-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4190
  SUSE-SU-2019:2906-1 Security update for ardana-ansible, ardana-horizon,
       ardana-keystone, ardana-manila, ardana-neutron, crowbar-core,
    crowbar-openstack, grafana, openstack-cinder, openstack-dashboard,
 openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila,
                              7 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ardana
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-15043 CVE-2019-3871 

Reference:         ESB-2019.3854
                   ESB-2019.1149
                   ESB-2019.1070
                   ESB-2019.0906
                   ESB-2019.4048.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2019/suse-su-20192906-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for ardana-ansible, ardana-horizon,
ardana-keystone, ardana-manila, ardana-neutron, crowbar-core,
crowbar-openstack, grafana, openstack-cinder, openstack-dashboard,
openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila,
openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns,
python-Django1, python-keystonemiddleware, python-octaviaclient,
python-os-brick, python-oslo.cache

______________________________________________________________________________

Announcement ID:   SUSE-SU-2019:2906-1
Rating:            important
References:        #1129734 #1148383
Cross-References:  CVE-2019-15043 CVE-2019-3871
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud 9
______________________________________________________________________________

, python-oslo.messaging

An update that fixes two vulnerabilities is now available.

Description:

This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila,
ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder,
openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone,
openstack-manila, openstack-neutron, openstack-neutron-fwaas,
openstack-neutron-lbaas, openstack-nova, openstack-octavia,
openstack-octavia-amphora-image, pdns, python-Django1,
python-keystonemiddleware, python-octaviaclient, python-os-brick,
python-oslo.cache, python-oslo.messaging fixes the following issues:
Security issues fixed:

  o CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end
    (pdns, bsc#1129734).
  o CVE-2019-15043: Added authentication to a few REST endpoints (Grafana,
    SOC-10357, bsc#1148383).


Non-security issues fixed:

  o Update to version 9.0+git.1568821007.4e73730: * Include
    manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609)


  o Update to version 9.0+git.1569869028.8edfc22: * Added command to minify the
    django compressed css files (SOC-10305)


  o Update to version 9.0+git.1570035317.78077ac: * support OpenID Connect
    WebSSO (SOC-10509)


  o Update to version 9.0+git.1569444107.add6a40: * Manila parallelised upgrade
    workflow enhancements (SOC-10609)


  o Update to version 9.0+git.1571328680.3a89cb8: * Add neutron-common role
    dependencies (SOC-10875)


  o Update to version 6.0+git.1571412352.8da4d261f: * upgrade: Reload repo
    config in repochecks (SOC-10718)


  o Update to version 6.0+git.1571210108.12bd2ffa3: * crowbar: Give more time
    for reboot for physical hardware reboots


  o Update to version 6.0+git.1570004730.b56b8983b: * Revert "Use
    block-migration when needed" (SOC-10133)


  o Update to version 6.0+git.1569911671.d44b0035c: * Designate: Don't add the
    admin node to the public network (SOC-10658)


  o Update to version 6.0+git.1572264221.3826a58b8: * Octavia: account for long
    ops in HA deployments (SOC-9894) * Octavia: use correct IP addresses for
    listening (SOC-9894) * Octavia: fix subnet creation race condition
    (SOC-9894) * Updated copyright notices (SOC-9894) * Octavia: Follow up
    patch addressing comments from last PR (SOC-9894)


  o Update to version 6.0+git.1571986150.c5b827b7a: * Fix the migration that
    tried to access Array as a Hash (SOC-10896)


  o Update to version 6.0+git.1571731423.957dcfecd: * mysql: fix WSREP sync
    race (SOC-10717)


  o Update to version 6.0+git.1571660392.997fee49d: * mysql: stop service for
    mysql_install_db (SOC-10717)


  o Update to version 6.0+git.1571241502.2f673d0a9: * rabbitmq: fix migration
    200 (SOC-10623) * Changes to integrate with ACI 4.1 and new packages
    (SOC-10403)


  o Update to version 6.0+git.1570143515.9b1546ed3: * No rndc key if no public
    DNS server (SOC-10835)


  o Update to version 6.0+git.1570048281.815e06ff3: * create watcher barclamp
    (SOC-4183)


  o Update to version 6.0+git.1569942913.15b24bec5: * monasca: Fix restore
    condition (SOC-9772) * database: really fix migration 102 (SOC-10717)


  o Update to version 6.0+git.1569823669.91f267e96: * Designate: Filter out the
    admin node (SOC-10658)


  o Create plugin directory and clean up (create in %install, add to %files)
    handling of /var/lib/grafana/* and
  o Update to version cinder-13.0.8.dev8: * Extend timeout for database
    migration tests 13.0.7 * Add context to cloning snapshots in remotefs
    driver


  o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation *
    Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to
    encrypted+multiattach type


  o Update to version cinder-13.0.8.dev8: * Extend timeout for database
    migration tests 13.0.7 * Add context to cloning snapshots in remotefs
    driver


  o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation *
    Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to
    encrypted+multiattach type


  o Update to version horizon-14.0.5.dev1: * Fix aes-xts key length in Horizon
    Admin Guide / Manage Volumes 14.0.4


  o Add python-csscompressor as a requirement * python-csscompressor will be
    used to minify compressed css files


  o Update to version horizon-14.0.4.dev17: * Remove the check which causes
    plugin's quotas update failure


  o Update to version horizon-14.0.4.dev16: * Add Allowed Address Pair/Delete
    buttons are only visible to admin


  o Update to version horizon-14.0.4.dev14: * Updated max-width to be dynamic
    for .member class


  o Update to version horizon-14.0.4.dev13: * Avoid forced logout when 403
    error encountered


  o Update to version manila-ui-2.16.2.dev2: * Updated to get quotas data for
    Modify Quotas dialog Share tab * OpenDev Migration Patch 2.16.1


  o Update to version keystone-14.1.1.dev26: * Make system tokens work with
    domain-specific drivers


  o Update to version keystone-14.1.1.dev24: * Add test case for expanding
    implied roles in system tokens


  o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in
    credential delete


  o Update to version keystone-14.1.1.dev20: * Import LDAP job into project *
    Update broken links to dogpile.cache docs


  o Update to version keystone-14.1.1.dev26: * Make system tokens work with
    domain-specific drivers


  o Update to version keystone-14.1.1.dev24: * Add test case for expanding
    implied roles in system tokens


  o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in
    credential delete


  o Update to version keystone-14.1.1.dev20: * Import LDAP job into project *
    Update broken links to dogpile.cache docs


  o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and
    convert mgmt ipv6


  o Update to version manila-7.3.1.dev14: * Adding documentation for User
    Messages in Manila Documentation


  o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking
    of NetApp replicated share


  o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up
    queries bug


  o Update to version manila-7.3.1.dev9: * Remove backend spec from share type
    while creating replica


  o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for
    pools


  o Update to version manila-7.3.1.dev7: * Fix
    manila-tempest-minimal-dsvm-lvm-centos-7 job


  o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and
    convert mgmt ipv6


  o Update to version manila-7.3.1.dev14: * Adding documentation for User
    Messages in Manila Documentation


  o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking
    of NetApp replicated share


  o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up
    queries bug


  o Update to version manila-7.3.1.dev9: * Remove backend spec from share type
    while creating replica


  o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for
    pools


  o Update to version manila-7.3.1.dev7: * Fix
    manila-tempest-minimal-dsvm-lvm-centos-7 job


  o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option *
    Fix mismatch of tags in dnsmasq options 13.0.5


  o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers
    without routerports


  o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/
    Remove port IPs


  o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop
    * OVS flows for custom ethertypes must be on EGRESS


  o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option *
    Fix mismatch of tags in dnsmasq options 13.0.5


  o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers
    without routerports


  o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/
    Remove port IPs


  o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop
    * OVS flows for custom ethertypes must be on EGRESS


  o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with
    third-party L3 service plugins


  o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not
    updated in DVR routers on compute host 13.0.2


  o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with
    third-party L3 service plugins


  o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not
    updated in DVR routers on compute host 13.0.2


  o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model


  o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model


  o Update to version nova-18.2.4.dev18: * Error out interrupted builds *
    Functional reproduce for bug 1833581 * Prevent init\_host test to interfere
    with other tests * Add functional test for resize crash compute restart
    revert * cleanup evacuated instances not on hypervisor


  o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period *
    Fix exception translation when creating volume * Skip test\_parallel\
    _evacuate\_with\_server\_group until fixed * Handle get\_host\_availability
    \_zone error during reschedule * Noop CantStartEngineError in targets\_cell
    if API DB not configured


  o Update to version nova-18.2.4.dev1: * Stop sending bad values from
    libosinfo to libvirt 18.2.3


  o Update to version nova-18.2.3.dev25: * Add useful error log when \
    _determine\_version\_cap raises DBNotAllowed


  o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query
    parameter to noVNC consoles


  o Update to version nova-18.2.4.dev18: * Error out interrupted builds *
    Functional reproduce for bug 1833581 * Prevent init\_host test to interfere
    with other tests * Add functional test for resize crash compute restart
    revert * cleanup evacuated instances not on hypervisor


  o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period *
    Fix exception translation when creating volume * Skip test\_parallel\
    _evacuate\_with\_server\_group until fixed * Handle get\_host\_availability
    \_zone error during reschedule * Noop CantStartEngineError in targets\_cell
    if API DB not configured


  o Update to version nova-18.2.4.dev1: * Stop sending bad values from
    libosinfo to libvirt 18.2.3


  o Update to version nova-18.2.3.dev25: * Add useful error log when \
    _determine\_version\_cap raises DBNotAllowed


  o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query
    parameter to noVNC consoles


  o Move tempest tests into the python-octavia package (SOC-9455)


  o Update to version octavia-3.2.1.dev1: 3.2.0 * loadbalancer vip-network-id
    IP availability check


  o Update to version octavia-3.1.2.dev46: * Fix urgent amphora two-way auth
    security bug


Update image to 0.1.1 to include latest changes in openstack-octavia:

  o Update to include version octavia-3.2.1.dev1: * loadbalancer vip-network-id
    IP availability check * Fix urgent amphora two-way auth security bug * Fix
    member API handling of None/null updates * Validate server\_certs\_key\
    _passphrase is 32 chars * Work around strptime threading issue * Fix base
    (VRRP) port abandoned on revert * Do not run non-voting jobs in gate * Fix
    l7rule API handling of None updates * Fix template that generates vrrp
    check script * elements: add arch property for \`\`open-vm-tools\`\` *
    Prevent UDP LBs to use different IP protocol versions in amphora driver *
    Fixed down server issue after reloading keepalived * Fixed pool and members
    status with UDP loadbalancers * Add support for monitor\_{address,port} in
    UDP members * Fix auto setup Barbican's ACL in the legacy driver * Fix L7
    repository create methods * Add warning log if auth\_strategy is not
    keystone * Add failover logging to show the amphora details * Revert "Use
    the infra pypi mirror for DIB" * Use the infra pypi mirror for DIB * only
    rollback DB when we have a connection to the DB * Add octavia-v2-dsvm jobs
    to the gate queue * Fix for utils LB DM transformation function * Update
    amphora-agent to report UDP listener health * Update tox.ini for new upper
    constraints strategy * Add bindep.txt for Octavia * Fix allocate\_and\
    _associate DB deadlock * Treat null admin\_state\_up as False * Performance
    improvement for non-udp health checks * Bandit test exclusions syntax
    change * Fix IPv6 in Active/Standby topology on CentOS * Fix listener API
    handling of None/null updates * OpenDev Migration Patch * Fix a lifecycle
    bug with child objects * Fix the amphora base port coming up * Fix setting
    of VIP QoS policy * Fix VIP plugging on CentOS-based amphorae * Fix
    possible state machine hole in failover * Add missing import octavia/
    opts.py * Fix the loss of access to barbican secrets * Fix initialization
    of Barbican client * Replace openstack.org git:// URLs with https:// * Fix
    prefix for vip\_ipv6 * Fix ifup failures on member interfaces with IPv6 *
    Adds server\_certs\_key\_passphrase to octavia.conf * Fix LB failover when
    in ERROR * Resolve amphora agent read timeout issue * Fix performance of
    housekeeping DB clean up * Encrypt certs and keys * Enable debug for
    Octavia services in grenade job * Fix oslo messaging connection leakage *
    Simplify keepalived lvsquery parsing for UDP * Fix functional tests under
    Python >= 3.6 * Fix check redirect pool for creating a fully populated load
    balancer * Fix missing print format error
  o Remove superfluous octavia-db-manage invocation from service file
  o Incorporate the patch from https://review.openstack.org/#/c/541811/9.


  o Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an
    IXFR query, * #7610: Fix replying from ANY address for non-standard port, *
    #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not
    compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605:
    Fix invalid SOA record in MySQL which prevented the authoritative server
    from starting, * #7603: Prevent leak of file descriptor if running out of
    ports for incoming AXFR, * #7602: Fix API search failed with   Commands out
    of sync; you can  t run this command now  , * #7509: Plug
    `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with
    compiler optimizations. * Prevent more than one CNAME/SOA record in the
    same RRset


  o Update to 1.11.24: * Fixed crash of KeyTransform() for JSONField and
    HStoreField when using on expressions with params (#30672).


  o update to version 5.2.1 - Update .gitreview for stable/rocky - Update
    UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - Remove
    tox_install.sh - import zuul job settings from project-config - Skip the
    services with no endpoints when parsing service catalog


  o update to version 1.6.1 - Update UPPER_CONSTRAINTS_FILE for stable/rocky -
    OpenDev Migration Patch - import zuul job settings from project-config -
    Update .gitreview for stable/rocky - Make sure we always requests JSON
    responses


  o update to version 2.5.8 - FC: Ignore some HBAs from map for single WWNN -
    OpenDev Migration Patch - Improve iSCSI device detection speed


  o update to version 1.30.4 - Update UPPER_CONSTRAINTS_FILE for stable/rocky -
    Fix memcache pool client in monkey-patched environments - OpenDev Migration
    Patch - Pass `flush_on_reconnect` to memcache pooled backend


  o update to version 8.1.4 - Replace openstack.org git:// URLs with https:// -
    Cap Bandit below 1.6.0 and update Sphinx requirement - Retry to declare a
    queue after internal error - Add release note for amqp library TLS/SSL
    error - Fix switch connection destination when a rabbitmq cluster node
    disappear - Mark telemetry tests nv and remove from gate - OpenDev
    Migration Patch - Issue blocking ACK for RPC requests from the consumer
    thread - fix typos

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2906=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2906=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (noarch):
       crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3
       openstack-cinder-13.0.8~dev8-3.13.5
       openstack-cinder-api-13.0.8~dev8-3.13.5
       openstack-cinder-backup-13.0.8~dev8-3.13.5
       openstack-cinder-scheduler-13.0.8~dev8-3.13.5
       openstack-cinder-volume-13.0.8~dev8-3.13.5
       openstack-dashboard-14.0.5~dev1-3.9.4
       openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
       openstack-keystone-14.1.1~dev26-3.13.4
       openstack-manila-7.3.1~dev15-4.13.4
       openstack-manila-api-7.3.1~dev15-4.13.4
       openstack-manila-data-7.3.1~dev15-4.13.4
       openstack-manila-scheduler-7.3.1~dev15-4.13.4
       openstack-manila-share-7.3.1~dev15-4.13.4
       openstack-neutron-13.0.6~dev3-3.13.4
       openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
       openstack-neutron-fwaas-13.0.3~dev2-3.6.3
       openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
       openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
       openstack-neutron-lbaas-13.0.1~dev15-3.10.3
       openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
       openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
       openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
       openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
       openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
       openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
       openstack-neutron-server-13.0.6~dev3-3.13.4
       openstack-nova-18.2.4~dev18-3.13.5
       openstack-nova-api-18.2.4~dev18-3.13.5
       openstack-nova-cells-18.2.4~dev18-3.13.5
       openstack-nova-compute-18.2.4~dev18-3.13.5
       openstack-nova-conductor-18.2.4~dev18-3.13.5
       openstack-nova-console-18.2.4~dev18-3.13.5
       openstack-nova-novncproxy-18.2.4~dev18-3.13.5
       openstack-nova-placement-api-18.2.4~dev18-3.13.5
       openstack-nova-scheduler-18.2.4~dev18-3.13.5
       openstack-nova-serialproxy-18.2.4~dev18-3.13.5
       openstack-nova-vncproxy-18.2.4~dev18-3.13.5
       openstack-octavia-3.2.1~dev1-3.13.3
       openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
       openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
       openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
       openstack-octavia-api-3.2.1~dev1-3.13.3
       openstack-octavia-health-manager-3.2.1~dev1-3.13.3
       openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
       openstack-octavia-worker-3.2.1~dev1-3.13.3
       python-Django1-1.11.24-3.12.3
       python-cinder-13.0.8~dev8-3.13.5
       python-horizon-14.0.5~dev1-3.9.4
       python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
       python-keystone-14.1.1~dev26-3.13.4
       python-keystonemiddleware-5.2.1-11.4
       python-manila-7.3.1~dev15-4.13.4
       python-neutron-13.0.6~dev3-3.13.4
       python-neutron-fwaas-13.0.3~dev2-3.6.3
       python-neutron-lbaas-13.0.1~dev15-3.10.3
       python-nova-18.2.4~dev18-3.13.5
       python-octavia-3.2.1~dev1-3.13.3
       python-octaviaclient-1.6.1-3.3.3
       python-openstack_auth-14.0.5~dev1-3.9.4
       python-os-brick-2.5.8-3.6.3
       python-os-brick-common-2.5.8-3.6.3
       python-oslo.cache-1.30.4-3.3.3
       python-oslo.messaging-8.1.4-3.3.3
  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3
       crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13.3
       grafana-6.2.5-3.9.3
       grafana-debuginfo-6.2.5-3.9.3
  o SUSE OpenStack Cloud 9 (noarch):
       ardana-ansible-9.0+git.1568821007.4e73730-3.13.3
       ardana-horizon-9.0+git.1569869028.8edfc22-3.10.3
       ardana-keystone-9.0+git.1570035317.78077ac-3.10.3
       ardana-manila-9.0+git.1569444107.add6a40-3.9.3
       ardana-neutron-9.0+git.1571328680.3a89cb8-3.13.3
       openstack-cinder-13.0.8~dev8-3.13.5
       openstack-cinder-api-13.0.8~dev8-3.13.5
       openstack-cinder-backup-13.0.8~dev8-3.13.5
       openstack-cinder-scheduler-13.0.8~dev8-3.13.5
       openstack-cinder-volume-13.0.8~dev8-3.13.5
       openstack-dashboard-14.0.5~dev1-3.9.4
       openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
       openstack-keystone-14.1.1~dev26-3.13.4
       openstack-manila-7.3.1~dev15-4.13.4
       openstack-manila-api-7.3.1~dev15-4.13.4
       openstack-manila-data-7.3.1~dev15-4.13.4
       openstack-manila-scheduler-7.3.1~dev15-4.13.4
       openstack-manila-share-7.3.1~dev15-4.13.4
       openstack-neutron-13.0.6~dev3-3.13.4
       openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
       openstack-neutron-fwaas-13.0.3~dev2-3.6.3
       openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
       openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
       openstack-neutron-lbaas-13.0.1~dev15-3.10.3
       openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
       openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
       openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
       openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
       openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
       openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
       openstack-neutron-server-13.0.6~dev3-3.13.4
       openstack-nova-18.2.4~dev18-3.13.5
       openstack-nova-api-18.2.4~dev18-3.13.5
       openstack-nova-cells-18.2.4~dev18-3.13.5
       openstack-nova-compute-18.2.4~dev18-3.13.5
       openstack-nova-conductor-18.2.4~dev18-3.13.5
       openstack-nova-console-18.2.4~dev18-3.13.5
       openstack-nova-novncproxy-18.2.4~dev18-3.13.5
       openstack-nova-placement-api-18.2.4~dev18-3.13.5
       openstack-nova-scheduler-18.2.4~dev18-3.13.5
       openstack-nova-serialproxy-18.2.4~dev18-3.13.5
       openstack-nova-vncproxy-18.2.4~dev18-3.13.5
       openstack-octavia-3.2.1~dev1-3.13.3
       openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
       openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
       openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
       openstack-octavia-api-3.2.1~dev1-3.13.3
       openstack-octavia-health-manager-3.2.1~dev1-3.13.3
       openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
       openstack-octavia-worker-3.2.1~dev1-3.13.3
       python-Django1-1.11.24-3.12.3
       python-cinder-13.0.8~dev8-3.13.5
       python-horizon-14.0.5~dev1-3.9.4
       python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
       python-keystone-14.1.1~dev26-3.13.4
       python-keystonemiddleware-5.2.1-11.4
       python-manila-7.3.1~dev15-4.13.4
       python-neutron-13.0.6~dev3-3.13.4
       python-neutron-fwaas-13.0.3~dev2-3.6.3
       python-neutron-lbaas-13.0.1~dev15-3.10.3
       python-nova-18.2.4~dev18-3.13.5
       python-octavia-3.2.1~dev1-3.13.3
       python-octaviaclient-1.6.1-3.3.3
       python-openstack_auth-14.0.5~dev1-3.9.4
       python-os-brick-2.5.8-3.6.3
       python-os-brick-common-2.5.8-3.6.3
       python-oslo.cache-1.30.4-3.3.3
       python-oslo.messaging-8.1.4-3.3.3
       venv-openstack-barbican-x86_64-7.0.1~dev18-3.11.3
       venv-openstack-cinder-x86_64-13.0.8~dev8-3.11.3
       venv-openstack-designate-x86_64-7.0.1~dev22-3.11.3
       venv-openstack-glance-x86_64-17.0.1~dev30-3.11.3
       venv-openstack-heat-x86_64-11.0.3~dev23-3.11.3
       venv-openstack-horizon-x86_64-14.0.5~dev1-4.11.3
       venv-openstack-keystone-x86_64-14.1.1~dev26-3.11.3
       venv-openstack-magnum-x86_64-7.1.1~dev28-4.11.3
       venv-openstack-manila-x86_64-7.3.1~dev15-3.11.3
       venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.11.3
       venv-openstack-monasca-x86_64-2.7.1~dev10-3.11.3
       venv-openstack-neutron-x86_64-13.0.6~dev3-6.11.3
       venv-openstack-nova-x86_64-18.2.4~dev18-3.11.3
       venv-openstack-octavia-x86_64-3.2.1~dev1-4.11.3
       venv-openstack-sahara-x86_64-9.0.2~dev12-3.11.3
       venv-openstack-swift-x86_64-2.19.2~dev1-2.8.3
  o SUSE OpenStack Cloud 9 (x86_64):
       grafana-6.2.5-3.9.3
       grafana-debuginfo-6.2.5-3.9.3
       pdns-4.1.8-3.3.3
       pdns-backend-mysql-4.1.8-3.3.3
       pdns-backend-mysql-debuginfo-4.1.8-3.3.3
       pdns-debuginfo-4.1.8-3.3.3
       pdns-debugsource-4.1.8-3.3.3


References:

  o https://www.suse.com/security/cve/CVE-2019-15043.html
  o https://www.suse.com/security/cve/CVE-2019-3871.html
  o https://bugzilla.suse.com/1129734
  o https://bugzilla.suse.com/1148383

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXcOeu2aOgq3Tt24GAQhUChAAuBkEEAnLLOnIXOS5gKyz8dqgtOHaWcV5
0as2/2unr16w1VJpDbMKRuqCLXVwmNt2QaYALi94YHfGsyVW4LUiSEGWTlZuJPdg
eZkPrr6TQYXyvNVlAwgP8B0tF+PwdA3E1KlNNeUHUAglpZyf6yBu0gdb2Xw5a+qf
kyoZ7ZwZ7532As9CWTm1n3ypEf3fYDUBJvMiHei151VW7+mox0Ra1OO6cqBQeKJ2
3pwoozoq6+SjEcUMBUomBhOYHHTPF3vwnl/CJyGsya5g6nZBsUbK25Qw3DawKMIE
uCKEj50h8MaZoR3D7qWvlyyOT24piLRjCD4nuvgEGw9+qWGgRg1zbI22Of0N80Xl
N8sRghtYlwS6ndxUEt4MmauVoUzosjlxWagzcfFClg2sJDwXIAgdi6gFDvzbB939
htJWj9YHrT1+62eK+1gwU1AW4wxqDF9ctwUY8GPiGnPNl10gyDOphPjiPLwftoII
6JsPuNCwn0nV5DbUwjF/hcbnWdKbTiZ/dsX9uiBP3yZAjl6H+XbmhwBSfXP89Ua4
Pr5XBs4SYIB5enGZD/dqDWdlviBGOaoDUeLzHRO9qiQoKGGgAsMYQFn9jb2LUaLf
WnmpnI4TZoXUyjQ1ZhfdF3UzghZJhhjYst79JxWw+X39lI+BVJsDYEbqMuybOKNS
dSoq2vyhiJI=
=IDf7
-----END PGP SIGNATURE-----