Oval Definition:oval:org.opensuse.security:def:84728
Revision Date:2021-01-11Version:1
Title:Security update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2 (Important)
Description:

This update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2 fixes the following issues:

Security fixes included in this request:

grafana: - CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243)

influxdb: - CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988)

python-Jinja2: - CVE-2019-10906, CVE-2019-8341, CVE-2016-10745: 'SandboxedEnvironment' securely handles 'str.format_map' in order to prevent code execution through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174)

Non-security fixes included in this request:

Changes in crowbar-core.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Update to version 5.0+git.1606840757.839a64745: * ntp: Do not use rate-limiting (bsc#1179161)

Changes in crowbar-openstack.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Update to version 5.0+git.1604938523.ded915845: * rabbitmq: Fix crm running check (SOC-11240)

Changes in grafana.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Fix bsc#1178243 CVE-2020-24303 by adding 25401-Fix-XSS-vulnerability-with-series-overrides.patch

Changes in influxdb.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to fix authentication bypass - Declare license files correctly

Changes in openstack-heat-templates.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version 0.0.0+git.1605509190.64f020b: * Fix software config on rdo * optimize size and time using --no-cache-dir * add template for servers using Octavia

- Update to version 0.0.0+git.1604032742.c5733ee: * Move heat-templates-check job to zuul v3

Changes in openstack-nova-doc.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version nova-16.1.9.dev77: * Follow up for cherry-pick check for merge patch

Changes in openstack-nova.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version nova-16.1.9.dev77: * Follow up for cherry-pick check for merge patch

Changes in python-Jinja2.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - add 0001-sandbox-str.format_map.patch (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341) * 'SandboxedEnvironment' securely handles 'str.format_map' in order to prevent code execution through untrusted format strings. The sandbox already handled 'str.format'. - add 0001-SECURITY-support-sandboxing-in-format-expressions.patch (bsc#1132174, CVE-2016-10745)

- Allows Recommends and Suggest in Fedora

- Recommends only for SUSE

Changes in rubygem-crowbar-client:

- Update to 3.9.3 - Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954)

Family:unixClass:patch
Status:Reference(s):1117080
1125815
1132174
1132323
1178243
1178988
1179161
CVE-2016-10745
CVE-2018-17954
CVE-2019-10906
CVE-2019-20933
CVE-2019-8341
CVE-2020-24303
Platform(s):SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-core-5.0+git.1606840757.839a64745-3.47.1 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1606840757.839a64745-3.47.1 is installed
  • OR crowbar-openstack-5.0+git.1604938523.ded915845-4.46.1 is installed
  • OR grafana-6.7.4-4.15.1 is installed
  • OR influxdb-1.3.4-4.3.1 is installed
  • OR openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1 is installed
  • OR openstack-nova-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-api-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-cells-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-compute-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-conductor-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-console-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-consoleauth-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-doc-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-novncproxy-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-placement-api-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-scheduler-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-serialproxy-16.1.9~dev77-3.42.1 is installed
  • OR openstack-nova-vncproxy-16.1.9~dev77-3.42.1 is installed
  • OR python-Jinja2-2.9.6-3.3.1 is installed
  • OR python-nova-16.1.9~dev77-3.42.1 is installed
  • OR ruby2.1-rubygem-crowbar-client-3.9.3-3.15.1 is installed
    • BACK