Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4190
SUSE-SU-2019:2906-1 Security update for ardana-ansible, ardana-horizon,
ardana-keystone, ardana-manila, ardana-neutron, crowbar-core,
crowbar-openstack, grafana, openstack-cinder, openstack-dashboard,
openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila,
7 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ardana
Publisher: SUSE
Operating System: SUSE
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15043 CVE-2019-3871
Reference: ESB-2019.3854
ESB-2019.1149
ESB-2019.1070
ESB-2019.0906
ESB-2019.4048.2
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20192906-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ardana-ansible, ardana-horizon,
ardana-keystone, ardana-manila, ardana-neutron, crowbar-core,
crowbar-openstack, grafana, openstack-cinder, openstack-dashboard,
openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila,
openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns,
python-Django1, python-keystonemiddleware, python-octaviaclient,
python-os-brick, python-oslo.cache
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:2906-1
Rating: important
References: #1129734 #1148383
Cross-References: CVE-2019-15043 CVE-2019-3871
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________
, python-oslo.messaging
An update that fixes two vulnerabilities is now available.
Description:
This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila,
ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder,
openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone,
openstack-manila, openstack-neutron, openstack-neutron-fwaas,
openstack-neutron-lbaas, openstack-nova, openstack-octavia,
openstack-octavia-amphora-image, pdns, python-Django1,
python-keystonemiddleware, python-octaviaclient, python-os-brick,
python-oslo.cache, python-oslo.messaging fixes the following issues:
Security issues fixed:
o CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end
(pdns, bsc#1129734).
o CVE-2019-15043: Added authentication to a few REST endpoints (Grafana,
SOC-10357, bsc#1148383).
Non-security issues fixed:
o Update to version 9.0+git.1568821007.4e73730: * Include
manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609)
o Update to version 9.0+git.1569869028.8edfc22: * Added command to minify the
django compressed css files (SOC-10305)
o Update to version 9.0+git.1570035317.78077ac: * support OpenID Connect
WebSSO (SOC-10509)
o Update to version 9.0+git.1569444107.add6a40: * Manila parallelised upgrade
workflow enhancements (SOC-10609)
o Update to version 9.0+git.1571328680.3a89cb8: * Add neutron-common role
dependencies (SOC-10875)
o Update to version 6.0+git.1571412352.8da4d261f: * upgrade: Reload repo
config in repochecks (SOC-10718)
o Update to version 6.0+git.1571210108.12bd2ffa3: * crowbar: Give more time
for reboot for physical hardware reboots
o Update to version 6.0+git.1570004730.b56b8983b: * Revert "Use
block-migration when needed" (SOC-10133)
o Update to version 6.0+git.1569911671.d44b0035c: * Designate: Don't add the
admin node to the public network (SOC-10658)
o Update to version 6.0+git.1572264221.3826a58b8: * Octavia: account for long
ops in HA deployments (SOC-9894) * Octavia: use correct IP addresses for
listening (SOC-9894) * Octavia: fix subnet creation race condition
(SOC-9894) * Updated copyright notices (SOC-9894) * Octavia: Follow up
patch addressing comments from last PR (SOC-9894)
o Update to version 6.0+git.1571986150.c5b827b7a: * Fix the migration that
tried to access Array as a Hash (SOC-10896)
o Update to version 6.0+git.1571731423.957dcfecd: * mysql: fix WSREP sync
race (SOC-10717)
o Update to version 6.0+git.1571660392.997fee49d: * mysql: stop service for
mysql_install_db (SOC-10717)
o Update to version 6.0+git.1571241502.2f673d0a9: * rabbitmq: fix migration
200 (SOC-10623) * Changes to integrate with ACI 4.1 and new packages
(SOC-10403)
o Update to version 6.0+git.1570143515.9b1546ed3: * No rndc key if no public
DNS server (SOC-10835)
o Update to version 6.0+git.1570048281.815e06ff3: * create watcher barclamp
(SOC-4183)
o Update to version 6.0+git.1569942913.15b24bec5: * monasca: Fix restore
condition (SOC-9772) * database: really fix migration 102 (SOC-10717)
o Update to version 6.0+git.1569823669.91f267e96: * Designate: Filter out the
admin node (SOC-10658)
o Create plugin directory and clean up (create in %install, add to %files)
handling of /var/lib/grafana/* and
o Update to version cinder-13.0.8.dev8: * Extend timeout for database
migration tests 13.0.7 * Add context to cloning snapshots in remotefs
driver
o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation *
Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to
encrypted+multiattach type
o Update to version cinder-13.0.8.dev8: * Extend timeout for database
migration tests 13.0.7 * Add context to cloning snapshots in remotefs
driver
o Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation *
Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to
encrypted+multiattach type
o Update to version horizon-14.0.5.dev1: * Fix aes-xts key length in Horizon
Admin Guide / Manage Volumes 14.0.4
o Add python-csscompressor as a requirement * python-csscompressor will be
used to minify compressed css files
o Update to version horizon-14.0.4.dev17: * Remove the check which causes
plugin's quotas update failure
o Update to version horizon-14.0.4.dev16: * Add Allowed Address Pair/Delete
buttons are only visible to admin
o Update to version horizon-14.0.4.dev14: * Updated max-width to be dynamic
for .member class
o Update to version horizon-14.0.4.dev13: * Avoid forced logout when 403
error encountered
o Update to version manila-ui-2.16.2.dev2: * Updated to get quotas data for
Modify Quotas dialog Share tab * OpenDev Migration Patch 2.16.1
o Update to version keystone-14.1.1.dev26: * Make system tokens work with
domain-specific drivers
o Update to version keystone-14.1.1.dev24: * Add test case for expanding
implied roles in system tokens
o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in
credential delete
o Update to version keystone-14.1.1.dev20: * Import LDAP job into project *
Update broken links to dogpile.cache docs
o Update to version keystone-14.1.1.dev26: * Make system tokens work with
domain-specific drivers
o Update to version keystone-14.1.1.dev24: * Add test case for expanding
implied roles in system tokens
o Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in
credential delete
o Update to version keystone-14.1.1.dev20: * Import LDAP job into project *
Update broken links to dogpile.cache docs
o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and
convert mgmt ipv6
o Update to version manila-7.3.1.dev14: * Adding documentation for User
Messages in Manila Documentation
o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking
of NetApp replicated share
o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up
queries bug
o Update to version manila-7.3.1.dev9: * Remove backend spec from share type
while creating replica
o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for
pools
o Update to version manila-7.3.1.dev7: * Fix
manila-tempest-minimal-dsvm-lvm-centos-7 job
o Update to version manila-7.3.1.dev15: * Fix [Unity] verification and
convert mgmt ipv6
o Update to version manila-7.3.1.dev14: * Adding documentation for User
Messages in Manila Documentation
o Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking
of NetApp replicated share
o Update to version manila-7.3.1.dev11: * Fix pagination does not speed up
queries bug
o Update to version manila-7.3.1.dev9: * Remove backend spec from share type
while creating replica
o Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for
pools
o Update to version manila-7.3.1.dev7: * Fix
manila-tempest-minimal-dsvm-lvm-centos-7 job
o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option *
Fix mismatch of tags in dnsmasq options 13.0.5
o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers
without routerports
o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/
Remove port IPs
o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
o Update to version neutron-13.0.6.dev3: * Add radvd\_user config option *
Fix mismatch of tags in dnsmasq options 13.0.5
o Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers
without routerports
o Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/
Remove port IPs
o Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop
* OVS flows for custom ethertypes must be on EGRESS
o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with
third-party L3 service plugins
o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not
updated in DVR routers on compute host 13.0.2
o Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with
third-party L3 service plugins
o Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not
updated in DVR routers on compute host 13.0.2
o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model
o Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model
o Update to version nova-18.2.4.dev18: * Error out interrupted builds *
Functional reproduce for bug 1833581 * Prevent init\_host test to interfere
with other tests * Add functional test for resize crash compute restart
revert * cleanup evacuated instances not on hypervisor
o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period *
Fix exception translation when creating volume * Skip test\_parallel\
_evacuate\_with\_server\_group until fixed * Handle get\_host\_availability
\_zone error during reschedule * Noop CantStartEngineError in targets\_cell
if API DB not configured
o Update to version nova-18.2.4.dev1: * Stop sending bad values from
libosinfo to libvirt 18.2.3
o Update to version nova-18.2.3.dev25: * Add useful error log when \
_determine\_version\_cap raises DBNotAllowed
o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query
parameter to noVNC consoles
o Update to version nova-18.2.4.dev18: * Error out interrupted builds *
Functional reproduce for bug 1833581 * Prevent init\_host test to interfere
with other tests * Add functional test for resize crash compute restart
revert * cleanup evacuated instances not on hypervisor
o Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period *
Fix exception translation when creating volume * Skip test\_parallel\
_evacuate\_with\_server\_group until fixed * Handle get\_host\_availability
\_zone error during reschedule * Noop CantStartEngineError in targets\_cell
if API DB not configured
o Update to version nova-18.2.4.dev1: * Stop sending bad values from
libosinfo to libvirt 18.2.3
o Update to version nova-18.2.3.dev25: * Add useful error log when \
_determine\_version\_cap raises DBNotAllowed
o Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query
parameter to noVNC consoles
o Move tempest tests into the python-octavia package (SOC-9455)
o Update to version octavia-3.2.1.dev1: 3.2.0 * loadbalancer vip-network-id
IP availability check
o Update to version octavia-3.1.2.dev46: * Fix urgent amphora two-way auth
security bug
Update image to 0.1.1 to include latest changes in openstack-octavia:
o Update to include version octavia-3.2.1.dev1: * loadbalancer vip-network-id
IP availability check * Fix urgent amphora two-way auth security bug * Fix
member API handling of None/null updates * Validate server\_certs\_key\
_passphrase is 32 chars * Work around strptime threading issue * Fix base
(VRRP) port abandoned on revert * Do not run non-voting jobs in gate * Fix
l7rule API handling of None updates * Fix template that generates vrrp
check script * elements: add arch property for \`\`open-vm-tools\`\` *
Prevent UDP LBs to use different IP protocol versions in amphora driver *
Fixed down server issue after reloading keepalived * Fixed pool and members
status with UDP loadbalancers * Add support for monitor\_{address,port} in
UDP members * Fix auto setup Barbican's ACL in the legacy driver * Fix L7
repository create methods * Add warning log if auth\_strategy is not
keystone * Add failover logging to show the amphora details * Revert "Use
the infra pypi mirror for DIB" * Use the infra pypi mirror for DIB * only
rollback DB when we have a connection to the DB * Add octavia-v2-dsvm jobs
to the gate queue * Fix for utils LB DM transformation function * Update
amphora-agent to report UDP listener health * Update tox.ini for new upper
constraints strategy * Add bindep.txt for Octavia * Fix allocate\_and\
_associate DB deadlock * Treat null admin\_state\_up as False * Performance
improvement for non-udp health checks * Bandit test exclusions syntax
change * Fix IPv6 in Active/Standby topology on CentOS * Fix listener API
handling of None/null updates * OpenDev Migration Patch * Fix a lifecycle
bug with child objects * Fix the amphora base port coming up * Fix setting
of VIP QoS policy * Fix VIP plugging on CentOS-based amphorae * Fix
possible state machine hole in failover * Add missing import octavia/
opts.py * Fix the loss of access to barbican secrets * Fix initialization
of Barbican client * Replace openstack.org git:// URLs with https:// * Fix
prefix for vip\_ipv6 * Fix ifup failures on member interfaces with IPv6 *
Adds server\_certs\_key\_passphrase to octavia.conf * Fix LB failover when
in ERROR * Resolve amphora agent read timeout issue * Fix performance of
housekeeping DB clean up * Encrypt certs and keys * Enable debug for
Octavia services in grenade job * Fix oslo messaging connection leakage *
Simplify keepalived lvsquery parsing for UDP * Fix functional tests under
Python >= 3.6 * Fix check redirect pool for creating a fully populated load
balancer * Fix missing print format error
o Remove superfluous octavia-db-manage invocation from service file
o Incorporate the patch from https://review.openstack.org/#/c/541811/9.
o Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an
IXFR query, * #7610: Fix replying from ANY address for non-standard port, *
#7609: Fix rectify for ENT records in narrow zones, * #7607: Do not
compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605:
Fix invalid SOA record in MySQL which prevented the authoritative server
from starting, * #7603: Prevent leak of file descriptor if running out of
ports for incoming AXFR, * #7602: Fix API search failed with Commands out
of sync; you can t run this command now , * #7509: Plug
`mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with
compiler optimizations. * Prevent more than one CNAME/SOA record in the
same RRset
o Update to 1.11.24: * Fixed crash of KeyTransform() for JSONField and
HStoreField when using on expressions with params (#30672).
o update to version 5.2.1 - Update .gitreview for stable/rocky - Update
UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - Remove
tox_install.sh - import zuul job settings from project-config - Skip the
services with no endpoints when parsing service catalog
o update to version 1.6.1 - Update UPPER_CONSTRAINTS_FILE for stable/rocky -
OpenDev Migration Patch - import zuul job settings from project-config -
Update .gitreview for stable/rocky - Make sure we always requests JSON
responses
o update to version 2.5.8 - FC: Ignore some HBAs from map for single WWNN -
OpenDev Migration Patch - Improve iSCSI device detection speed
o update to version 1.30.4 - Update UPPER_CONSTRAINTS_FILE for stable/rocky -
Fix memcache pool client in monkey-patched environments - OpenDev Migration
Patch - Pass `flush_on_reconnect` to memcache pooled backend
o update to version 8.1.4 - Replace openstack.org git:// URLs with https:// -
Cap Bandit below 1.6.0 and update Sphinx requirement - Retry to declare a
queue after internal error - Add release note for amqp library TLS/SSL
error - Fix switch connection destination when a rabbitmq cluster node
disappear - Mark telemetry tests nv and remove from gate - OpenDev
Migration Patch - Issue blocking ACK for RPC requests from the consumer
thread - fix typos
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2906=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2906=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3
openstack-cinder-13.0.8~dev8-3.13.5
openstack-cinder-api-13.0.8~dev8-3.13.5
openstack-cinder-backup-13.0.8~dev8-3.13.5
openstack-cinder-scheduler-13.0.8~dev8-3.13.5
openstack-cinder-volume-13.0.8~dev8-3.13.5
openstack-dashboard-14.0.5~dev1-3.9.4
openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
openstack-keystone-14.1.1~dev26-3.13.4
openstack-manila-7.3.1~dev15-4.13.4
openstack-manila-api-7.3.1~dev15-4.13.4
openstack-manila-data-7.3.1~dev15-4.13.4
openstack-manila-scheduler-7.3.1~dev15-4.13.4
openstack-manila-share-7.3.1~dev15-4.13.4
openstack-neutron-13.0.6~dev3-3.13.4
openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
openstack-neutron-fwaas-13.0.3~dev2-3.6.3
openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
openstack-neutron-lbaas-13.0.1~dev15-3.10.3
openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
openstack-neutron-server-13.0.6~dev3-3.13.4
openstack-nova-18.2.4~dev18-3.13.5
openstack-nova-api-18.2.4~dev18-3.13.5
openstack-nova-cells-18.2.4~dev18-3.13.5
openstack-nova-compute-18.2.4~dev18-3.13.5
openstack-nova-conductor-18.2.4~dev18-3.13.5
openstack-nova-console-18.2.4~dev18-3.13.5
openstack-nova-novncproxy-18.2.4~dev18-3.13.5
openstack-nova-placement-api-18.2.4~dev18-3.13.5
openstack-nova-scheduler-18.2.4~dev18-3.13.5
openstack-nova-serialproxy-18.2.4~dev18-3.13.5
openstack-nova-vncproxy-18.2.4~dev18-3.13.5
openstack-octavia-3.2.1~dev1-3.13.3
openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
openstack-octavia-api-3.2.1~dev1-3.13.3
openstack-octavia-health-manager-3.2.1~dev1-3.13.3
openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
openstack-octavia-worker-3.2.1~dev1-3.13.3
python-Django1-1.11.24-3.12.3
python-cinder-13.0.8~dev8-3.13.5
python-horizon-14.0.5~dev1-3.9.4
python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
python-keystone-14.1.1~dev26-3.13.4
python-keystonemiddleware-5.2.1-11.4
python-manila-7.3.1~dev15-4.13.4
python-neutron-13.0.6~dev3-3.13.4
python-neutron-fwaas-13.0.3~dev2-3.6.3
python-neutron-lbaas-13.0.1~dev15-3.10.3
python-nova-18.2.4~dev18-3.13.5
python-octavia-3.2.1~dev1-3.13.3
python-octaviaclient-1.6.1-3.3.3
python-openstack_auth-14.0.5~dev1-3.9.4
python-os-brick-2.5.8-3.6.3
python-os-brick-common-2.5.8-3.6.3
python-oslo.cache-1.30.4-3.3.3
python-oslo.messaging-8.1.4-3.3.3
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3
crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13.3
grafana-6.2.5-3.9.3
grafana-debuginfo-6.2.5-3.9.3
o SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1568821007.4e73730-3.13.3
ardana-horizon-9.0+git.1569869028.8edfc22-3.10.3
ardana-keystone-9.0+git.1570035317.78077ac-3.10.3
ardana-manila-9.0+git.1569444107.add6a40-3.9.3
ardana-neutron-9.0+git.1571328680.3a89cb8-3.13.3
openstack-cinder-13.0.8~dev8-3.13.5
openstack-cinder-api-13.0.8~dev8-3.13.5
openstack-cinder-backup-13.0.8~dev8-3.13.5
openstack-cinder-scheduler-13.0.8~dev8-3.13.5
openstack-cinder-volume-13.0.8~dev8-3.13.5
openstack-dashboard-14.0.5~dev1-3.9.4
openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
openstack-keystone-14.1.1~dev26-3.13.4
openstack-manila-7.3.1~dev15-4.13.4
openstack-manila-api-7.3.1~dev15-4.13.4
openstack-manila-data-7.3.1~dev15-4.13.4
openstack-manila-scheduler-7.3.1~dev15-4.13.4
openstack-manila-share-7.3.1~dev15-4.13.4
openstack-neutron-13.0.6~dev3-3.13.4
openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4
openstack-neutron-fwaas-13.0.3~dev2-3.6.3
openstack-neutron-ha-tool-13.0.6~dev3-3.13.4
openstack-neutron-l3-agent-13.0.6~dev3-3.13.4
openstack-neutron-lbaas-13.0.1~dev15-3.10.3
openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3
openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4
openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4
openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4
openstack-neutron-metering-agent-13.0.6~dev3-3.13.4
openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4
openstack-neutron-server-13.0.6~dev3-3.13.4
openstack-nova-18.2.4~dev18-3.13.5
openstack-nova-api-18.2.4~dev18-3.13.5
openstack-nova-cells-18.2.4~dev18-3.13.5
openstack-nova-compute-18.2.4~dev18-3.13.5
openstack-nova-conductor-18.2.4~dev18-3.13.5
openstack-nova-console-18.2.4~dev18-3.13.5
openstack-nova-novncproxy-18.2.4~dev18-3.13.5
openstack-nova-placement-api-18.2.4~dev18-3.13.5
openstack-nova-scheduler-18.2.4~dev18-3.13.5
openstack-nova-serialproxy-18.2.4~dev18-3.13.5
openstack-nova-vncproxy-18.2.4~dev18-3.13.5
openstack-octavia-3.2.1~dev1-3.13.3
openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3
openstack-octavia-amphora-image-debugsource-0.1.1-7.3.4
openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4
openstack-octavia-api-3.2.1~dev1-3.13.3
openstack-octavia-health-manager-3.2.1~dev1-3.13.3
openstack-octavia-housekeeping-3.2.1~dev1-3.13.3
openstack-octavia-worker-3.2.1~dev1-3.13.3
python-Django1-1.11.24-3.12.3
python-cinder-13.0.8~dev8-3.13.5
python-horizon-14.0.5~dev1-3.9.4
python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3
python-keystone-14.1.1~dev26-3.13.4
python-keystonemiddleware-5.2.1-11.4
python-manila-7.3.1~dev15-4.13.4
python-neutron-13.0.6~dev3-3.13.4
python-neutron-fwaas-13.0.3~dev2-3.6.3
python-neutron-lbaas-13.0.1~dev15-3.10.3
python-nova-18.2.4~dev18-3.13.5
python-octavia-3.2.1~dev1-3.13.3
python-octaviaclient-1.6.1-3.3.3
python-openstack_auth-14.0.5~dev1-3.9.4
python-os-brick-2.5.8-3.6.3
python-os-brick-common-2.5.8-3.6.3
python-oslo.cache-1.30.4-3.3.3
python-oslo.messaging-8.1.4-3.3.3
venv-openstack-barbican-x86_64-7.0.1~dev18-3.11.3
venv-openstack-cinder-x86_64-13.0.8~dev8-3.11.3
venv-openstack-designate-x86_64-7.0.1~dev22-3.11.3
venv-openstack-glance-x86_64-17.0.1~dev30-3.11.3
venv-openstack-heat-x86_64-11.0.3~dev23-3.11.3
venv-openstack-horizon-x86_64-14.0.5~dev1-4.11.3
venv-openstack-keystone-x86_64-14.1.1~dev26-3.11.3
venv-openstack-magnum-x86_64-7.1.1~dev28-4.11.3
venv-openstack-manila-x86_64-7.3.1~dev15-3.11.3
venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.11.3
venv-openstack-monasca-x86_64-2.7.1~dev10-3.11.3
venv-openstack-neutron-x86_64-13.0.6~dev3-6.11.3
venv-openstack-nova-x86_64-18.2.4~dev18-3.11.3
venv-openstack-octavia-x86_64-3.2.1~dev1-4.11.3
venv-openstack-sahara-x86_64-9.0.2~dev12-3.11.3
venv-openstack-swift-x86_64-2.19.2~dev1-2.8.3
o SUSE OpenStack Cloud 9 (x86_64):
grafana-6.2.5-3.9.3
grafana-debuginfo-6.2.5-3.9.3
pdns-4.1.8-3.3.3
pdns-backend-mysql-4.1.8-3.3.3
pdns-backend-mysql-debuginfo-4.1.8-3.3.3
pdns-debuginfo-4.1.8-3.3.3
pdns-debugsource-4.1.8-3.3.3
References:
o https://www.suse.com/security/cve/CVE-2019-15043.html
o https://www.suse.com/security/cve/CVE-2019-3871.html
o https://bugzilla.suse.com/1129734
o https://bugzilla.suse.com/1148383
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXcOeu2aOgq3Tt24GAQhUChAAuBkEEAnLLOnIXOS5gKyz8dqgtOHaWcV5
0as2/2unr16w1VJpDbMKRuqCLXVwmNt2QaYALi94YHfGsyVW4LUiSEGWTlZuJPdg
eZkPrr6TQYXyvNVlAwgP8B0tF+PwdA3E1KlNNeUHUAglpZyf6yBu0gdb2Xw5a+qf
kyoZ7ZwZ7532As9CWTm1n3ypEf3fYDUBJvMiHei151VW7+mox0Ra1OO6cqBQeKJ2
3pwoozoq6+SjEcUMBUomBhOYHHTPF3vwnl/CJyGsya5g6nZBsUbK25Qw3DawKMIE
uCKEj50h8MaZoR3D7qWvlyyOT24piLRjCD4nuvgEGw9+qWGgRg1zbI22Of0N80Xl
N8sRghtYlwS6ndxUEt4MmauVoUzosjlxWagzcfFClg2sJDwXIAgdi6gFDvzbB939
htJWj9YHrT1+62eK+1gwU1AW4wxqDF9ctwUY8GPiGnPNl10gyDOphPjiPLwftoII
6JsPuNCwn0nV5DbUwjF/hcbnWdKbTiZ/dsX9uiBP3yZAjl6H+XbmhwBSfXP89Ua4
Pr5XBs4SYIB5enGZD/dqDWdlviBGOaoDUeLzHRO9qiQoKGGgAsMYQFn9jb2LUaLf
WnmpnI4TZoXUyjQ1ZhfdF3UzghZJhhjYst79JxWw+X39lI+BVJsDYEbqMuybOKNS
dSoq2vyhiJI=
=IDf7
-----END PGP SIGNATURE-----