Revision Date: | 2020-12-01 | Version: | 1 |
Title: | Security update for caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2 (Moderate) |
Description: |
This update for caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, crowbar-ui, etcd, flannel, galera-3, mariadb, mariadb-connector-c, openstack-dashboard-theme-SUSE, openstack-heat-templates, openstack-neutron, openstack-nova, openstack-quickstart, patterns-cloud, python-oslo.messaging, python-oslo.utils, python-pysaml2 fixes the following issues:
Security fix for mariadb:
- MariaDB was update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035).
- adjust mysql-systemd-helper ('shutdown protected MySQL' section) so it checks both ping response and the pid in a process list as it can take some time till the process is terminated. Otherwise it can lead to 'found left-over process' situation when regular mariadb is started [bsc#1143215] - update suse_skipped_tests.list
- remove client_ed25519.so plugin because it's shipped in mariadb-connector-c package (libmariadb_plugins) - update suse_skipped_tests.list
- update to 10.2.25 GA * Fixes for the following security vulnerabilities: * 10.2.23: none * 10.2.24: CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 * 10.2.25: none * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10223-release-notes https://mariadb.com/kb/en/library/mariadb-10223-changelog https://mariadb.com/kb/en/library/mariadb-10224-release-notes https://mariadb.com/kb/en/library/mariadb-10224-changelog https://mariadb.com/kb/en/library/mariadb-10225-release-notes https://mariadb.com/kb/en/library/mariadb-10225-changelog - remove mariadb-10.2.22-fix_path.patch that was applied upstream in mariadb 10.2.23 - remove caching_sha2_password.so because it's shipped in mariadb-connector-c package (libmariadb_plugins) - remove xtrabackup scripts as it was replaced by mariabackup (we already removed xtrabackup requires in the first phase) - fix reading options for multiple instances if my${INSTANCE}.cnf is used. Also remove 'umask 077' from mysql-systemd-helper that causes that new datadirs are created with wrong permissions. Set correct permissions for files created by us (mysql_upgrade_info, .run-mysql_upgrade) [bsc#1132666] - fix build comment to not refer to openSUSE - tracker bug [bsc#1136035]
- Update to version 1.0+git.1560518045.ad7dc6d: * Patching node before bootstraping
- Update to version 4.0+git.1573109906.0f62e9503: * Ignore CVE-2017-1002201 in CI builds (bsc#1155089)
- Update to version 4.0+git.1573038068.1e32b3205: * Make sure the input file with ssh key exists (SOC-10133) * mysql: fix WSREP sync race (SOC-10717) * mysql: stop service for mysql_install_db (SOC-10717)
- Update to version 4.0+git.1571404877.8edf9dd5c: * Do not use obsoleted --endpoint-type option with CLI * [4.0] Configurable timeout for Galera pre-sync
- Switch to stable/7-8 branch
- Update to 25.3.25: * A new Galera configuration parameter cert.optimistic_pa was added. If the parameter value is set to true, full parallelization in applying write sets is allowed as determined by certification algorithm. If set to false, no more parallelism is allowed in applying than seen on the master. * Support for ECDH OpenSSL engines on CentOS 6 (galera#520) * Fixed compilation on Debian testing and unstable (galera#516, galera#528)
- Add unescape_IPv6_bind_ip.patch * https://github.com/dciabrin/galera-1/commit/0f6f8aeeb09809280c956514cfd5844b8acad4f9
- remove galera-3-25.3.23-scons_fixes.patch (merged upstream) - update to 25.3.24: * A support for new certification key type was added to allow more relaxed certification rules for foreign key references (galera#491). * New status variables were added to display the number of open transactions and referenced client connections inside Galera provider (galera#492). * GCache was sometimes cleared unnecessarily on startup if the recovered state had smaller sequence number than the highest found from GCache. Now only entries with sequence number higher than recovery point will be cleared (galera#498). * Non-primary configuration is saved into grastate.dat only when if the node is in closing state (galera#499). * Exception from GComm was not always handled properly resulting in Galera to remain in half closed state. This was fixed by propagating the error condition appropriately to upper layers (galera#500). * A new status variable displaying the total weight of the cluster nodes was added (galera#501). * The value of pc.weight did not reflect the actual effective value after setting it via wsrep_provider_options. This was fixed by making sure that the new value is taken into use before returning the control back to caller (galera#505, MDEV-11959) * Use of ECHD algorithms with old OpenSSL versions was enabled (galera#511). * Default port value is now used by garbd if the port is not explicitly given in cluster address (MDEV-15531). * Correct error handling for posix_fallocate(). * Failed causal reads are retried during configuration changes.
- New upstream version 3.1.2 [bsc#1136035] * CONC-383: client plugins can't be loaded due to missing prefix * Fixed version setting in GnuTLS by moving 'NORMAL' at the end of priority string * CONC-386: Added support for pem files which contain certificate and private key. * Replication/Binlog API: The main mechanism used in replication is the binary log. * CONC-395: Dashes and underscores are not interchangeable in options in my.cnf * CONC-384: Incorrect packet when a connection attribute name or value is equal to or greater than 251 * CONC-388: field->def_length is always set to 0 * Getter should get and the setter should set CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS * Disable LOAD DATA LOCAL INFILE support by default and auto-enable it for the duration of one query, if the query string starts with the word 'load'. In all other cases the application should enable LOAD DATA LOCAL INFILE support explicitly. * Changed return code for mysql_optionv/mysql_get_optionv to 1 (was -1) and added CR_NOT_IMPLEMENTED error message if a option is unknown or not supported. * mingw fix: use lowercase names for include files * CONC-375: Fixed handshake errors when mixing TLSv1.3 cipher suites with cipher suites from other TLS protocols * CONC-312: Added new caching_sha2_password authentication plugin for authentication with MySQL 8.0 - refresh mariadb-connector-c-2.3.1_unresolved_symbols.patch and private_library.patch - pack caching_sha2_password.so and client_ed25519.so - move libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 [bsc#1126088]
- Switch to new GitHub repo
- Add trigger for openstack-horizon-plugin-murano-ui - Update to version 0.0.0+git.1515995585.81ed236: * Migrate templates job to Zuul v3
- add 0001-set_db_attribute-differs-between-vsctl-and-native.patch (bsc#1152916) part of lp#1630920
- add copytruncate to openstack-neutron.logrotate (bsc#1126428)
- Add 0001-When-converting-sg-rules-to-iptables-do-not-emit-dpo.patch (bsc#1129729)
- Add back the HA related patches that we removed to debug(SOC-10092) Add 0001-Keep-HA-ports-info-for-HA-router-during-entire-lifecycle.patch backported from https://review.opendev.org/#/c/659644/1 Add 0001-Async-notify-neutron-server-for-HA-states.patch backported from https://review.opendev.org/#/c/658507/1 Add 0001-Change-duplicate-OVS-bridge-datapath-ids.patch backported from https://review.opendev.org/#/c/649192/3 Add 0001-Choose-random-value-for-HA-routes-vr_id.patch backported from https://review.opendev.org/#/c/651988/2
- add copytruncate to openstack-nova.logrorate (bsc#1126428)
- Update to version 2016.2+git.1492839294.d76879d: * Setup monasca-agent
- Update to version 2016.2+git.1492611783.2908851: * Adding support for monasca
- Update to version 2016.2+git.1490964440.09a9673: * Move aliases inside Keystone vhost configuration
- Update to version 2016.2+git.1486720712.bea5be9: * Use qemu instead of lxc as virt_type fallback * Check for net/subnet/router existance before creating it * Use get_or_*() functions for Heat
- skip magnum service image for non-x86_64
- add 0001-Suppress-excessive-debug-logs-when-consume-rabbit (bsc#1123053): - Add adjust-to-setuptools-8-plus.patch (SOC-10947): this patch fixes oslo.utils breakage caused by the more recent python-setuptools version introduced by (bsc#1075812).
- Revert change on using license macro from previous commit.
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1005258 1021669 1027197 1034273 1075812 1076390 1082810 1085449 1093311 1104076 1109105 1111056 1111479 1111480 1112229 1116574 1117022 1117274 1117313 1117327 1117331 1122292 1122293 1122299 1123053 1126088 1126428 1128158 1129729 1131493 1132666 1135715 1136035 1143215 1148931 1152916 1155089 1163019 1168140 1168142 1169392 1169740 1171355 1172265 1172524 1172651 1173334 1174543 929900 947494 955131 966891 982331 987176 988361 990531 994399 CVE-2016-1245 CVE-2016-5011 CVE-2017-1002201 CVE-2017-5495 CVE-2017-6318 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2018-11212 CVE-2018-12472 CVE-2018-13785 CVE-2018-1417 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-1890 CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214 CVE-2018-8956 CVE-2019-2422 CVE-2019-2449 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-5953 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11868 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 CVE-2020-13817 CVE-2020-15025 CVE-2020-8608 SUSE-SU-2016:2954-1 SUSE-SU-2017:0713-1 SUSE-SU-2017:2294-1 SUSE-SU-2018:0665-1 SUSE-SU-2018:1764-2 SUSE-SU-2019:0617-1 SUSE-SU-2019:0956-1 SUSE-SU-2019:2345-2 SUSE-SU-2019:3270-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:2234-1 SUSE-SU-2020:3125-1
|
Platform(s): | openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.0 is installed AND shadow-4.5-lp150.5 is installed
|
Definition Synopsis |
openSUSE Leap 15.1 is installed
AND Package Information
kernel-debug-4.12.14-lp151.28.7 is installed
OR kernel-debug-base-4.12.14-lp151.28.7 is installed
OR kernel-debug-devel-4.12.14-lp151.28.7 is installed
OR kernel-default-4.12.14-lp151.28.7 is installed
OR kernel-default-base-4.12.14-lp151.28.7 is installed
OR kernel-default-devel-4.12.14-lp151.28.7 is installed
OR kernel-devel-4.12.14-lp151.28.7 is installed
OR kernel-docs-4.12.14-lp151.28.7 is installed
OR kernel-docs-html-4.12.14-lp151.28.7 is installed
OR kernel-kvmsmall-4.12.14-lp151.28.7 is installed
OR kernel-kvmsmall-base-4.12.14-lp151.28.7 is installed
OR kernel-kvmsmall-devel-4.12.14-lp151.28.7 is installed
OR kernel-macros-4.12.14-lp151.28.7 is installed
OR kernel-obs-build-4.12.14-lp151.28.7 is installed
OR kernel-obs-qa-4.12.14-lp151.28.7 is installed
OR kernel-source-4.12.14-lp151.28.7 is installed
OR kernel-source-vanilla-4.12.14-lp151.28.7 is installed
OR kernel-syms-4.12.14-lp151.28.7 is installed
OR kernel-vanilla-4.12.14-lp151.28.7 is installed
OR kernel-vanilla-base-4.12.14-lp151.28.7 is installed
OR kernel-vanilla-devel-4.12.14-lp151.28.7 is installed
|
Definition Synopsis |
openSUSE Leap 15.1 NonFree is installed
AND opera-68.0.3618.104-lp151.2.18 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2 is installed
AND Package Information
libblkid1-2.28-42 is installed
OR libblkid1-32bit-2.28-42 is installed
OR libfdisk1-2.28-42 is installed
OR libmount1-2.28-42 is installed
OR libmount1-32bit-2.28-42 is installed
OR libsmartcols1-2.28-42 is installed
OR libuuid1-2.28-42 is installed
OR libuuid1-32bit-2.28-42 is installed
OR python-libmount-2.28-42 is installed
OR util-linux-2.28-42 is installed
OR util-linux-lang-2.28-42 is installed
OR util-linux-systemd-2.28-42 is installed
OR uuidd-2.28-42 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND Package Information
res-signingkeys-3.0.38-52.26 is installed
OR smt-3.0.38-52.26 is installed
OR smt-support-3.0.38-52.26 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND Package Information
libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed
OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed
OR libwebkit2gtk3-lang-2.24.4-2.47 is installed
OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed
OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed
OR typelib-1_0-WebKit2WebExtension-4_0-2.24.4-2.47 is installed
OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed
OR webkit2gtk3-2.24.4-2.47 is installed
OR webkit2gtk3-devel-2.24.4-2.47 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3 is installed
AND Package Information
jakarta-commons-fileupload-1.1.1-120 is installed
OR jakarta-commons-fileupload-javadoc-1.1.1-120 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-BCL is installed
AND Package Information
kernel-default-4.4.180-94.124 is installed
OR kernel-default-base-4.4.180-94.124 is installed
OR kernel-default-devel-4.4.180-94.124 is installed
OR kernel-devel-4.4.180-94.124 is installed
OR kernel-macros-4.4.180-94.124 is installed
OR kernel-source-4.4.180-94.124 is installed
OR kernel-syms-4.4.180-94.124 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
libsqlite3-0-3.8.10.2-9.15 is installed
OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed
OR sqlite3-3.8.10.2-9.15 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND Package Information
libssh2-1-1.4.3-20.14 is installed
OR libssh2-1-32bit-1.4.3-20.14 is installed
OR libssh2_org-1.4.3-20.14 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
git-2.12.3-27.22 is installed
OR git-core-2.12.3-27.22 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP4 is installed
AND Package Information
gvim-7.4.326-16 is installed
OR vim-7.4.326-16 is installed
OR vim-data-7.4.326-16 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 7 is installed
AND Package Information
caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-1.9 is installed
OR crowbar-core-4.0+git.1573109906.0f62e9503-9.57 is installed
OR crowbar-core-branding-upstream-4.0+git.1573109906.0f62e9503-9.57 is installed
OR crowbar-openstack-4.0+git.1573038068.1e32b3205-9.62 is installed
OR crowbar-ui-1.1.0+git.1547500033.d0fb2bf2-4.12 is installed
OR galera-3-25.3.25-11 is installed
OR galera-3-wsrep-provider-25.3.25-11 is installed
OR libmariadb3-3.1.2-1.9 is installed
OR mariadb-10.2.25-13 is installed
OR mariadb-client-10.2.25-13 is installed
OR mariadb-connector-c-3.1.2-1.9 is installed
OR mariadb-errormessages-10.2.25-13 is installed
OR mariadb-galera-10.2.25-13 is installed
OR mariadb-tools-10.2.25-13 is installed
OR openstack-dashboard-theme-SUSE-2016.2-5.9 is installed
OR openstack-heat-templates-0.0.0+git.1515995585.81ed236-12 is installed
OR openstack-neutron-9.4.2~dev21-7.35 is installed
OR openstack-neutron-dhcp-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-doc-9.4.2~dev21-7.35 is installed
OR openstack-neutron-ha-tool-9.4.2~dev21-7.35 is installed
OR openstack-neutron-l3-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-linuxbridge-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-macvtap-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-metadata-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-metering-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-openvswitch-agent-9.4.2~dev21-7.35 is installed
OR openstack-neutron-server-9.4.2~dev21-7.35 is installed
OR openstack-nova-14.0.11~dev13-4.37 is installed
OR openstack-nova-api-14.0.11~dev13-4.37 is installed
OR openstack-nova-cells-14.0.11~dev13-4.37 is installed
OR openstack-nova-cert-14.0.11~dev13-4.37 is installed
OR openstack-nova-compute-14.0.11~dev13-4.37 is installed
OR openstack-nova-conductor-14.0.11~dev13-4.37 is installed
OR openstack-nova-console-14.0.11~dev13-4.37 is installed
OR openstack-nova-consoleauth-14.0.11~dev13-4.37 is installed
OR openstack-nova-doc-14.0.11~dev13-4.37 is installed
OR openstack-nova-novncproxy-14.0.11~dev13-4.37 is installed
OR openstack-nova-placement-api-14.0.11~dev13-4.37 is installed
OR openstack-nova-scheduler-14.0.11~dev13-4.37 is installed
OR openstack-nova-serialproxy-14.0.11~dev13-4.37 is installed
OR openstack-nova-vncproxy-14.0.11~dev13-4.37 is installed
OR patterns-cloud-20170124-4.6 is installed
OR patterns-cloud-admin-20170124-4.6 is installed
OR patterns-cloud-compute-20170124-4.6 is installed
OR patterns-cloud-controller-20170124-4.6 is installed
OR patterns-cloud-network-20170124-4.6 is installed
OR patterns-cloud-user-20170124-4.6 is installed
OR python-neutron-9.4.2~dev21-7.35 is installed
OR python-nova-14.0.11~dev13-4.37 is installed
OR python-oslo.messaging-5.10.2-3.12 is installed
OR python-oslo.utils-3.16.1-3.6 is installed
OR python-pysaml2-4.0.2-3.14 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud 8 is installed
AND Package Information
libmariadb3-3.0.3-3.3 is installed
OR mariadb-10.2.15-4.3 is installed
OR mariadb-client-10.2.15-4.3 is installed
OR mariadb-connector-c-3.0.3-3.3 is installed
OR mariadb-errormessages-10.2.15-4.3 is installed
OR mariadb-galera-10.2.15-4.3 is installed
OR mariadb-tools-10.2.15-4.3 is installed
OR xtrabackup-2.4.10-4.3 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
dnsmasq-2.78-18.6 is installed
OR dnsmasq-utils-2.78-18.6 is installed
|
Definition Synopsis |
SUSE OpenStack Cloud Crowbar 9 is installed
AND xrdp-0.9.0~git.1456906198.f422461-21.27 is installed
|