (#9443) * Fix coloring in singlestat
if null value (#9438) * fix: missing semicolon * changed jsontree to use
jsonexplorer (#9416) * docs page for authproxy (#9420) * Update codebox (#
9430) * Series color picker fix (#9442) * fix type in readme * removed
commented line * changelog: adds note about closing #9110 * Fixed typo *
Change empty string checks and improve logging * changelog: adds note about
closing #9208 * Fix spelling on 404 page. * Lint fix * Update kbn.js * Add
Norwegian Krone denominator for currency * fixed layout for column options,
changed dropdown for date format kept old code * build: add noUnusedLocals
to tsc parameters * build: install go based on env variable * changes go
version to 1.9.1 * changelog: adds note about closing #9226 * changelog:
add note about closing #9429 * changelog: adds note about closing #9399 *
Fix formatting issue * Add milliseconds format in table panel's config *
support for s3 path (#9151) * Remove apparently unnecessary .flush() calls.
* Fix empty message and toolong attribute names Use default state message
if no message is provided by the user Slice attribute name to maximum of 50
chars * Address review comments. * changelog: add note about closing #7175
* plugin_loader: expose app_events to plugins * Add the missing comma *
colorpicker: refactoring the new unififed colorpicker, #9347 * Unified
colorpicker (#9347) * fix missing column headers in excel export (#9413) *
build: remove clean plugin from dev build * build: fixed broken elastic
unit test * shore: cleanup unused stuff in common.d.ts * Build URL for
close alert request differently * some restyling (#9409) * Docs text fixes
(#9408) * Checkbox fixes (#9400) * fix: ensure panel.datasource is null as
default * plugibs: expose more to plugins * properly parse & pass upload
image bool from config * break out slack upload into separate function *
tech: minor npm scripts update * build: fixed build * refactoring: minor
refactoring of PR #8916 * Update script to make it use OpsGenie's REST API
* docs: minor docs fix * Merge branch 'master' of github.com:grafana/
grafana * build: minor webpack fix * docs: updated building from source
docs * playlist: play and edit should use same width * shore: fixed html
indentation, #9368 * tech: updated yarn.lock * shore: minor cleanup *
Webpack (#9391) * fixing json for CI * adding support for token-based slack
file.upload API call for posting images to slack * changelog: adds note
about closing #8479 * changelog: adds note about closing #8050 * changelog:
adds note about closing #9386 * change pdiff to percent_diff for conditions
* panel: rename label on csv export modal * add diff and pdiff for
conditions * fix, add targetContainsTemplate() * fix cloudwatch alert bug *
add debug log * move extend statistics handling code to backend * fix
assume role * improve cloudwatch tsdb * refactor cloudwatch code * remove
obsolete code * move cloudwatch crendential related code * remove old
handler * fix annotation query * fix time * fix dimension convertion *
re-implement annotation query * fix parameter format * fix alert feature *
fix parameter format * refactor cloudwatch to support new tsdb interface *
refactor cloudwatch frontend code * refactor cloudwatch frontend code * fix
test * re-implement dimension_values() * fix error message * remove
performEC2DescribeInstances() * re-implement ec2_instance_attribute() *
re-implement ebs_volume_ids() * import the change, https://github.com/
grafana/grafana/pull/9268 * fix conflict * fix test * remove obsolete
GetMetricStatistics() * fix test * move test code * fix conflict * porting
other suggestion * re-implement get regions * move the metric find query
code * (cloudwatch) move query parameter to 'parameters' * parse duration *
remove offset for startTime * cache creds for keys/credentials auth type *
fix test * fix invalid query filter * count up metrics * (cloudwatch)
alerting * add brazil currency * tech: upgrade of systemjs to 0.20.x
working * tech: reverted to systemjs * tech: migrating elasticsearch to
typescript * changelog: add note about using golang 1.9 * change go version
to 1.9 * changelog: adds note about closing #9367 * tech: systemjs upgrade
* made a text-panel page, maybe we don't need it * cleaned up html/sass and
added final touches * Enable dualstack in every net.Dialer, fixes #9364 *
jaeger: capitalize tracer name * jaeger: logging improvement * tech:
systemjs upgrade * Have include intervalFactor in its calculation, so
always equal to the step query parameter. * alertlist: toggle play/pause
button * updated css and html for recent state changes for alert lists *
Fix export_modal message (#9353) * s3: minor fix for PR #9223 * internal
metrics: add grafana version * changelog: adds note about closing 5765 *
Update latest.json * typescript: stricter typescript option * prom_docker:
give targets correct job name * testdata: add bucket scenarios for heatmap
* dev-docker: add grafana as target * changelog: add note ablout closing #
9319 * introduce smtp config option for EHLO identity * changelog: note
about closing #9250 * go fmt * new page for text, needs more work *
replaced img in graph, created alert list page * docs: update docs * Update
CHANGELOG.md * changelog: adds note about closing #5873 * replaced image *
Docs new updates (#9324) * Update CHANGELOG.md * Update latest.json *
cleanup: removed unused file * tech: remove bower and moved remaining bower
dependencies to npm * tech: cleanup and fixed build issue * tech: upgraded
angularjs and moved dependency from bower to npm, closes #9327 * follow go
idiom and return error as second param * tech: updated tsconfig * docker:
adds alertmanager to prometheus fig * tech: more tslint rules * another img
update * tech: removing unused variables from typescript files, and making
tslint rules more strict * deleted old shortcuts instruction * text
uppdates for dashlist and singlestat(+img). updated the keyboard shortcuts
* context is reserved for go's context * make ds a param for Query * remove
batch abstraction * rename executor into tsdbqueryendpoint * remove unused
structs * refactor response flow * tech: removed test component * ux: minor
singlestat update * singlestat: minor change * Update CHANGELOG.md *
Singlestat time (#9298) * tech: progress on react poc * adds note about
closing #9213 * Update _navbar.scss * replaced images, updating text(not
finished) * fix: close for 'Unsaved Changes' modal, #9284 (#9313) * Initial
graphite tags support (#9239) * tech: initial react poc * Make details more
clean in PD description * bug: enable HEAD requests again * Add
`DbClusterIdentifier` to CloudWatch dimensions (#9297) * templating: fix
dependent variable updating (#9306) * Fix adhoc filters restoration (#9303)
* Explicitly refer to Github 'OAuth' applications * config bucket and
region for s3 uploader * fixes bug introduced with prom namespaces * fixing
spelling of millesecond -> millisecond * fixing spelling of millesecond ->
millisecond * Remove duplicate bus.AddHandler() (#9289) * Update
CHANGELOG.md * use same key as mt * tag alert queries that return no_data *
updated error page html+css, added ds_store to ignore (#9285) * public/app/
plugins/panel/graph/specs/graph_specs.ts: relax tests to be "within"
instead of "equal", so they won't fail on i686 (#9286) * Fix path to icon
(#9276) * adds note about fix in v4.5.2 * skip NaN values when writing to
graphite * addded mass units, #9265 (#9273) * Fully fill out nulls in
cloudfront data source (#9268) * make it possible to configure sampler type
* mark >=400 responses as error * change port for jaeger dev container *
logwrapper for jaeger * make samplerconfig.param configurable * adds custom
tags from settings * use route as span name * add trace headers for
outgoing requests * docker file for running jaeger * better formating for
error trace * attach context with span to *http.Request * add traces for
datasource reverse proxy requests * trace failed executions * use tags
instead of logs * use opentracing ext package when possible * set example
port to zipkin default * adds codahale to vendor * makes jaeger tracing
configurable * add trace parameters for outgoing requests * adds basic
traces using open traces * require dashboard panels to have id * fix:
jsonData should not be allowed to be null, fixes #9258 * packaging: reduce
package size * Update upgrading.md (#9263) * Added --pluginUrl option to
grafana-cli for local network plugin installation * adds note about closing
#1395 * add locale format * update changelog * fixes broken tests :boom: *
minor code adjusetments * pass context to image uploaders * remove unused
deps * Reduced OAuth scope to read_write * GCS support via JSON API * gofmt
fixes * Added GCS support #8370 * move more known datasources from others *
Remove alert thresholds on panel duplicate, issue #9178 (#9257) * 4.5.1
docs + update version to 5.0.0-pre1 * publish_both.sh update for 4.5.1 *
Update CHANGELOG.md * docs: updated changelog * packaging: reducing package
size be only including public vendor stuff we need * docs: update download
links * allow ssl renegotiation for datasources * check args for query *
add test for completer * fix * follow token name change * (prometheus)
support label value completion * (prometheus) support label name completion
* get s3 url via aws-sdk-go, fix #9189 * Prometheus: Rework the interaction
between auto interval (computed based on graph resolution), min interval
(where specified, per query) and intervalFactor (AKA resolution, where
specified, per query). As a bonus, have and reflect the actual interval
(not the auto interval), taking into account min interval and Prometheus'
11k data points limit. * minor fix * (prometheus) support instant query for
table format, use checkbox to switch query type * (prometheus) instant
query support * Add thumbnail to card * Add values to the hipchat card *
Reorder editorconfig * Enable datasources to be able to round off to a UTC
day properly * Include triggering metrics to pagerduty alerts
o Add 0001-fix-XSS-vulnerabilities-in-dashboard-links.patch (bsc#1096985)
o adjust mysql-systemd-helper ("shutdown protected MySQL" section) so it
checks both ping response and the pid in a process list as it can take some
time till the process is terminated. Otherwise it can lead to "found
left-over process" situation when regular mariadb is started [bsc#1143215]
o update suse_skipped_tests.list
o remove client_ed25519.so plugin because it's shipped in mariadb-connector-c
package (libmariadb_plugins)
o update suse_skipped_tests.list
o update to 10.2.25 GA * Fixes for the following security vulnerabilities: *
10.2.23: none * 10.2.24: CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 *
10.2.25: none * release notes and changelog: https://mariadb.com/kb/en/
library/mariadb-10223-release-notes https://mariadb.com/kb/en/library/
mariadb-10223-changelog https://mariadb.com/kb/en/library/
mariadb-10224-release-notes https://mariadb.com/kb/en/library/
mariadb-10224-changelog https://mariadb.com/kb/en/library/
mariadb-10225-release-notes https://mariadb.com/kb/en/library/
mariadb-10225-changelog
o remove mariadb-10.2.22-fix_path.patch that was applied upstream in mariadb
10.2.23
o remove caching_sha2_password.so because it's shipped in mariadb-connector-c
package (libmariadb_plugins)
o remove xtrabackup scripts as it was replaced by mariabackup (we already
removed xtrabackup requires in the first phase)
o fix reading options for multiple instances if my${INSTANCE}.cnf is used.
Also remove "umask 077" from mysql-systemd-helper that causes that new
datadirs are created with wrong permissions. Set correct permissions for
files created by us (mysql_upgrade_info, .run-mysql_upgrade) [bsc#1132666]
o fix build comment to not refer to openSUSE
o tracker bug [bsc#1136035]
o New upstream version 3.1.2 [bsc#1136035] * CONC-383: client plugins can't
be loaded due to missing prefix * Fixed version setting in GnuTLS by moving
"NORMAL" at the end of priority string * CONC-386: Added support for pem
files which contain certificate and private key. * Replication/Binlog API:
The main mechanism used in replication is the binary log. * CONC-395:
Dashes and underscores are not interchangeable in options in my.cnf *
CONC-384: Incorrect packet when a connection attribute name or value is
equal to or greater than 251 * CONC-388: field->def_length is always set to
0 * Getter should get and the setter should set
CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS * Disable LOAD DATA LOCAL INFILE suport
by default and auto-enable it for the duration of one query, if the query
string starts with the word "load". In all other cases the application
should enable LOAD DATA LOCAL INFILE support explicitly. * Changed return
code for mysql_optionv/mysql_get_optionv to 1 (was -1) and added
CR_NOT_IMPLEMENTED error message if a option is unknown or not supported. *
mingw fix: use lowercase names for include files * CONC-375: Fixed
handshake errors when mixing TLSv1.3 cipher suites with cipher suites from
other TLS protocols * CONC-312: Added new caching_sha2_password
authentication plugin for authentication with MySQL 8.0
o refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and
private_library.patch
o pack caching_sha2_password.so and client_ed25519.so
o move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for
x86_64 [bsc#1126088]
o Fixes bugs bsc#1145796: Add tightPNG encoding * Apply
novnc-1.0.0-add-encoding-support-for-TightPNG.patch This patch cherry-picks
commit 2c813a33f to novnc 1.0.0 to enable tightPNG encoding. This encoding
is needed to allow noVNC to work with instances that run on ESX
hypervisors. It is not possible to update the Pike package to noVNC 1.1.0
as that version is not supported with openstack-nova until Rocky.
o Update to version cinder-11.2.3.dev16: * RBD: remove redundant exception
log to reduce noise
o Update to version cinder-11.2.3.dev14: * Fix NFS volume retype with migrate
o Update to version cinder-11.2.3.dev12: * Remove Sheepdog tests from zuul
config * NetApp: Return all iSCSI targets-portals
o Update to version cinder-11.2.3.dev8: * Remove experimental openSUSE 42.3
job
o Update to version cinder-11.2.3.dev16: * RBD: remove redundant exception
log to reduce noise
o Update to version cinder-11.2.3.dev14: * Fix NFS volume retype with migrate
o Update to version cinder-11.2.3.dev12: * Remove Sheepdog tests from zuul
config * NetApp: Return all iSCSI targets-portals
o Update to version cinder-11.2.3.dev8: * Remove experimental openSUSE 42.3
job
o Update to version glance-15.0.3.dev3: * Remove experimental openSUSE 42.3
job
o Update to version glance-15.0.3.dev3: * Remove experimental openSUSE 42.3
job
o Update to version heat-9.0.8.dev13: * Unlimited cinder quotas throws
exception
o Update to version heat-9.0.8.dev12: * Do not perform the tenant stack limit
check for admin user
o Update to version heat-9.0.8.dev13: * Unlimited cinder quotas throws
exception
o Update to version heat-9.0.8.dev12: * Do not perform the tenant stack limit
check for admin user
o don't exclude pyc files to fix update/upgrade (SOC-9339)
o Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3
job * Cap bandit
o Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3
job * Cap bandit
o Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3
job * Cap bandit
o Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3
job * Cap bandit
o Update to version Build_20190923_16.32 (bsc#1148158) * Create path.repo
directory for Elasticseach
o Update to version neutron-11.0.9.dev51: * Check for agent restarted after
checking for DVR port
o Update to version neutron-11.0.9.dev49: * Allow first address in an IPv6
subnet as valid unicast
o Update to version neutron-11.0.9.dev47: * Remove experimental openSUSE 42.3
job
o Update to version neutron-11.0.9.dev45: * Clear skb mark on encapsulating
packets * fix update port bug
o Update to version neutron-11.0.9.dev51: * Check for agent restarted after
checking for DVR port
o Update to version neutron-11.0.9.dev49: * Allow first address in an IPv6
subnet as valid unicast
o Update to version neutron-11.0.9.dev47: * Remove experimental openSUSE 42.3
job
o Update to version neutron-11.0.9.dev45: * Clear skb mark on encapsulating
packets * fix update port bug
o Update to version group-based-policy-7.3.1.dev56: * [AIM] Fix HAIP RPC
query
o Update to version group-based-policy-7.3.1.dev55: * Fix implicit ICMPv6
Security Group Rules
o Update to version group-based-policy-7.3.1.dev54: * Fixed snat port status
to be ACTIVE and UP
o Update to version group-based-policy-7.3.1.dev53: * Verify aim\_epg exists
before proceeding * Revert "Make DHCP provisioning blocks conditional" *
Some refactoring regarding merge aim statuses
o Update to version group-based-policy-7.3.1.dev47: * Bulk extension support
for routers
o Update to version group-based-policy-7.3.1.dev46: * [AIM] Eliminate
redundant router extension content
o add 0001-Remove-DDT-tests-from-tempest-plugin.patch
o add 0001-Fix-unable-to-delete-subnet-in-API-tests.patch
o Update to version nova-16.1.9.dev7: * Remove experimental job on openSUSE
42.3
o Update to version nova-16.1.9.dev6: * Fix misuse of nova.objects.base.obj\
_equal\_prims
o Update to version nova-16.1.9.dev5: * Replace non-nova server fault message
o Allow to attach more than 26 volumes (bsc#1118900) * This is a forward port
from SOC7 * Add 0001-Add-method-to-generate-device-names-universally.patch
* Add 0002-Raise-403-instead-of-500-error-from-attach-volume-AP.patch * Add
0003-Add-configuration-of-maximum-disk-devices-to-attach.patch
o Update to version nova-16.1.9.dev7: * Remove experimental job on openSUSE
42.3
o Update to version nova-16.1.9.dev6: * Fix misuse of nova.objects.base.obj\
_equal\_prims
o Update to version nova-16.1.9.dev5: * Replace non-nova server fault message
o add
0002-Do_not_send_AAAA_DNS_request_when_domain_resolved_to_IPv4_address.patc h
(SOC-9144)
o update to 2.7.2: * includes fix for controller connection over SSL * enable
build against openvswitch-devel to get C extensions enabled (bsc#1141121)
o Added fix-xxe-in-xml-parsing.patch (CVE-2016-10127, bsc#1019074)
o Add patch CVE-2019-13611.patch (SOC-9989, bsc#1141676) *
python-python-engineio: An issue was discovered in python-engineio through
3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that
allows attackers to make WebSocket connections to a server
o Add missing dependency on python-six (bsc#1150895)
o Update to version 8.20190911: * Fixing broken markup (noref)
o Update to version 8.20190909: * Adding networking loop known issue
(SOC-10150) * add Keystone default is still UUID (noref) * remove Known
Issue-WebSSO not working (bsc#1132593) * Remove de-de from the URL again. *
transfer C8 revision history from MF wiki (SCRD-7737) * Typo/grammar fixes
+ URL fix * remove Crowbar deprecation date (bsc#1125893) * remove comment
that ovsvapp is not functional
o Update to version 8.20190909: * Adding networking loop known issue
(SOC-10150) * add Keystone default is still UUID (noref) * remove Known
Issue-WebSSO not working (bsc#1132593)
o Add python-defusedxml (bsc#1019074)
rubygem-easy_diff, rubygem-rest-client-1_6:
o CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802)
Non-security issue fixed:
o rubygem-easy_diff was updated to version 1.0.0.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-2867=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2019-2867=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2019-2867=1
Package List:
o SUSE OpenStack Cloud Crowbar 8 (noarch):
crowbar-ha-5.0+git.1567673535.607aada-3.26.2
crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2
crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3
mariadb-errormessages-10.2.25-4.14.2
novnc-1.0.0-3.6.3
openstack-cinder-11.2.3~dev16-3.21.4
openstack-cinder-api-11.2.3~dev16-3.21.4
openstack-cinder-backup-11.2.3~dev16-3.21.4
openstack-cinder-doc-11.2.3~dev16-3.21.3
openstack-cinder-scheduler-11.2.3~dev16-3.21.4
openstack-cinder-volume-11.2.3~dev16-3.21.4
openstack-glance-15.0.3~dev3-3.12.4
openstack-glance-api-15.0.3~dev3-3.12.4
openstack-glance-doc-15.0.3~dev3-3.12.3
openstack-glance-registry-15.0.3~dev3-3.12.4
openstack-heat-9.0.8~dev13-3.24.4
openstack-heat-api-9.0.8~dev13-3.24.4
openstack-heat-api-cfn-9.0.8~dev13-3.24.4
openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
openstack-heat-doc-9.0.8~dev13-3.24.3
openstack-heat-engine-9.0.8~dev13-3.24.4
openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
openstack-heat-test-9.0.8~dev13-3.24.4
openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
openstack-keystone-12.0.4~dev4-5.27.4
openstack-keystone-doc-12.0.4~dev4-5.27.3
openstack-monasca-installer-20190923_16.32-3.9.3
openstack-neutron-11.0.9~dev51-3.24.5
openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
openstack-neutron-doc-11.0.9~dev51-3.24.4
openstack-neutron-gbp-7.3.1~dev56-3.9.4
openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
openstack-neutron-lbaas-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
openstack-neutron-server-11.0.9~dev51-3.24.5
openstack-nova-16.1.9~dev7-3.29.3
openstack-nova-api-16.1.9~dev7-3.29.3
openstack-nova-cells-16.1.9~dev7-3.29.3
openstack-nova-compute-16.1.9~dev7-3.29.3
openstack-nova-conductor-16.1.9~dev7-3.29.3
openstack-nova-console-16.1.9~dev7-3.29.3
openstack-nova-consoleauth-16.1.9~dev7-3.29.3
openstack-nova-doc-16.1.9~dev7-3.29.3
openstack-nova-novncproxy-16.1.9~dev7-3.29.3
openstack-nova-placement-api-16.1.9~dev7-3.29.3
openstack-nova-scheduler-16.1.9~dev7-3.29.3
openstack-nova-serialproxy-16.1.9~dev7-3.29.3
openstack-nova-vncproxy-16.1.9~dev7-3.29.3
python-amqp-2.2.2-3.6.3
python-cinder-11.2.3~dev16-3.21.4
python-glance-15.0.3~dev3-3.12.4
python-heat-9.0.8~dev13-3.24.4
python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
python-keystone-12.0.4~dev4-5.27.4
python-neutron-11.0.9~dev51-3.24.5
python-neutron-gbp-7.3.1~dev56-3.9.4
python-neutron-lbaas-11.0.4~dev6-3.15.4
python-nova-16.1.9~dev7-3.29.3
python-pysaml2-4.0.2-5.3.3
python-urllib3-1.22-5.9.3
release-notes-suse-openstack-cloud-8.20190911-3.20.3
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
crowbar-core-5.0+git.1569597589.1f025c557-3.32.2
crowbar-core-branding-upstream-5.0+git.1569597589.1f025c557-3.32.2
galera-3-debuginfo-25.3.25-4.6.3
galera-3-debugsource-25.3.25-4.6.3
galera-3-wsrep-provider-25.3.25-4.6.3
galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
grafana-4.6.5-4.6.3
grafana-debuginfo-4.6.5-4.6.3
grafana-debugsource-4.6.5-4.6.3
libmariadb3-3.1.2-3.12.3
libmariadb3-debuginfo-3.1.2-3.12.3
mariadb-10.2.25-4.14.2
mariadb-client-10.2.25-4.14.2
mariadb-client-debuginfo-10.2.25-4.14.2
mariadb-connector-c-debugsource-3.1.2-3.12.3
mariadb-debuginfo-10.2.25-4.14.2
mariadb-debugsource-10.2.25-4.14.2
mariadb-galera-10.2.25-4.14.2
mariadb-tools-10.2.25-4.14.2
mariadb-tools-debuginfo-10.2.25-4.14.2
python-ovs-2.7.2-3.6.1
ruby2.1-rubygem-easy_diff-1.0.0-3.4.2
o SUSE OpenStack Cloud 8 (x86_64):
galera-3-debuginfo-25.3.25-4.6.3
galera-3-debugsource-25.3.25-4.6.3
galera-3-wsrep-provider-25.3.25-4.6.3
galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
grafana-4.6.5-4.6.3
grafana-debuginfo-4.6.5-4.6.3
grafana-debugsource-4.6.5-4.6.3
libmariadb3-3.1.2-3.12.3
libmariadb3-debuginfo-3.1.2-3.12.3
mariadb-10.2.25-4.14.2
mariadb-client-10.2.25-4.14.2
mariadb-client-debuginfo-10.2.25-4.14.2
mariadb-connector-c-debugsource-3.1.2-3.12.3
mariadb-debuginfo-10.2.25-4.14.2
mariadb-debugsource-10.2.25-4.14.2
mariadb-galera-10.2.25-4.14.2
mariadb-tools-10.2.25-4.14.2
mariadb-tools-debuginfo-10.2.25-4.14.2
python-ovs-2.7.2-3.6.1
o SUSE OpenStack Cloud 8 (noarch):
ardana-ansible-8.0+git.1566374355.c509923-3.67.3
ardana-glance-8.0+git.1566376789.be0fe01-3.17.3
ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3
ardana-input-model-8.0+git.1566517401.98450e6-3.33.3
ardana-manila-8.0+git.1568835837.2452e7a-1.21.3
ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3
ardana-nova-8.0+git.1566902754.c58ff69-3.35.3
ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3
ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3
mariadb-errormessages-10.2.25-4.14.2
novnc-1.0.0-3.6.3
openstack-cinder-11.2.3~dev16-3.21.4
openstack-cinder-api-11.2.3~dev16-3.21.4
openstack-cinder-backup-11.2.3~dev16-3.21.4
openstack-cinder-doc-11.2.3~dev16-3.21.3
openstack-cinder-scheduler-11.2.3~dev16-3.21.4
openstack-cinder-volume-11.2.3~dev16-3.21.4
openstack-glance-15.0.3~dev3-3.12.4
openstack-glance-api-15.0.3~dev3-3.12.4
openstack-glance-doc-15.0.3~dev3-3.12.3
openstack-glance-registry-15.0.3~dev3-3.12.4
openstack-heat-9.0.8~dev13-3.24.4
openstack-heat-api-9.0.8~dev13-3.24.4
openstack-heat-api-cfn-9.0.8~dev13-3.24.4
openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
openstack-heat-doc-9.0.8~dev13-3.24.3
openstack-heat-engine-9.0.8~dev13-3.24.4
openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
openstack-heat-test-9.0.8~dev13-3.24.4
openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
openstack-keystone-12.0.4~dev4-5.27.4
openstack-keystone-doc-12.0.4~dev4-5.27.3
openstack-monasca-installer-20190923_16.32-3.9.3
openstack-neutron-11.0.9~dev51-3.24.5
openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
openstack-neutron-doc-11.0.9~dev51-3.24.4
openstack-neutron-gbp-7.3.1~dev56-3.9.4
openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
openstack-neutron-lbaas-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
openstack-neutron-server-11.0.9~dev51-3.24.5
openstack-nova-16.1.9~dev7-3.29.3
openstack-nova-api-16.1.9~dev7-3.29.3
openstack-nova-cells-16.1.9~dev7-3.29.3
openstack-nova-compute-16.1.9~dev7-3.29.3
openstack-nova-conductor-16.1.9~dev7-3.29.3
openstack-nova-console-16.1.9~dev7-3.29.3
openstack-nova-consoleauth-16.1.9~dev7-3.29.3
openstack-nova-doc-16.1.9~dev7-3.29.3
openstack-nova-novncproxy-16.1.9~dev7-3.29.3
openstack-nova-placement-api-16.1.9~dev7-3.29.3
openstack-nova-scheduler-16.1.9~dev7-3.29.3
openstack-nova-serialproxy-16.1.9~dev7-3.29.3
openstack-nova-vncproxy-16.1.9~dev7-3.29.3
python-amqp-2.2.2-3.6.3
python-cinder-11.2.3~dev16-3.21.4
python-glance-15.0.3~dev3-3.12.4
python-heat-9.0.8~dev13-3.24.4
python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
python-keystone-12.0.4~dev4-5.27.4
python-neutron-11.0.9~dev51-3.24.5
python-neutron-gbp-7.3.1~dev56-3.9.4
python-neutron-lbaas-11.0.4~dev6-3.15.4
python-nova-16.1.9~dev7-3.29.3
python-pysaml2-4.0.2-5.3.3
python-python-engineio-2.0.2-3.3.3
python-urllib3-1.22-5.9.3
release-notes-suse-openstack-cloud-8.20190911-3.20.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2
venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2
venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2
venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2
venv-openstack-horizon-x86_64-12.0.4~dev6-14.26.2
venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2
venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2
venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2
venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2
venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2
venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3
venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3
venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2
venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2
venv-openstack-swift-x86_64-2.15.2-11.13.3
venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2
o HPE Helion Openstack 8 (x86_64):
galera-3-debuginfo-25.3.25-4.6.3
galera-3-debugsource-25.3.25-4.6.3
galera-3-wsrep-provider-25.3.25-4.6.3
galera-3-wsrep-provider-debuginfo-25.3.25-4.6.3
grafana-4.6.5-4.6.3
grafana-debuginfo-4.6.5-4.6.3
grafana-debugsource-4.6.5-4.6.3
libmariadb3-3.1.2-3.12.3
libmariadb3-debuginfo-3.1.2-3.12.3
mariadb-10.2.25-4.14.2
mariadb-client-10.2.25-4.14.2
mariadb-client-debuginfo-10.2.25-4.14.2
mariadb-connector-c-debugsource-3.1.2-3.12.3
mariadb-debuginfo-10.2.25-4.14.2
mariadb-debugsource-10.2.25-4.14.2
mariadb-galera-10.2.25-4.14.2
mariadb-tools-10.2.25-4.14.2
mariadb-tools-debuginfo-10.2.25-4.14.2
o HPE Helion Openstack 8 (noarch):
ardana-ansible-8.0+git.1566374355.c509923-3.67.3
ardana-glance-8.0+git.1566376789.be0fe01-3.17.3
ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3
ardana-input-model-8.0+git.1566517401.98450e6-3.33.3
ardana-manila-8.0+git.1568835837.2452e7a-1.21.3
ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3
ardana-nova-8.0+git.1566902754.c58ff69-3.35.3
ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3
ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3
mariadb-errormessages-10.2.25-4.14.2
novnc-1.0.0-3.6.3
openstack-cinder-11.2.3~dev16-3.21.4
openstack-cinder-api-11.2.3~dev16-3.21.4
openstack-cinder-backup-11.2.3~dev16-3.21.4
openstack-cinder-doc-11.2.3~dev16-3.21.3
openstack-cinder-scheduler-11.2.3~dev16-3.21.4
openstack-cinder-volume-11.2.3~dev16-3.21.4
openstack-glance-15.0.3~dev3-3.12.4
openstack-glance-api-15.0.3~dev3-3.12.4
openstack-glance-doc-15.0.3~dev3-3.12.3
openstack-glance-registry-15.0.3~dev3-3.12.4
openstack-heat-9.0.8~dev13-3.24.4
openstack-heat-api-9.0.8~dev13-3.24.4
openstack-heat-api-cfn-9.0.8~dev13-3.24.4
openstack-heat-api-cloudwatch-9.0.8~dev13-3.24.4
openstack-heat-doc-9.0.8~dev13-3.24.3
openstack-heat-engine-9.0.8~dev13-3.24.4
openstack-heat-plugin-heat_docker-9.0.8~dev13-3.24.4
openstack-heat-test-9.0.8~dev13-3.24.4
openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
openstack-keystone-12.0.4~dev4-5.27.4
openstack-keystone-doc-12.0.4~dev4-5.27.3
openstack-monasca-installer-20190923_16.32-3.9.3
openstack-neutron-11.0.9~dev51-3.24.5
openstack-neutron-dhcp-agent-11.0.9~dev51-3.24.5
openstack-neutron-doc-11.0.9~dev51-3.24.4
openstack-neutron-gbp-7.3.1~dev56-3.9.4
openstack-neutron-ha-tool-11.0.9~dev51-3.24.5
openstack-neutron-l3-agent-11.0.9~dev51-3.24.5
openstack-neutron-lbaas-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-agent-11.0.4~dev6-3.15.4
openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4
openstack-neutron-linuxbridge-agent-11.0.9~dev51-3.24.5
openstack-neutron-macvtap-agent-11.0.9~dev51-3.24.5
openstack-neutron-metadata-agent-11.0.9~dev51-3.24.5
openstack-neutron-metering-agent-11.0.9~dev51-3.24.5
openstack-neutron-openvswitch-agent-11.0.9~dev51-3.24.5
openstack-neutron-server-11.0.9~dev51-3.24.5
openstack-nova-16.1.9~dev7-3.29.3
openstack-nova-api-16.1.9~dev7-3.29.3
openstack-nova-cells-16.1.9~dev7-3.29.3
openstack-nova-compute-16.1.9~dev7-3.29.3
openstack-nova-conductor-16.1.9~dev7-3.29.3
openstack-nova-console-16.1.9~dev7-3.29.3
openstack-nova-consoleauth-16.1.9~dev7-3.29.3
openstack-nova-doc-16.1.9~dev7-3.29.3
openstack-nova-novncproxy-16.1.9~dev7-3.29.3
openstack-nova-placement-api-16.1.9~dev7-3.29.3
openstack-nova-scheduler-16.1.9~dev7-3.29.3
openstack-nova-serialproxy-16.1.9~dev7-3.29.3
openstack-nova-vncproxy-16.1.9~dev7-3.29.3
python-amqp-2.2.2-3.6.3
python-cinder-11.2.3~dev16-3.21.4
python-glance-15.0.3~dev3-3.12.4
python-heat-9.0.8~dev13-3.24.4
python-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4
python-keystone-12.0.4~dev4-5.27.4
python-neutron-11.0.9~dev51-3.24.5
python-neutron-gbp-7.3.1~dev56-3.9.4
python-neutron-lbaas-11.0.4~dev6-3.15.4
python-nova-16.1.9~dev7-3.29.3
python-pysaml2-4.0.2-5.3.3
python-python-engineio-2.0.2-3.3.3
python-urllib3-1.22-5.9.3
release-notes-hpe-helion-openstack-8.20190911-3.20.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.20.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.21.2
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.18.2
venv-openstack-cinder-x86_64-11.2.3~dev16-14.21.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.19.2
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.16.2
venv-openstack-glance-x86_64-15.0.3~dev3-12.19.2
venv-openstack-heat-x86_64-9.0.8~dev13-12.21.2
venv-openstack-horizon-hpe-x86_64-12.0.4~dev6-14.26.2
venv-openstack-ironic-x86_64-9.1.8~dev7-12.21.2
venv-openstack-keystone-x86_64-12.0.4~dev4-11.22.3
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.20.2
venv-openstack-manila-x86_64-5.1.1~dev2-12.23.2
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.16.2
venv-openstack-monasca-x86_64-2.2.2~dev1-11.18.2
venv-openstack-murano-x86_64-4.0.2~dev2-12.16.2
venv-openstack-neutron-x86_64-11.0.9~dev51-13.24.3
venv-openstack-nova-x86_64-16.1.9~dev7-11.22.3
venv-openstack-octavia-x86_64-1.0.6~dev2-12.21.2
venv-openstack-sahara-x86_64-7.0.4~dev1-11.20.2
venv-openstack-swift-x86_64-2.15.2-11.13.3
venv-openstack-trove-x86_64-8.0.1~dev13-11.20.2
References:
o https://www.suse.com/security/cve/CVE-2015-3448.html
o https://www.suse.com/security/cve/CVE-2016-10127.html
o https://www.suse.com/security/cve/CVE-2018-15727.html
o https://www.suse.com/security/cve/CVE-2018-19039.html
o https://www.suse.com/security/cve/CVE-2018-558213.html
o https://www.suse.com/security/cve/CVE-2019-13611.html
o https://www.suse.com/security/cve/CVE-2019-15043.html
o https://www.suse.com/security/cve/CVE-2019-2614.html
o https://www.suse.com/security/cve/CVE-2019-2627.html
o https://www.suse.com/security/cve/CVE-2019-2628.html
o https://www.suse.com/security/cve/CVE-2019-5477.html
o https://bugzilla.suse.com/1019074
o https://bugzilla.suse.com/1096985
o https://bugzilla.suse.com/1106515
o https://bugzilla.suse.com/1115960
o https://bugzilla.suse.com/1116846
o https://bugzilla.suse.com/1118900
o https://bugzilla.suse.com/1120657
o https://bugzilla.suse.com/1125893
o https://bugzilla.suse.com/1126088
o https://bugzilla.suse.com/1132593
o https://bugzilla.suse.com/1132666
o https://bugzilla.suse.com/1136035
o https://bugzilla.suse.com/1141121
o https://bugzilla.suse.com/1141676
o https://bugzilla.suse.com/1143215
o https://bugzilla.suse.com/1145796
o https://bugzilla.suse.com/1146578
o https://bugzilla.suse.com/1148158
o https://bugzilla.suse.com/1148383
o https://bugzilla.suse.com/1150895
o https://bugzilla.suse.com/917802
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXbp0mWaOgq3Tt24GAQgz4A//U8RcDg/mRbuRzegydiupW2Gcjwclu6hd
x/GuHd3PgokwNwtV6ID7a+I0df54Qo5zTMBQC3BbFA4SZY9oGYlyZaCbV651WKfZ
fweowV2OaQv0qosSb5k47PYl63r33DNJRgzE05AY5sHzDyaaiuB7XuVzSwLoaNAv
N1t1KwgK6sYmaZTlqSa21ohyUXKVq8zWQ+NEDA70sG3shRrtJUIhRAZDq0xjMgkV
u2NYU0suKUM1YU6FH97Z6lJo/pKB30Lg+RNWJgIJLdpU4pERw5S7LAq6xlg5F48y
KV+G60FEr9I7HIv56Xvpl0g6Y9+zp3YVHv8dClprGbtVdAPT9RgQvfC9vdSmqjsu
yrnpfYn4IFKXCZaKSrT9IKpTM11wRJKI/Jyv2ZYw5I17+aL3aFM6NeO3ZbsLn9ya
tfDwFvznsz451Y8EwihjUFk5vpWCeB0D+kGmXCwi4mt4axF7tI/kjMrv7u3WOTFI
ra8PalDxuJpqUX8iCCKflh4xVIKdy49w5YoAnve/lhJ7lX5sWWwd71j8PYB+ImEA
LX0yc0+MUjMC3XYz0dk1Yp7bHbNjd85vzv2VGcPoPSEObUt2269GHoSg0PvMJ5XT
VjrbcZU5wxGhZ9/VC80GhA3UYLNP7DhVVl7kdIMLaMaJQJ21pPngF8E7g1+9WaKe
2N/NRyOet/o=
=c4Fd
-----END PGP SIGNATURE-----