Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4190 SUSE-SU-2019:2906-1 Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, 7 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ardana Publisher: SUSE Operating System: SUSE Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-15043 CVE-2019-3871 Reference: ESB-2019.3854 ESB-2019.1149 ESB-2019.1070 ESB-2019.0906 ESB-2019.4048.2 Original Bulletin: https://www.suse.com/support/update/announcement/2019/suse-su-20192906-1.html - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2906-1 Rating: important References: #1129734 #1148383 Cross-References: CVE-2019-15043 CVE-2019-3871 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ , python-oslo.messaging An update that fixes two vulnerabilities is now available. Description: This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging fixes the following issues: Security issues fixed: o CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end (pdns, bsc#1129734). o CVE-2019-15043: Added authentication to a few REST endpoints (Grafana, SOC-10357, bsc#1148383). Non-security issues fixed: o Update to version 9.0+git.1568821007.4e73730: * Include manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609) o Update to version 9.0+git.1569869028.8edfc22: * Added command to minify the django compressed css files (SOC-10305) o Update to version 9.0+git.1570035317.78077ac: * support OpenID Connect WebSSO (SOC-10509) o Update to version 9.0+git.1569444107.add6a40: * Manila parallelised upgrade workflow enhancements (SOC-10609) o Update to version 9.0+git.1571328680.3a89cb8: * Add neutron-common role dependencies (SOC-10875) o Update to version 6.0+git.1571412352.8da4d261f: * upgrade: Reload repo config in repochecks (SOC-10718) o Update to version 6.0+git.1571210108.12bd2ffa3: * crowbar: Give more time for reboot for physical hardware reboots o Update to version 6.0+git.1570004730.b56b8983b: * Revert "Use block-migration when needed" (SOC-10133) o Update to version 6.0+git.1569911671.d44b0035c: * Designate: Don't add the admin node to the public network (SOC-10658) o Update to version 6.0+git.1572264221.3826a58b8: * Octavia: account for long ops in HA deployments (SOC-9894) * Octavia: use correct IP addresses for listening (SOC-9894) * Octavia: fix subnet creation race condition (SOC-9894) * Updated copyright notices (SOC-9894) * Octavia: Follow up patch addressing comments from last PR (SOC-9894) o Update to version 6.0+git.1571986150.c5b827b7a: * Fix the migration that tried to access Array as a Hash (SOC-10896) o Update to version 6.0+git.1571731423.957dcfecd: * mysql: fix WSREP sync race (SOC-10717) o Update to version 6.0+git.1571660392.997fee49d: * mysql: stop service for mysql_install_db (SOC-10717) o Update to version 6.0+git.1571241502.2f673d0a9: * rabbitmq: fix migration 200 (SOC-10623) * Changes to integrate with ACI 4.1 and new packages (SOC-10403) o Update to version 6.0+git.1570143515.9b1546ed3: * No rndc key if no public DNS server (SOC-10835) o Update to version 6.0+git.1570048281.815e06ff3: * create watcher barclamp (SOC-4183) o Update to version 6.0+git.1569942913.15b24bec5: * monasca: Fix restore condition (SOC-9772) * database: really fix migration 102 (SOC-10717) o Update to version 6.0+git.1569823669.91f267e96: * Designate: Filter out the admin node (SOC-10658) o Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and o Update to version cinder-13.0.8.dev8: * Extend timeout for database migration tests 13.0.7 * Add context to cloning snapshots in remotefs driver o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation * Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to encrypted+multiattach type o Update to version cinder-13.0.8.dev8: * Extend timeout for database migration tests 13.0.7 * Add context to cloning snapshots in remotefs driver o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation * Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to encrypted+multiattach type o Update to version horizon-14.0.5.dev1: * Fix aes-xts key length in Horizon Admin Guide / Manage Volumes 14.0.4 o Add python-csscompressor as a requirement * python-csscompressor will be used to minify compressed css files o Update to version horizon-14.0.4.dev17: * Remove the check which causes plugin's quotas update failure o Update to version horizon-14.0.4.dev16: * Add Allowed Address Pair/Delete buttons are only visible to admin o Update to version horizon-14.0.4.dev14: * Updated max-width to be dynamic for .member class o Update to version horizon-14.0.4.dev13: * Avoid forced logout when 403 error encountered o Update to version manila-ui-2.16.2.dev2: * Updated to get quotas data for Modify Quotas dialog Share tab * OpenDev Migration Patch 2.16.1 o Update to version keystone-14.1.1.dev26: * Make system tokens work with domain-specific drivers o Update to version keystone-14.1.1.dev24: * Add test case for expanding implied roles in system tokens o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in credential delete o Update to version keystone-14.1.1.dev20: * Import LDAP job into project * Update broken links to dogpile.cache docs o Update to version keystone-14.1.1.dev26: * Make system tokens work with domain-specific drivers o Update to version keystone-14.1.1.dev24: * Add test case for expanding implied roles in system tokens o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in credential delete o Update to version keystone-14.1.1.dev20: * Import LDAP job into project * Update broken links to dogpile.cache docs o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and convert mgmt ipv6 o Update to version manila-7.3.1.dev14: * Adding documentation for User Messages in Manila Documentation o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking of NetApp replicated share o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up queries bug o Update to version manila-7.3.1.dev9: * Remove backend spec from share type while creating replica o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for pools o Update to version manila-7.3.1.dev7: * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and convert mgmt ipv6 o Update to version manila-7.3.1.dev14: * Adding documentation for User Messages in Manila Documentation o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking of NetApp replicated share o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up queries bug o Update to version manila-7.3.1.dev9: * Remove backend spec from share type while creating replica o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for pools o Update to version manila-7.3.1.dev7: * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option * Fix mismatch of tags in dnsmasq options 13.0.5 o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers without routerports o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/ Remove port IPs o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop * OVS flows for custom ethertypes must be on EGRESS o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option * Fix mismatch of tags in dnsmasq options 13.0.5 o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers without routerports o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/ Remove port IPs o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop * OVS flows for custom ethertypes must be on EGRESS o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with third-party L3 service plugins o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host 13.0.2 o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with third-party L3 service plugins o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host 13.0.2 o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model o Update to version nova-18.2.4.dev18: * Error out interrupted builds * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * cleanup evacuated instances not on hypervisor o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period * Fix exception translation when creating volume * Skip test\_parallel\ _evacuate\_with\_server\_group until fixed * Handle get\_host\_availability \_zone error during reschedule * Noop CantStartEngineError in targets\_cell if API DB not configured o Update to version nova-18.2.4.dev1: * Stop sending bad values from libosinfo to libvirt 18.2.3 o Update to version nova-18.2.3.dev25: * Add useful error log when \ _determine\_version\_cap raises DBNotAllowed o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query parameter to noVNC consoles o Update to version nova-18.2.4.dev18: * Error out interrupted builds * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * cleanup evacuated instances not on hypervisor o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period * Fix exception translation when creating volume * Skip test\_parallel\ _evacuate\_with\_server\_group until fixed * Handle get\_host\_availability \_zone error during reschedule * Noop CantStartEngineError in targets\_cell if API DB not configured o Update to version nova-18.2.4.dev1: * Stop sending bad values from libosinfo to libvirt 18.2.3 o Update to version nova-18.2.3.dev25: * Add useful error log when \ _determine\_version\_cap raises DBNotAllowed o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query parameter to noVNC consoles o Move tempest tests into the python-octavia package (SOC-9455) o Update to version octavia-3.2.1.dev1: 3.2.0 * loadbalancer vip-network-id IP availability check o Update to version octavia-3.1.2.dev46: * Fix urgent amphora two-way auth security bug Update image to 0.1.1 to include latest changes in openstack-octavia: o Update to include version octavia-3.2.1.dev1: * loadbalancer vip-network-id IP availability check * Fix urgent amphora two-way auth security bug * Fix member API handling of None/null updates * Validate server\_certs\_key\ _passphrase is 32 chars * Work around strptime threading issue * Fix base (VRRP) port abandoned on revert * Do not run non-voting jobs in gate * Fix l7rule API handling of None updates * Fix template that generates vrrp check script * elements: add arch property for \`\`open-vm-tools\`\` * Prevent UDP LBs to use different IP protocol versions in amphora driver * Fixed down server issue after reloading keepalived * Fixed pool and members status with UDP loadbalancers * Add support for monitor\_{address,port} in UDP members * Fix auto setup Barbican's ACL in the legacy driver * Fix L7 repository create methods * Add warning log if auth\_strategy is not keystone * Add failover logging to show the amphora details * Revert "Use the infra pypi mirror for DIB" * Use the infra pypi mirror for DIB * only rollback DB when we have a connection to the DB * Add octavia-v2-dsvm jobs to the gate queue * Fix for utils LB DM transformation function * Update amphora-agent to report UDP listener health * Update tox.ini for new upper constraints strategy * Add bindep.txt for Octavia * Fix allocate\_and\ _associate DB deadlock * Treat null admin\_state\_up as False * Performance improvement for non-udp health checks * Bandit test exclusions syntax change * Fix IPv6 in Active/Standby topology on CentOS * Fix listener API handling of None/null updates * OpenDev Migration Patch * Fix a lifecycle bug with child objects * Fix the amphora base port coming up * Fix setting of VIP QoS policy * Fix VIP plugging on CentOS-based amphorae * Fix possible state machine hole in failover * Add missing import octavia/ opts.py * Fix the loss of access to barbican secrets * Fix initialization of Barbican client * Replace openstack.org git:// URLs with https:// * Fix prefix for vip\_ipv6 * Fix ifup failures on member interfaces with IPv6 * Adds server\_certs\_key\_passphrase to octavia.conf * Fix LB failover when in ERROR * Resolve amphora agent read timeout issue * Fix performance of housekeeping DB clean up * Encrypt certs and keys * Enable debug for Octavia services in grenade job * Fix oslo messaging connection leakage * Simplify keepalived lvsquery parsing for UDP * Fix functional tests under Python >= 3.6 * Fix check redirect pool for creating a fully populated load balancer * Fix missing print format error o Remove superfluous octavia-db-manage invocation from service file o Incorporate the patch from https://review.openstack.org/#/c/541811/9. o Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with Commands out of sync; you can t run this command now , * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations. * Prevent more than one CNAME/SOA record in the same RRset o Update to 1.11.24: * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672). o update to version 5.2.1 - Update .gitreview for stable/rocky - Update UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - Remove tox_install.sh - import zuul job settings from project-config - Skip the services with no endpoints when parsing service catalog o update to version 1.6.1 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - import zuul job settings from project-config - Update .gitreview for stable/rocky - Make sure we always requests JSON responses o update to version 2.5.8 - FC: Ignore some HBAs from map for single WWNN - OpenDev Migration Patch - Improve iSCSI device detection speed o update to version 1.30.4 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Fix memcache pool client in monkey-patched environments - OpenDev Migration Patch - Pass `flush_on_reconnect` to memcache pooled backend o update to version 8.1.4 - Replace openstack.org git:// URLs with https:// - Cap Bandit below 1.6.0 and update Sphinx requirement - Retry to declare a queue after internal error - Add release note for amqp library TLS/SSL error - Fix switch connection destination when a rabbitmq cluster node disappear - Mark telemetry tests nv and remove from gate - OpenDev Migration Patch - Issue blocking ACK for RPC requests from the consumer thread - fix typos Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2906=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2906=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3 openstack-cinder-13.0.8~dev8-3.13.5 openstack-cinder-api-13.0.8~dev8-3.13.5 openstack-cinder-backup-13.0.8~dev8-3.13.5 openstack-cinder-scheduler-13.0.8~dev8-3.13.5 openstack-cinder-volume-13.0.8~dev8-3.13.5 openstack-dashboard-14.0.5~dev1-3.9.4 openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 openstack-keystone-14.1.1~dev26-3.13.4 openstack-manila-7.3.1~dev15-4.13.4 openstack-manila-api-7.3.1~dev15-4.13.4 openstack-manila-data-7.3.1~dev15-4.13.4 openstack-manila-scheduler-7.3.1~dev15-4.13.4 openstack-manila-share-7.3.1~dev15-4.13.4 openstack-neutron-13.0.6~dev3-3.13.4 openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4 openstack-neutron-fwaas-13.0.3~dev2-3.6.3 openstack-neutron-ha-tool-13.0.6~dev3-3.13.4 openstack-neutron-l3-agent-13.0.6~dev3-3.13.4 openstack-neutron-lbaas-13.0.1~dev15-3.10.3 openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3 openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4 openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4 openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4 openstack-neutron-metering-agent-13.0.6~dev3-3.13.4 openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4 openstack-neutron-server-13.0.6~dev3-3.13.4 openstack-nova-18.2.4~dev18-3.13.5 openstack-nova-api-18.2.4~dev18-3.13.5 openstack-nova-cells-18.2.4~dev18-3.13.5 openstack-nova-compute-18.2.4~dev18-3.13.5 openstack-nova-conductor-18.2.4~dev18-3.13.5 openstack-nova-console-18.2.4~dev18-3.13.5 openstack-nova-novncproxy-18.2.4~dev18-3.13.5 openstack-nova-placement-api-18.2.4~dev18-3.13.5 openstack-nova-scheduler-18.2.4~dev18-3.13.5 openstack-nova-serialproxy-18.2.4~dev18-3.13.5 openstack-nova-vncproxy-18.2.4~dev18-3.13.5 openstack-octavia-3.2.1~dev1-3.13.3 openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3 openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4 openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4 openstack-octavia-api-3.2.1~dev1-3.13.3 openstack-octavia-health-manager-3.2.1~dev1-3.13.3 openstack-octavia-housekeeping-3.2.1~dev1-3.13.3 openstack-octavia-worker-3.2.1~dev1-3.13.3 python-Django1-1.11.24-3.12.3 python-cinder-13.0.8~dev8-3.13.5 python-horizon-14.0.5~dev1-3.9.4 python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 python-keystone-14.1.1~dev26-3.13.4 python-keystonemiddleware-5.2.1-11.4 python-manila-7.3.1~dev15-4.13.4 python-neutron-13.0.6~dev3-3.13.4 python-neutron-fwaas-13.0.3~dev2-3.6.3 python-neutron-lbaas-13.0.1~dev15-3.10.3 python-nova-18.2.4~dev18-3.13.5 python-octavia-3.2.1~dev1-3.13.3 python-octaviaclient-1.6.1-3.3.3 python-openstack_auth-14.0.5~dev1-3.9.4 python-os-brick-2.5.8-3.6.3 python-os-brick-common-2.5.8-3.6.3 python-oslo.cache-1.30.4-3.3.3 python-oslo.messaging-8.1.4-3.3.3 o SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3 crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13.3 grafana-6.2.5-3.9.3 grafana-debuginfo-6.2.5-3.9.3 o SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1568821007.4e73730-3.13.3 ardana-horizon-9.0+git.1569869028.8edfc22-3.10.3 ardana-keystone-9.0+git.1570035317.78077ac-3.10.3 ardana-manila-9.0+git.1569444107.add6a40-3.9.3 ardana-neutron-9.0+git.1571328680.3a89cb8-3.13.3 openstack-cinder-13.0.8~dev8-3.13.5 openstack-cinder-api-13.0.8~dev8-3.13.5 openstack-cinder-backup-13.0.8~dev8-3.13.5 openstack-cinder-scheduler-13.0.8~dev8-3.13.5 openstack-cinder-volume-13.0.8~dev8-3.13.5 openstack-dashboard-14.0.5~dev1-3.9.4 openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 openstack-keystone-14.1.1~dev26-3.13.4 openstack-manila-7.3.1~dev15-4.13.4 openstack-manila-api-7.3.1~dev15-4.13.4 openstack-manila-data-7.3.1~dev15-4.13.4 openstack-manila-scheduler-7.3.1~dev15-4.13.4 openstack-manila-share-7.3.1~dev15-4.13.4 openstack-neutron-13.0.6~dev3-3.13.4 openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4 openstack-neutron-fwaas-13.0.3~dev2-3.6.3 openstack-neutron-ha-tool-13.0.6~dev3-3.13.4 openstack-neutron-l3-agent-13.0.6~dev3-3.13.4 openstack-neutron-lbaas-13.0.1~dev15-3.10.3 openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3 openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4 openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4 openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4 openstack-neutron-metering-agent-13.0.6~dev3-3.13.4 openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4 openstack-neutron-server-13.0.6~dev3-3.13.4 openstack-nova-18.2.4~dev18-3.13.5 openstack-nova-api-18.2.4~dev18-3.13.5 openstack-nova-cells-18.2.4~dev18-3.13.5 openstack-nova-compute-18.2.4~dev18-3.13.5 openstack-nova-conductor-18.2.4~dev18-3.13.5 openstack-nova-console-18.2.4~dev18-3.13.5 openstack-nova-novncproxy-18.2.4~dev18-3.13.5 openstack-nova-placement-api-18.2.4~dev18-3.13.5 openstack-nova-scheduler-18.2.4~dev18-3.13.5 openstack-nova-serialproxy-18.2.4~dev18-3.13.5 openstack-nova-vncproxy-18.2.4~dev18-3.13.5 openstack-octavia-3.2.1~dev1-3.13.3 openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3 openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4 openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4 openstack-octavia-api-3.2.1~dev1-3.13.3 openstack-octavia-health-manager-3.2.1~dev1-3.13.3 openstack-octavia-housekeeping-3.2.1~dev1-3.13.3 openstack-octavia-worker-3.2.1~dev1-3.13.3 python-Django1-1.11.24-3.12.3 python-cinder-13.0.8~dev8-3.13.5 python-horizon-14.0.5~dev1-3.9.4 python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 python-keystone-14.1.1~dev26-3.13.4 python-keystonemiddleware-5.2.1-11.4 python-manila-7.3.1~dev15-4.13.4 python-neutron-13.0.6~dev3-3.13.4 python-neutron-fwaas-13.0.3~dev2-3.6.3 python-neutron-lbaas-13.0.1~dev15-3.10.3 python-nova-18.2.4~dev18-3.13.5 python-octavia-3.2.1~dev1-3.13.3 python-octaviaclient-1.6.1-3.3.3 python-openstack_auth-14.0.5~dev1-3.9.4 python-os-brick-2.5.8-3.6.3 python-os-brick-common-2.5.8-3.6.3 python-oslo.cache-1.30.4-3.3.3 python-oslo.messaging-8.1.4-3.3.3 venv-openstack-barbican-x86_64-7.0.1~dev18-3.11.3 venv-openstack-cinder-x86_64-13.0.8~dev8-3.11.3 venv-openstack-designate-x86_64-7.0.1~dev22-3.11.3 venv-openstack-glance-x86_64-17.0.1~dev30-3.11.3 venv-openstack-heat-x86_64-11.0.3~dev23-3.11.3 venv-openstack-horizon-x86_64-14.0.5~dev1-4.11.3 venv-openstack-keystone-x86_64-14.1.1~dev26-3.11.3 venv-openstack-magnum-x86_64-7.1.1~dev28-4.11.3 venv-openstack-manila-x86_64-7.3.1~dev15-3.11.3 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.11.3 venv-openstack-monasca-x86_64-2.7.1~dev10-3.11.3 venv-openstack-neutron-x86_64-13.0.6~dev3-6.11.3 venv-openstack-nova-x86_64-18.2.4~dev18-3.11.3 venv-openstack-octavia-x86_64-3.2.1~dev1-4.11.3 venv-openstack-sahara-x86_64-9.0.2~dev12-3.11.3 venv-openstack-swift-x86_64-2.19.2~dev1-2.8.3 o SUSE OpenStack Cloud 9 (x86_64): grafana-6.2.5-3.9.3 grafana-debuginfo-6.2.5-3.9.3 pdns-4.1.8-3.3.3 pdns-backend-mysql-4.1.8-3.3.3 pdns-backend-mysql-debuginfo-4.1.8-3.3.3 pdns-debuginfo-4.1.8-3.3.3 pdns-debugsource-4.1.8-3.3.3 References: o https://www.suse.com/security/cve/CVE-2019-15043.html o https://www.suse.com/security/cve/CVE-2019-3871.html o https://bugzilla.suse.com/1129734 o https://bugzilla.suse.com/1148383 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcOeu2aOgq3Tt24GAQhUChAAuBkEEAnLLOnIXOS5gKyz8dqgtOHaWcV5 0as2/2unr16w1VJpDbMKRuqCLXVwmNt2QaYALi94YHfGsyVW4LUiSEGWTlZuJPdg eZkPrr6TQYXyvNVlAwgP8B0tF+PwdA3E1KlNNeUHUAglpZyf6yBu0gdb2Xw5a+qf kyoZ7ZwZ7532As9CWTm1n3ypEf3fYDUBJvMiHei151VW7+mox0Ra1OO6cqBQeKJ2 3pwoozoq6+SjEcUMBUomBhOYHHTPF3vwnl/CJyGsya5g6nZBsUbK25Qw3DawKMIE uCKEj50h8MaZoR3D7qWvlyyOT24piLRjCD4nuvgEGw9+qWGgRg1zbI22Of0N80Xl N8sRghtYlwS6ndxUEt4MmauVoUzosjlxWagzcfFClg2sJDwXIAgdi6gFDvzbB939 htJWj9YHrT1+62eK+1gwU1AW4wxqDF9ctwUY8GPiGnPNl10gyDOphPjiPLwftoII 6JsPuNCwn0nV5DbUwjF/hcbnWdKbTiZ/dsX9uiBP3yZAjl6H+XbmhwBSfXP89Ua4 Pr5XBs4SYIB5enGZD/dqDWdlviBGOaoDUeLzHRO9qiQoKGGgAsMYQFn9jb2LUaLf WnmpnI4TZoXUyjQ1ZhfdF3UzghZJhhjYst79JxWw+X39lI+BVJsDYEbqMuybOKNS dSoq2vyhiJI= =IDf7 -----END PGP SIGNATURE-----