Title: | Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma (Moderate) |
Description: |
This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes:
Security fixes included in this update:
kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868).
python-eventlet: CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836)
rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837)
rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible: * Patch service.py to skip blank lines.
Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543)
Changes in crowbar-openstack: * keystone wakeup: get new session on any error. (bsc#1189052)
Changes in influxdb: - Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on
* Canges in kibana: - Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868)
Changes in openstack-cinder: * Fix typo in Dell EMC Unity driver documentation. * Drop lower-constraints job. * [stable-only] Cap bandit to v1.6.2 and fix constraints.
Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets. * OpenDev Migration Patch.
Changes in openstack-heat-gbp: * Add support for Wallaby. * Fix upstream gate.
Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation. * Fix zuul config for heat-templates-check. * Remove testr.
Changes in openstack-horizon-plugin-gbp-ui: * Add support for Wallaby. * Fix upstream gate.
Changes in openstack-keystone: * Retry update\_user when sqlalchemy raises StaleDataErrors. * Pin keystone-tempest-plugin for py27 compatibility.
Changes in openstack-neutron-gbp: * Fix update router API. * Fix HA IP DB migration. * Revert 'Fix HA IP DB migration'. * Fix HA IP DB migration. * Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * Use custom converter for extra attributes. * Validate network before creating or updating router. * Fix Data Migration query for HA IP table. * System security grp:Add system sg in port sg list. * Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * [apic\_aim]: Fix HA IP UTs. * Fixing the exception msg for IPAddressGenerationFailure. * Enhancement regarding router/instance attachment to an external network floating ip and snat subnets. * Setting legacy-group-based-policy-dsvm-aim to non-voting gate. * Add support for Wallaby. * Bug fixes for gbp-validate. * [apic\_aim]: Filter endpoint details. * Bugfix: Policy Enforcement Pref. * Fix unit-tests for tenant-scope validation. * [AIM] Add Policy Enforcement Pref to network extension.
Changes in openstack-nova: * [neutron] Get only ID and name of the SGs from Neutron. * Remove allocations before setting vm\_status to SHELVED\_OFFLOADED. * libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available. * Update pci stat pools based on PCI device changes. * Use subqueryload() instead of joinedload() for (system\_)metadata.
Changes in python-eventlet: Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419)
|