Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3330
SUSE-SU-2019:2267-1 Security update for ardana-ansible, ardana-barbican,
ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate,
ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon,
ardana-input-model, ardana-installer-ui, ardana-ironic, ard
3 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: git
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Existing Account
Provide Misleading Information -- Remote with User Interaction
Unauthorised Access -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-13611 CVE-2019-11324 CVE-2019-11236
CVE-2019-9740 CVE-2019-9735 CVE-2019-7548
CVE-2019-7164 CVE-2017-17051 CVE-2015-3448
Reference: ESB-2019.3326
ESB-2019.3298
ESB-2019.3244
ESB-2019.3229
ESB-2019.2954
ESB-2019.2942
ESB-2019.2851
Original Bulletin:
https://www.suse.com/support/update/announcement/2019/suse-su-20192267-1.html
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ardana-ansible, ardana-barbican,
ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate,
ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon,
ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone,
ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron,
ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui,
ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest,
crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common,
java-monasca-common-kit, openstack-ceilometer, openstack-cinder,
openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui,
openstack-horizon-plugin-neutron-lbaas-ui,
openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic,
openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
openstack-manila, openstack-monasca-notification, openstack-monasca-persister,
openstack-monasca-persister-java, openstack-monasca-persister-java-kit,
openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-tempest,
python-ardana-configurationprocessor, python-cinder-tempest-plugin,
python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin,
python-openstackclient, python-openstacksdk, python-proliantutils,
python-python-engineio, python-swiftlm, python-vmware-nsx,
python-vmwar
______________________________________________________________________________
Announcement ID: SUSE-SU-2019:2267-1
Rating: moderate
References: #1027315 #1129729 #1133719 #1134232 #1140512 #1141676
#1144026 #1144027
Cross-References: CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324
CVE-2019-13611 CVE-2019-7164 CVE-2019-7548 CVE-2019-9735
CVE-2019-9740
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________
e-nsxlib, yast2-crowbar
An update that fixes 9 vulnerabilities is now available.
Description:
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster,
ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx,
ardana-glance, ardana-heat, ardana-horizon, ardana-input-model,
ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging,
ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova,
ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig,
ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core,
crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common,
java-monasca-common-kit, openstack-ceilometer, openstack-cinder,
openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui,
openstack-horizon-plugin-neutron-lbaas-ui,
openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic,
openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
openstack-manila, openstack-monasca-notification, openstack-monasca-persister,
openstack-monasca-persister-java, openstack-monasca-persister-java-kit,
openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas,
openstack-nova, openstack-octavia, openstack-tempest,
python-ardana-configurationprocessor, python-cinder-tempest-plugin,
python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin,
python-openstackclient, python-openstacksdk, python-proliantutils,
python-python-engineio, python-swiftlm, python-vmware-nsx,
python-vmware-nsxlib, yast2-crowbar fixes the following issues:
o Update to version 9.0+git.1566374020.301191f: * Use raw image format when
using SES backend on Nova (SOC-9285)
o Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs
works for dist-upgrade (SOC-9857)
o Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3
repps still served (SOC-9840)
o Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/
https urls (SOC-10063)
o Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for
policy.yaml.j2. (SOC-0000)
o Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non
local ipv6 addresses (SOC-9330)
o Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for
ipv6 address comparison (SOC-9940)
o Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with
'zypper' (SOC-9997)
o Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for
ipv6 (SOC-9369)
o Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin
for l2gw (SOC-5837)
o Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway
Service definition (SOC-5837)
o Switch to new Gerrit Server
o Update to version 9.0+git.1566375806.f0b2333: * Configure glance
image_direct_url/multiple_locations (SOC-9285)
o Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1564491141.602fdf9: * Default
glance_default_store to rbd if SES enabled (SOC-8749)
o Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from
rule (SOC-10003)
o Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json
permission to be 664 (SOC-9872)
o Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the
minimal ardana-ci model (SOC-9800)
o Update to version 9.0+git.1566255088.3443670: * Add server state column
(SOC-9957)
o Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677)
(#357)
o Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload
option when ses is not configured (SOC-8555) (#356)
o Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is
created during upgrade (SOC-9923)
o Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/
https urls (SOC-10063)
o Update to version 9.0+git.1565691188.2309798: * Use systemd for
monasca-thresh (SOC-10145)
o Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on
rabbitmq-server (SOC-9745)
o Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/
https urls (SOC-10063)
o Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure
VPN and Firewall service providers (SOC-9935)
o Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to
neutron services (SOC-8746)
o Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/
https urls (SOC-10063)
o Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk
discard when using RBD (SOC-10182)
o Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint
override (SOC-10130)
o Update to version 9.0+git.1565366126.4993583: * Make default/
rpc_response_timeout configurable (SOC-9285)
o Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy
random status failures (SOC-9574)
o Update to version 9.0+git.1566206502.6c87b41: * Use default values for
amphora connection retries/timeout (SOC-9285)
o Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/
https urls (SOC-10063)
o Add ipaddr bower dependency (SOC-9679)
o Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565380193.f006466: * Introduce conditional
forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)
o Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs
works for dist-upgrade (SOC-9857)
o Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user
for ovs as 'root' (SOC-8139)
o Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url
entry totally fictitious (SOC-6800)
o Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry
to lvm.conf (bsc#1140512)
o Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for
logrotate (SOC-8139)
o Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in
iptables command (SOC-9349)
o Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on
ovs-bridges anymore (SOC-9239)
o Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677)
o Update to version 9.0+git.1563468620.5035cf8: * Add support for ses
integration (SOC-8555)
o Update to version 9.0+git.1563461311.16ea2df: * Change url of
upper-constraints file (SOC-9863)
o Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook
(SOC-9902)
o Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint
during deploy (SOC-9303)
o Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls
(SOC-10063)
o Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade
enhancements (SOC-10146)
o Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter
before deploying it (SOC-10287)
o Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in
parallel (SOC-9285)
o Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve
tests (SOC-9775)
o Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve
tests (SOC-9775)
o Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby
version for package installation (SOC-10010)
o Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova
services after upgrade
o Update to version 6.0+git.1565859218.525130340: * upgrade: remove
nova-consoleauth service entries on upgrade (SOC-10164)
o Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove
controller for admin bridge (SOC-10073)
o Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix
get_proposal_json (SOC-9954)
o Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar
batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 *
dns: fix migration for designate
o Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar
batch error output (SOC-9954)
o Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist
CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range
(SOC-9911)
o Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup
before upgrade (SOC-9482) * bind9: Fix spelling error in template
o Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup
clone_stateless_services leftovers (SOC-9842)
o Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file
names for 8 -> 9 (SOC-9029)
o Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip
helper to NetworkHelper (SOC-6098)
o Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby
version for package installation (SOC-10010)
o Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB
pools configuration (SOC-9767) * horizon: Install designate plugin when
configured (SOC-9695)
o Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old
ceilometer-api vhosts (SOC-9483)
o Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp
(SOC-6100)
o Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure
resource settings (SOC-9633)
o Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set
port_admin_state_change to false when using linuxbridge (SOC-10029)
o Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add
max_threads_per_process tuneable (SOC-10001, bsc#1133719)
o Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based
on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync
(SOC-9981)
o Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests
(SOC-9298) * Fix nova tempest tests (SOC-9298)
o Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation
error if domain names dont end with a dot(.)
o Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support
(SOC-9298)
o Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server
node for VIP look ups (SOC-9631)
o add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to
run the barbican tempest test
o Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup
clone_stateless_services leftovers (SOC-9842)
o Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for
cinder using ceph as backenid (SOC-9298)
o Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes
(SOC-9683)
o Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling
error inside comments (SOC-6361)
o Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when
lookup by name (SOC-9339)
o Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB
creation
o Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update
repocheck keys * Update texts for 8-9 upgrade (SOC-9689)
o Update to version 1.3.0+git.1562579063.5690a1bc: * Pin
gulp-angular-templatecache version
o Bumped package version to 1.3 to differentiate it from 8-9 version
o Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom
version to 1.3.0
o Remove cassandra.patch (merged upstream)
o Fix license
o Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common
o Update to version ceilometer-11.0.2.dev14: * Fixing broken links
o Update to version ceilometer-11.0.2.dev14: * Fixing broken links
o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in
attachment\_reserve
o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions
list
o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach
support for HPE MSA"
o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul
config
o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue
o Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in
attachment\_reserve
o Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions
list
o Update to version cinder-13.0.6.dev16: * Revert "Declare multiattach
support for HPE MSA"
o Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul
config
o Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue
* nimble: Fix missing ssl support (bsc#1027315)
o Update to version designate-7.0.1.dev21: * Improve log message for better
understanding
o Update to version designate-7.0.1.dev21: * Improve log message for better
understanding
o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair
validation
o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if
service record is not updated twice * Allow update of previously-replaced
resources * Do not perform the tenant stack limit check for admin user
o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo
policy scripts
o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties
for OS::Heat::None resource
o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and
limit bandit version * Retry on DB deadlock in event\_create()
o Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair
validation
o Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if
service record is not updated twice * Allow update of previously-replaced
resources * Do not perform the tenant stack limit check for admin user
o Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo
policy scripts
o Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties
for OS::Heat::None resource
o Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and
limit bandit version * Retry on DB deadlock in event\_create()
o Do not exclude python bytecode files (see https://review.opendev.org/#/c/
666611 for details)
o Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for
new upper constraints strategy * OpenDev Migration Patch
o Update to latest spec from rpm-packaging * Don't exclude python bytecode
files in dashboards
o Update to version ironic-11.1.4.dev9: * Filter security group list on the
ID's we expect * Ansible module: fix deployment for private and/or shared
images
o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with
serial specified as root device hint * CI: stop using pyghmi from git
master
o Update to version ironic-11.1.4.dev9: * Filter security group list on the
ID's we expect * Ansible module: fix deployment for private and/or shared
images
o Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with
serial specified as root device hint * CI: stop using pyghmi from git
master
o Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi
from git master
o Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a
warning when lshw cannot be run
o Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw
output, collect it with other logs instead 3.3.2
o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0"
o Update to version keystone-14.1.1.dev8: * Revert "Blacklist bandit 1.6.0"
o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy
for discovery url" * Use rocky heat-container-agent for stable/rocky
o Update to version magnum-7.1.1.dev28: * Revert "support http/https proxy
for discovery url" * Use rocky heat-container-agent for stable/rocky
o Update to version manila-7.3.1.dev3: * Remove the redunant table from
windows' editor
o Update to version manila-7.3.1.dev3: * Remove the redunant table from
windows' editor
o update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105
test failure
o update to version 1.12.1~dev9 - Update all columns in metrics on an update
to refresh TTL
o update to version 1.12.1~dev7 - Widen exception catch for point parse
failure
o update to version 1.12.1~dev6 - some points unable to parse - OpenDev
Migration Patch
o Rebased patches: +
0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped
(merged upstream)
o Update to version monasca-persister-1.12.1.dev9: * Update all columns in
metrics on an update to refresh TTL * OpenDev Migration Patch
o Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
o Update to version monasca-persister-1.12.1.dev4 * Java persister config:
defaults and robustness * Add Cassandra db support
o Remove java-persister-defaults.patch (merged upstream)
o Remove cassandra.patch (merged upstream)
o Add missing URLs for patches
o Updated to kit tarball built from 1.12.1.dev4
o Updated README.updating for current version
o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating
packets * Stop OVS agent before starting it again * Fix sort issue in test\
_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug
o Update to version neutron-13.0.5.dev15: * Check for agent restarted after
checking for DVR port
o Update to version neutron-13.0.5.dev14: * Retry trunk status updates
failing with StaleDataError
o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during
reconfigure of phys bridges
o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq
instead of --bind-interfaces * Yield control to other greenthreads while
processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\
_ports()
o Update to version neutron-13.0.5.dev6: * Ignore first local port update
notification
o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing
13.0.4
o Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating
packets * Stop OVS agent before starting it again * Fix sort issue in test\
_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug
o Update to version neutron-13.0.5.dev15: * Check for agent restarted after
checking for DVR port
o Update to version neutron-13.0.5.dev14: * Retry trunk status updates
failing with StaleDataError
o Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during
reconfigure of phys bridges
o Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq
instead of --bind-interfaces * Yield control to other greenthreads while
processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\
_ports()
o Update to version neutron-13.0.5.dev6: * Ignore first local port update
notification
o Update to version neutron-13.0.5.dev5: * Add custom ethertype processing
13.0.4
* When converting sg rules to iptables, do not emit dport if not supported
(CVE-2019-9735, bsc#1129729)
o Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test
for Connection Tracking
o Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and
icmp\_type for SG rule * A VM could be associated with multiple ports *
Optimize the extend\_router\_dict() call
o Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance
gbp-validate to detect routed subnet overlap
o Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent
overlapping CIDRs in routed VRF * Disallow external subnets as router
interfaces
o Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\
_state display on neutron based on AIM status
o Update to version group-based-policy-5.0.1.dev446: * Send the port updates
for the SNAT use case if needed * Make DHCP provisioning blocks conditional
o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new
upper constraints strategy * Remove the release notes job from stable/rocky
o add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch
o Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new
upper constraints strategy * Remove the release notes job from stable/rocky
* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051)
o Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the
gate queue
o Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation
function
o Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP
listener health
o Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper
constraints strategy
o Add patches fixing tempest cleanup removing all networks https://
bugs.launchpad.net/tempest/+bug/1812660 *
0001-Remove-deprecated-services-from-cleanup.patch *
0002-Fix-tempest-cleanup.patch *
0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch
o Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to
baremetal ServersValidator (SOC-9940)
o Update to version 9.0+git.1565384645.8fcf5db: * Ensure
forward_normal_on_post_up is set for every OVS bridge (SOC-9939)
o Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on
MANAGEMENT network group (SOC-9939)
o Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses
for endpoint urls (SOC-9357)
o added 0001-Fix-volume-revert-to-snapshot-tests.patch
o update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override
is used - OpenDev Migration Patch
o added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch
o added 0001-Use-unicode-literals-in-test_metrics.patch
o update to version 3.16.2 (bsc#1144027, bsc#1144026)
o update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org
git:// URLs with https:// - Fixes for Unicode characters in python 2
requests - Fix functional tests on stable/rocky - Correct updating
baremetal nodes by name or ID - Support bare metal service error messages -
import zuul job settings from project-config - Correct update operations
for baremetal - Add simple create/show/delete functional tests for all
baremetal resources - Add a simple baremetal functional job - Pass
microversion info through from Profile
o update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation
o Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) *
python-python-engineio: An issue was discovered in python-engineio through
3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that
allows attackers to make WebSocket connections to a server
o Switch to new Gerrit Server
o Switch to opendev as external projects are not longer synced to github. As
a result, there is also no automatic change log.
o Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean
orphaned section rules * OpenDev Migration Patch * Delete SG rules when
deleting their remote group * NSX|V3: Limit number of subnet static routes
per backend * NSX|V: Restrict creating conflicting address_pair in the same
network * NSX|V3: Add verification of num defined address pairs * constrain
rocky dependencies * Update rocky .gitreview branch * Handle multiple
default SG creation in all plugins * update tox for stable branch * NSX|V3:
remove redundent code in get_port/s * NSX|V3: Change status code of SG
failure * NSX|V: enable allow_address_pairs upon request * Revert "NSX|V3:
Simplify LBaaS implementation" * NSX|V3: Fix LBaaS loadbalancer creation *
NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS
implementation * Complete the init of the Neutron main process * NSX|V3:
Respect default keyword for physical_net * NSX|V admin utils: Find and fix
spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin
* Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation *
Revert "NSX|V3: Init FWaaS before spawn" * NSX|V3: prevent user from
changing the NSX internal SG * Fix provider security group exception call *
NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for
dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code
& tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX|
V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack:
Delete old project before deciding how to get the new code * NSX|V3: Init
FWaaS before spawn * Devstack: Fix failed of ml2 directory creation *
Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints
* NSX|V3: Do not allow external subnets overlapping with uplink cidr *
Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support
expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully *
NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp
error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics
getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2
config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use
upper-constraints from stable/rocky * fix lower constraints * TVD: Add
missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V
use context reader for router driver * NSX|V Fix AdminUtils get apis to use
the right context * TVD LBaaS: fix operational status api * Use tenant
context to get router GW network * NSX-v3: Fix listener for pool not
fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin
context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl *
NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback
* NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS
is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields
* TVD verify loadbalancer project match the LB object project * TVD: Do not
crash in case the project is not found * NSX|V3: Fix member fip error
message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add
NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should
complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill
VIF data for upgraded ports * Devstack plugin: fetch Neutron only when
needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS
operation status function params * NSX|V3: Add LB status calls validations
* NSX|V3 remove lbaas import to allow the plugin to work without lbaas *
NSX|V Allow updating port security and mac learning together * NSX|V3:
Change external provider network error message * NSX|V+V3: Prevent adding
different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get
operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX|
V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception
when deleting dhcp port * NSX|V3 Validate rate-limit value in admin
utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on
unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix
port MAC learning flag handling * NSX|V3 update port revision on
update_port response * NSX|V: Avoid updating the default section at init *
NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member
create * Devstack: Use the right python version in cleanup * NSX|V: Fix
host groups for DRS HA for AZ * NSX|V Fix policy security group update *
NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks
notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make
sure LB member is connected to the LB router * NSX|V3: Prevent adding an
external net as a router interface * NSX|V: Shorten the L2 bridge edge name
* NSX|V3: Fix port binding update on new ports
o update to version 13.0.1~dev146
o Switch to opendev as external projects are not longer synced to github. As
a result, there is also no automatic change log.
o update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX|
V3+P: Change max allowed host routes * Adding the option to configure
disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter
for max subnet static routes * NSX|T: Add NSX limit of IP address
association to port * Fix nsgroup update to access the logging field safely
* Retry http requests on timeouts * Added retries if API call fails due to
MP cluster reconfig * Fix check_manager_status to support older NSX
versions * Improve Cluster validation checks * Add apis to get tier0 uplink
cidrs and not just ips * Support response status codes for LB HM * Add
manager status validation to validate connection * Handle
get_default_headers errors * Update the max NS groups criteria tags number
dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and
codes in strict mode * Fix cluster connectivity * Fix the revision needed
for security rules version * New api for getting VPN session status * New
api for getting the LB virtual servers status * NSX|V3: Support new icmp
codes and types list-
o update to version 13.0.1~dev24
o Fix the Requires: format in spec file (bsc#1134232)
o 3.4.2
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
crowbar-core-6.0+git.1566321308.1de18b9a4-3.6.1
crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.6.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-ha-6.0+git.1566406179.7549de2-3.6.1
crowbar-openstack-6.0+git.1566404979.41279a88e-3.6.1
crowbar-ui-1.3.0+git.1563181545.65360af5-3.3.1
openstack-ceilometer-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
openstack-ceilometer-polling-11.0.2~dev14-3.6.3
openstack-cinder-13.0.7~dev3-3.6.3
openstack-cinder-api-13.0.7~dev3-3.6.3
openstack-cinder-backup-13.0.7~dev3-3.6.3
openstack-cinder-scheduler-13.0.7~dev3-3.6.3
openstack-cinder-volume-13.0.7~dev3-3.6.3
openstack-designate-7.0.1~dev21-3.6.3
openstack-designate-agent-7.0.1~dev21-3.6.3
openstack-designate-api-7.0.1~dev21-3.6.3
openstack-designate-central-7.0.1~dev21-3.6.3
openstack-designate-producer-7.0.1~dev21-3.6.3
openstack-designate-sink-7.0.1~dev21-3.6.3
openstack-designate-worker-7.0.1~dev21-3.6.3
openstack-heat-11.0.3~dev19-3.6.3
openstack-heat-api-11.0.3~dev19-3.6.3
openstack-heat-api-cfn-11.0.3~dev19-3.6.3
openstack-heat-engine-11.0.3~dev19-3.6.3
openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
openstack-ironic-11.1.4~dev9-3.6.3
openstack-ironic-api-11.1.4~dev9-3.6.3
openstack-ironic-conductor-11.1.4~dev9-3.6.3
openstack-ironic-python-agent-3.3.3~dev4-3.6.3
openstack-keystone-14.1.1~dev8-3.6.4
openstack-magnum-7.1.1~dev28-3.6.3
openstack-magnum-api-7.1.1~dev28-3.6.3
openstack-magnum-conductor-7.1.1~dev28-3.6.3
openstack-manila-7.3.1~dev3-4.6.3
openstack-manila-api-7.3.1~dev3-4.6.3
openstack-manila-data-7.3.1~dev3-4.6.3
openstack-manila-scheduler-7.3.1~dev3-4.6.3
openstack-manila-share-7.3.1~dev3-4.6.3
openstack-monasca-notification-1.14.2~dev1-6.6.4
openstack-monasca-persister-1.12.1~dev9-4.3.3
openstack-monasca-persister-java-1.12.1~dev9-4.3.2
openstack-neutron-13.0.5~dev22-3.6.3
openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
openstack-neutron-gbp-5.0.1~dev459-3.6.3
openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
openstack-neutron-lbaas-13.0.1~dev14-3.6.2
openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
openstack-neutron-server-13.0.5~dev22-3.6.3
openstack-nova-18.2.2~dev9-3.6.2
openstack-nova-api-18.2.2~dev9-3.6.2
openstack-nova-cells-18.2.2~dev9-3.6.2
openstack-nova-compute-18.2.2~dev9-3.6.2
openstack-nova-conductor-18.2.2~dev9-3.6.2
openstack-nova-console-18.2.2~dev9-3.6.2
openstack-nova-novncproxy-18.2.2~dev9-3.6.2
openstack-nova-placement-api-18.2.2~dev9-3.6.2
openstack-nova-scheduler-18.2.2~dev9-3.6.2
openstack-nova-serialproxy-18.2.2~dev9-3.6.2
openstack-nova-vncproxy-18.2.2~dev9-3.6.2
openstack-octavia-3.1.2~dev8-3.6.3
openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
openstack-octavia-api-3.1.2~dev8-3.6.3
openstack-octavia-health-manager-3.1.2~dev8-3.6.3
openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
openstack-octavia-worker-3.1.2~dev8-3.6.3
openstack-tempest-19.0.0-7.3.3
openstack-tempest-test-19.0.0-7.3.3
python-ceilometer-11.0.2~dev14-3.6.3
python-cinder-13.0.7~dev3-3.6.3
python-cinder-tempest-plugin-0.1.0-3.3.1
python-designate-7.0.1~dev21-3.6.3
python-heat-11.0.3~dev19-3.6.3
python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
python-ironic-11.1.4~dev9-3.6.3
python-ironicclient-2.5.3-4.6.2
python-ironicclient-doc-2.5.3-4.6.2
python-keystone-14.1.1~dev8-3.6.4
python-keystonemiddleware-5.2.0-3.3.2
python-magnum-7.1.1~dev28-3.6.3
python-manila-7.3.1~dev3-4.6.3
python-monasca-notification-1.14.2~dev1-6.6.4
python-monasca-persister-1.12.1~dev9-4.3.3
python-monasca-tempest-plugin-0.3.0-3.3.1
python-neutron-13.0.5~dev22-3.6.3
python-neutron-gbp-5.0.1~dev459-3.6.3
python-neutron-lbaas-13.0.1~dev14-3.6.2
python-nova-18.2.2~dev9-3.6.2
python-octavia-3.1.2~dev8-3.6.3
python-openstackclient-3.16.2-3.3.2
python-openstacksdk-0.17.3-3.3.2
python-proliantutils-2.8.4-3.3.1
python-tempest-19.0.0-7.3.3
python-vmware-nsx-13.0.1~dev146-4.3.1
python-vmware-nsxlib-13.0.1~dev24-3.3.1
yast2-crowbar-3.4.2-3.3.1
o SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1566374020.301191f-3.6.1
ardana-barbican-9.0+git.1566251498.be02ca4-3.6.1
ardana-cinder-9.0+git.1565678764.c3a9b9f-3.6.1
ardana-cluster-9.0+git.1559333871.40508f7-3.6.1
ardana-cobbler-9.0+git.1566336494.93967dd-3.6.1
ardana-db-9.0+git.1564409964.b7e4fc3-3.6.1
ardana-designate-9.0+git.1565680593.df7a432-3.6.1
ardana-extensions-nsx-9.0+git.1566213657.69862ab-3.3.2
ardana-glance-9.0+git.1566375806.f0b2333-3.6.1
ardana-heat-9.0+git.1565721273.f44b8d7-3.6.1
ardana-horizon-9.0+git.1565891518.2a545a1-3.6.1
ardana-input-model-9.0+git.1562848565.91e75b2-3.6.1
ardana-installer-ui-9.0+git.1566255088.3443670-3.6.1
ardana-installer-ui-debugsource-9.0+git.1566255088.3443670-3.6.1
ardana-ironic-9.0+git.1565721987.ddc59c8-3.6.1
ardana-keystone-9.0+git.1565891593.cad6d1a-3.6.1
ardana-logging-9.0+git.1565761582.2dc823a-3.6.1
ardana-magnum-9.0+git.1565762005.016032a-3.6.1
ardana-monasca-9.0+git.1566332665.ad894c0-3.6.1
ardana-mq-9.0+git.1565115025.148d092-3.6.1
ardana-neutron-9.0+git.1566251310.3a1e8f9-3.6.1
ardana-nova-9.0+git.1566332515.e232568-3.6.1
ardana-octavia-9.0+git.1566206502.6c87b41-3.6.1
ardana-opsconsole-9.0+git.1566251377.b1caeaa-3.6.1
ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.6.1
ardana-osconfig-9.0+git.1565764394.545b573-3.6.1
ardana-service-9.0+git.1564706915.edd44c4-3.6.1
ardana-ses-9.0+git.1565962617.523149b-3.6.1
ardana-swift-9.0+git.1565891872.73fc3c7-3.6.1
ardana-swiftlm-drive-provision-9.0+git.1541434883.e0ebe69-3.3.1
ardana-swiftlm-log-tailer-9.0+git.1541434883.e0ebe69-3.3.1
ardana-swiftlm-uptime-mon-9.0+git.1541434883.e0ebe69-3.3.1
ardana-tempest-9.0+git.1566471752.a3c5c9c-3.6.1
openstack-ceilometer-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-central-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-compute-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.6.3
openstack-ceilometer-agent-notification-11.0.2~dev14-3.6.3
openstack-ceilometer-polling-11.0.2~dev14-3.6.3
openstack-cinder-13.0.7~dev3-3.6.3
openstack-cinder-api-13.0.7~dev3-3.6.3
openstack-cinder-backup-13.0.7~dev3-3.6.3
openstack-cinder-scheduler-13.0.7~dev3-3.6.3
openstack-cinder-volume-13.0.7~dev3-3.6.3
openstack-designate-7.0.1~dev21-3.6.3
openstack-designate-agent-7.0.1~dev21-3.6.3
openstack-designate-api-7.0.1~dev21-3.6.3
openstack-designate-central-7.0.1~dev21-3.6.3
openstack-designate-producer-7.0.1~dev21-3.6.3
openstack-designate-sink-7.0.1~dev21-3.6.3
openstack-designate-worker-7.0.1~dev21-3.6.3
openstack-heat-11.0.3~dev19-3.6.3
openstack-heat-api-11.0.3~dev19-3.6.3
openstack-heat-api-cfn-11.0.3~dev19-3.6.3
openstack-heat-engine-11.0.3~dev19-3.6.3
openstack-heat-plugin-heat_docker-11.0.3~dev19-3.6.3
openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
openstack-ironic-11.1.4~dev9-3.6.3
openstack-ironic-api-11.1.4~dev9-3.6.3
openstack-ironic-conductor-11.1.4~dev9-3.6.3
openstack-ironic-python-agent-3.3.3~dev4-3.6.3
openstack-keystone-14.1.1~dev8-3.6.4
openstack-magnum-7.1.1~dev28-3.6.3
openstack-magnum-api-7.1.1~dev28-3.6.3
openstack-magnum-conductor-7.1.1~dev28-3.6.3
openstack-manila-7.3.1~dev3-4.6.3
openstack-manila-api-7.3.1~dev3-4.6.3
openstack-manila-data-7.3.1~dev3-4.6.3
openstack-manila-scheduler-7.3.1~dev3-4.6.3
openstack-manila-share-7.3.1~dev3-4.6.3
openstack-monasca-notification-1.14.2~dev1-6.6.4
openstack-monasca-persister-1.12.1~dev9-4.3.3
openstack-monasca-persister-java-1.12.1~dev9-4.3.2
openstack-neutron-13.0.5~dev22-3.6.3
openstack-neutron-dhcp-agent-13.0.5~dev22-3.6.3
openstack-neutron-gbp-5.0.1~dev459-3.6.3
openstack-neutron-ha-tool-13.0.5~dev22-3.6.3
openstack-neutron-l3-agent-13.0.5~dev22-3.6.3
openstack-neutron-lbaas-13.0.1~dev14-3.6.2
openstack-neutron-lbaas-agent-13.0.1~dev14-3.6.2
openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.6.3
openstack-neutron-macvtap-agent-13.0.5~dev22-3.6.3
openstack-neutron-metadata-agent-13.0.5~dev22-3.6.3
openstack-neutron-metering-agent-13.0.5~dev22-3.6.3
openstack-neutron-openvswitch-agent-13.0.5~dev22-3.6.3
openstack-neutron-server-13.0.5~dev22-3.6.3
openstack-nova-18.2.2~dev9-3.6.2
openstack-nova-api-18.2.2~dev9-3.6.2
openstack-nova-cells-18.2.2~dev9-3.6.2
openstack-nova-compute-18.2.2~dev9-3.6.2
openstack-nova-conductor-18.2.2~dev9-3.6.2
openstack-nova-console-18.2.2~dev9-3.6.2
openstack-nova-novncproxy-18.2.2~dev9-3.6.2
openstack-nova-placement-api-18.2.2~dev9-3.6.2
openstack-nova-scheduler-18.2.2~dev9-3.6.2
openstack-nova-serialproxy-18.2.2~dev9-3.6.2
openstack-nova-vncproxy-18.2.2~dev9-3.6.2
openstack-octavia-3.1.2~dev8-3.6.3
openstack-octavia-amphora-agent-3.1.2~dev8-3.6.3
openstack-octavia-api-3.1.2~dev8-3.6.3
openstack-octavia-health-manager-3.1.2~dev8-3.6.3
openstack-octavia-housekeeping-3.1.2~dev8-3.6.3
openstack-octavia-worker-3.1.2~dev8-3.6.3
openstack-tempest-19.0.0-7.3.3
openstack-tempest-test-19.0.0-7.3.3
python-ardana-configurationprocessor-9.0+git.1566405927.c5c03d4-3.7.1
python-ceilometer-11.0.2~dev14-3.6.3
python-cinder-13.0.7~dev3-3.6.3
python-cinder-tempest-plugin-0.1.0-3.3.1
python-designate-7.0.1~dev21-3.6.3
python-heat-11.0.3~dev19-3.6.3
python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-3.3.3
python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-3.3.3
python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-3.3.3
python-ironic-11.1.4~dev9-3.6.3
python-ironicclient-2.5.3-4.6.2
python-ironicclient-doc-2.5.3-4.6.2
python-keystone-14.1.1~dev8-3.6.4
python-keystonemiddleware-5.2.0-3.3.2
python-magnum-7.1.1~dev28-3.6.3
python-manila-7.3.1~dev3-4.6.3
python-monasca-notification-1.14.2~dev1-6.6.4
python-monasca-persister-1.12.1~dev9-4.3.3
python-monasca-tempest-plugin-0.3.0-3.3.1
python-neutron-13.0.5~dev22-3.6.3
python-neutron-gbp-5.0.1~dev459-3.6.3
python-neutron-lbaas-13.0.1~dev14-3.6.2
python-nova-18.2.2~dev9-3.6.2
python-octavia-3.1.2~dev8-3.6.3
python-openstackclient-3.16.2-3.3.2
python-openstacksdk-0.17.3-3.3.2
python-proliantutils-2.8.4-3.3.1
python-python-engineio-2.0.2-4.3.1
python-swiftlm-9.0+git.1541434883.e0ebe69-3.3.1
python-tempest-19.0.0-7.3.3
python-vmware-nsx-13.0.1~dev146-4.3.1
python-vmware-nsxlib-13.0.1~dev24-3.3.1
References:
o https://www.suse.com/security/cve/CVE-2015-3448.html
o https://www.suse.com/security/cve/CVE-2017-17051.html
o https://www.suse.com/security/cve/CVE-2019-11236.html
o https://www.suse.com/security/cve/CVE-2019-11324.html
o https://www.suse.com/security/cve/CVE-2019-13611.html
o https://www.suse.com/security/cve/CVE-2019-7164.html
o https://www.suse.com/security/cve/CVE-2019-7548.html
o https://www.suse.com/security/cve/CVE-2019-9735.html
o https://www.suse.com/security/cve/CVE-2019-9740.html
o https://bugzilla.suse.com/1027315
o https://bugzilla.suse.com/1129729
o https://bugzilla.suse.com/1133719
o https://bugzilla.suse.com/1134232
o https://bugzilla.suse.com/1140512
o https://bugzilla.suse.com/1141676
o https://bugzilla.suse.com/1144026
o https://bugzilla.suse.com/1144027
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXW29V2aOgq3Tt24GAQhwtg/9GyzIAes6XrZsDAe/9wsqnzWrcIrTA9IA
cYLDuZkr4gZKZAquuOHStnOxB0pEz/fgva1E3qaCQjf6R2tSC6r4clruacR3y2hU
sIDJU8E/6Lp0b3IZmXjWLtQRn9Y+M9wkqoYLmlTFzc5SwOXHiW+hSKj82lwBNq3z
tEX1jyAGF+ToQT3VcbiZUGSzszkz2JAJWxOBgC+ZouLxVZ206DMEbkPm/bwDTUuP
OPBaLPaxCuKtuqF5kiUicLL65Tt9SRgJhz1jiT5mP1PUfhGvP7muJR/1QIS+j1ID
29e/2vWsBvaGE2H7Cl05XKcbGjTxQYHuzIYGl3B4EyCrt/npae6gI3MQHSuZcHlX
gq6p5dobR2fo6HM61INm5lc/X/LQvn3gBzvIG7drw3SrLOU6FL1w4m/lAgTS1584
EvnUW9VQTjYKQAuWbAuOAwh5jWBJ7rMxjyKmSSyF8nSizxQ7Q2rZEyFd/Ysshjz+
G1zC3sU5ZfkvOrUr4orXcO+naanXK5dgSCG+GS4H95QbEl77/2bDAeRe7o+DY5qn
Jsu/lBeO1oacCEyQPl6OjxU8kXrriJRm74pknZsjF4rXjR8iLLF4ewovzItc/YmA
JQbemT117YKNdPFA9EwEYgX/SN8/OrUZjrM8squAGTDI3nTLPJna5dOEuM0qki0d
6/CpkjmjNvo=
=r+2j
-----END PGP SIGNATURE-----