OVAL Reference oval:org.opensuse.security:def:88294

Oval Definition:

oval:org.opensuse.security:def:88294

Revision Date:	2019-11-06	Version:	1
Title:	Security update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging (Important)
Description:	This update for ardana-ansible, ardana-horizon, ardana-keystone, ardana-manila, ardana-neutron, crowbar-core, crowbar-openstack, grafana, openstack-cinder, openstack-dashboard, openstack-horizon-plugin-manila-ui, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, pdns, python-Django1, python-keystonemiddleware, python-octaviaclient, python-os-brick, python-oslo.cache, python-oslo.messaging fixes the following issues: Security issues fixed: - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote back end (pdns, bsc#1129734). - CVE-2019-15043: Added authentication to a few REST endpoints (Grafana, SOC-10357, bsc#1148383). Non-security issues fixed: - Update to version 9.0+git.1568821007.4e73730: * Include manila-pre-upgrade.yml in ardana-upgrade.yml (SOC-10609) - Update to version 9.0+git.1569869028.8edfc22: * Added command to minify the django compressed css files (SOC-10305) - Update to version 9.0+git.1570035317.78077ac: * support OpenID Connect WebSSO (SOC-10509) - Update to version 9.0+git.1569444107.add6a40: * Manila parallelised upgrade workflow enhancements (SOC-10609) - Update to version 9.0+git.1571328680.3a89cb8: * Add neutron-common role dependencies (SOC-10875) - Update to version 6.0+git.1571412352.8da4d261f: * upgrade: Reload repo config in repochecks (SOC-10718) - Update to version 6.0+git.1571210108.12bd2ffa3: * crowbar: Give more time for reboot for physical hardware reboots - Update to version 6.0+git.1570004730.b56b8983b: * Revert 'Use block-migration when needed' (SOC-10133) - Update to version 6.0+git.1569911671.d44b0035c: * Designate: Don't add the admin node to the public network (SOC-10658) - Update to version 6.0+git.1572264221.3826a58b8: * Octavia: account for long ops in HA deployments (SOC-9894) * Octavia: use correct IP addresses for listening (SOC-9894) * Octavia: fix subnet creation race condition (SOC-9894) * Updated copyright notices (SOC-9894) * Octavia: Follow up patch addressing comments from last PR (SOC-9894) - Update to version 6.0+git.1571986150.c5b827b7a: * Fix the migration that tried to access Array as a Hash (SOC-10896) - Update to version 6.0+git.1571731423.957dcfecd: * mysql: fix WSREP sync race (SOC-10717) - Update to version 6.0+git.1571660392.997fee49d: * mysql: stop service for mysql_install_db (SOC-10717) - Update to version 6.0+git.1571241502.2f673d0a9: * rabbitmq: fix migration 200 (SOC-10623) * Changes to integrate with ACI 4.1 and new packages (SOC-10403) - Update to version 6.0+git.1570143515.9b1546ed3: * No rndc key if no public DNS server (SOC-10835) - Update to version 6.0+git.1570048281.815e06ff3: * create watcher barclamp (SOC-4183) - Update to version 6.0+git.1569942913.15b24bec5: * monasca: Fix restore condition (SOC-9772) * database: really fix migration 102 (SOC-10717) - Update to version 6.0+git.1569823669.91f267e96: * Designate: Filter out the admin node (SOC-10658) - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and - Update to version cinder-13.0.8.dev8: * Extend timeout for database migration tests 13.0.7 * Add context to cloning snapshots in remotefs driver - Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation * Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to encrypted+multiattach type - Update to version cinder-13.0.8.dev8: * Extend timeout for database migration tests 13.0.7 * Add context to cloning snapshots in remotefs driver - Update to version cinder-13.0.7.dev22: * Add retry to LVM deactivation * Fix DetachedInstanceError for VolumeAttachment * Don't allow retype to encrypted+multiattach type - Update to version horizon-14.0.5.dev1: * Fix aes-xts key length in Horizon Admin Guide / Manage Volumes 14.0.4 - Add python-csscompressor as a requirement * python-csscompressor will be used to minify compressed css files - Update to version horizon-14.0.4.dev17: * Remove the check which causes plugin's quotas update failure - Update to version horizon-14.0.4.dev16: * Add Allowed Address Pair/Delete buttons are only visible to admin - Update to version horizon-14.0.4.dev14: * Updated max-width to be dynamic for .member class - Update to version horizon-14.0.4.dev13: * Avoid forced logout when 403 error encountered - Update to version manila-ui-2.16.2.dev2: * Updated to get quotas data for Modify Quotas dialog Share tab * OpenDev Migration Patch 2.16.1 - Update to version keystone-14.1.1.dev26: * Make system tokens work with domain-specific drivers - Update to version keystone-14.1.1.dev24: * Add test case for expanding implied roles in system tokens - Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in credential delete - Update to version keystone-14.1.1.dev20: * Import LDAP job into project * Update broken links to dogpile.cache docs - Update to version keystone-14.1.1.dev26: * Make system tokens work with domain-specific drivers - Update to version keystone-14.1.1.dev24: * Add test case for expanding implied roles in system tokens - Update to version keystone-14.1.1.dev22: * Add retry for DBDeadlock in credential delete - Update to version keystone-14.1.1.dev20: * Import LDAP job into project * Update broken links to dogpile.cache docs - Update to version manila-7.3.1.dev15: * Fix [Unity] verification and convert mgmt ipv6 - Update to version manila-7.3.1.dev14: * Adding documentation for User Messages in Manila Documentation - Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking of NetApp replicated share - Update to version manila-7.3.1.dev11: * Fix pagination does not speed up queries bug - Update to version manila-7.3.1.dev9: * Remove backend spec from share type while creating replica - Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for pools - Update to version manila-7.3.1.dev7: * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job - Update to version manila-7.3.1.dev15: * Fix [Unity] verification and convert mgmt ipv6 - Update to version manila-7.3.1.dev14: * Adding documentation for User Messages in Manila Documentation - Update to version manila-7.3.1.dev12: * [NetApp] Allow extension/shrinking of NetApp replicated share - Update to version manila-7.3.1.dev11: * Fix pagination does not speed up queries bug - Update to version manila-7.3.1.dev9: * Remove backend spec from share type while creating replica - Update to version manila-7.3.1.dev8: * Check NetApp SnapRestore license for pools - Update to version manila-7.3.1.dev7: * Fix manila-tempest-minimal-dsvm-lvm-centos-7 job - Update to version neutron-13.0.6.dev3: * Add radvd\_user config option * Fix mismatch of tags in dnsmasq options 13.0.5 - Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers without routerports - Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/Remove port IPs - Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop * OVS flows for custom ethertypes must be on EGRESS - Update to version neutron-13.0.6.dev3: * Add radvd\_user config option * Fix mismatch of tags in dnsmasq options 13.0.5 - Update to version neutron-13.0.5.dev55: * Handle ports assigned to routers without routerports - Update to version neutron-13.0.5.dev54: * fixed\_configured=True when Add/Remove port IPs - Update to version neutron-13.0.5.dev53: * raise priority of dead vlan drop * OVS flows for custom ethertypes must be on EGRESS - Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with third-party L3 service plugins - Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host 13.0.2 - Update to version neutron-fwaas-13.0.3.dev2: * Fix AttributeError with third-party L3 service plugins - Update to version neutron-fwaas-13.0.3.dev1: * FWaaS-DVR: FWaaS rules not updated in DVR routers on compute host 13.0.2 - Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model - Update to version neutron-lbaas-13.0.1.dev15: * Fix lb stats model - Update to version nova-18.2.4.dev18: * Error out interrupted builds * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * cleanup evacuated instances not on hypervisor - Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period * Fix exception translation when creating volume * Skip test\_parallel\_evacuate\_with\_server\_group until fixed * Handle get\_host\_availability\_zone error during reschedule * Noop CantStartEngineError in targets\_cell if API DB not configured - Update to version nova-18.2.4.dev1: * Stop sending bad values from libosinfo to libvirt 18.2.3 - Update to version nova-18.2.3.dev25: * Add useful error log when \_determine\_version\_cap raises DBNotAllowed - Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query parameter to noVNC consoles - Update to version nova-18.2.4.dev18: * Error out interrupted builds * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * cleanup evacuated instances not on hypervisor - Update to version nova-18.2.4.dev8: * Fix unit of hw\_rng:rate\_period * Fix exception translation when creating volume * Skip test\_parallel\_evacuate\_with\_server\_group until fixed * Handle get\_host\_availability\_zone error during reschedule * Noop CantStartEngineError in targets\_cell if API DB not configured - Update to version nova-18.2.4.dev1: * Stop sending bad values from libosinfo to libvirt 18.2.3 - Update to version nova-18.2.3.dev25: * Add useful error log when \_determine\_version\_cap raises DBNotAllowed - Update to version nova-18.2.3.dev23: * Reduce scope of 'path' query parameter to noVNC consoles - Move tempest tests into the python-octavia package (SOC-9455) - Update to version octavia-3.2.1.dev1: 3.2.0 * loadbalancer vip-network-id IP availability check - Update to version octavia-3.1.2.dev46: * Fix urgent amphora two-way auth security bug Update image to 0.1.1 to include latest changes in openstack-octavia: - Update to include version octavia-3.2.1.dev1: * loadbalancer vip-network-id IP availability check * Fix urgent amphora two-way auth security bug * Fix member API handling of None/null updates * Validate server\_certs\_key\_passphrase is 32 chars * Work around strptime threading issue * Fix base (VRRP) port abandoned on revert * Do not run non-voting jobs in gate * Fix l7rule API handling of None updates * Fix template that generates vrrp check script * elements: add arch property for \`\`open-vm-tools\`\` * Prevent UDP LBs to use different IP protocol versions in amphora driver * Fixed down server issue after reloading keepalived * Fixed pool and members status with UDP loadbalancers * Add support for monitor\_{address,port} in UDP members * Fix auto setup Barbican's ACL in the legacy driver * Fix L7 repository create methods * Add warning log if auth\_strategy is not keystone * Add failover logging to show the amphora details * Revert 'Use the infra pypi mirror for DIB' * Use the infra pypi mirror for DIB * only rollback DB when we have a connection to the DB * Add octavia-v2-dsvm jobs to the gate queue * Fix for utils LB DM transformation function * Update amphora-agent to report UDP listener health * Update tox.ini for new upper constraints strategy * Add bindep.txt for Octavia * Fix allocate\_and\_associate DB deadlock * Treat null admin\_state\_up as False * Performance improvement for non-udp health checks * Bandit test exclusions syntax change * Fix IPv6 in Active/Standby topology on CentOS * Fix listener API handling of None/null updates * OpenDev Migration Patch * Fix a lifecycle bug with child objects * Fix the amphora base port coming up * Fix setting of VIP QoS policy * Fix VIP plugging on CentOS-based amphorae * Fix possible state machine hole in failover * Add missing import octavia/opts.py * Fix the loss of access to barbican secrets * Fix initialization of Barbican client * Replace openstack.org git:// URLs with https:// * Fix prefix for vip\_ipv6 * Fix ifup failures on member interfaces with IPv6 * Adds server\_certs\_key\_passphrase to octavia.conf * Fix LB failover when in ERROR * Resolve amphora agent read timeout issue * Fix performance of housekeeping DB clean up * Encrypt certs and keys * Enable debug for Octavia services in grenade job * Fix oslo messaging connection leakage * Simplify keepalived lvsquery parsing for UDP * Fix functional tests under Python >= 3.6 * Fix check redirect pool for creating a fully populated load balancer * Fix missing print format error - Remove superfluous octavia-db-manage invocation from service file - Incorporate the patch from https://review.openstack.org/#/c/541811/9. - Update to 4.1.8 * #7604: Correctly interpret an empty AXFR response to an IXFR query, * #7610: Fix replying from ANY address for non-standard port, * #7609: Fix rectify for ENT records in narrow zones, * #7607: Do not compress the root, * #7608: Fix dot stripping in `setcontent()`, * #7605: Fix invalid SOA record in MySQL which prevented the authoritative server from starting, * #7603: Prevent leak of file descriptor if running out of ports for incoming AXFR, * #7602: Fix API search failed with “Commands out of sync; you can’t run this command now”, * #7509: Plug `mysql_thread_init` memory leak, * #7567: EL6: fix `CXXFLAGS` to build with compiler optimizations. * Prevent more than one CNAME/SOA record in the same RRset - Update to 1.11.24: * Fixed crash of KeyTransform() for JSONField and HStoreField when using on expressions with params (#30672). - update to version 5.2.1 - Update .gitreview for stable/rocky - Update UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - Remove tox_install.sh - import zuul job settings from project-config - Skip the services with no endpoints when parsing service catalog - update to version 1.6.1 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - OpenDev Migration Patch - import zuul job settings from project-config - Update .gitreview for stable/rocky - Make sure we always requests JSON responses - update to version 2.5.8 - FC: Ignore some HBAs from map for single WWNN - OpenDev Migration Patch - Improve iSCSI device detection speed - update to version 1.30.4 - Update UPPER_CONSTRAINTS_FILE for stable/rocky - Fix memcache pool client in monkey-patched environments - OpenDev Migration Patch - Pass `flush_on_reconnect` to memcache pooled backend - update to version 8.1.4 - Replace openstack.org git:// URLs with https:// - Cap Bandit below 1.6.0 and update Sphinx requirement - Retry to declare a queue after internal error - Add release note for amqp library TLS/SSL error - Fix switch connection destination when a rabbitmq cluster node disappear - Mark telemetry tests nv and remove from gate - OpenDev Migration Patch - Issue blocking ACK for RPC requests from the consumer thread - fix typos
Family:	unix	Class:	patch
Status:		Reference(s):	1129734 1148383 CVE-2019-15043 CVE-2019-3871 SUSE-SU-2019:2906-1
Platform(s):	SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1571412352.8da4d261f-3.13.3 is installed OR crowbar-core-branding-upstream-6.0+git.1571412352.8da4d261f-3.13.3 is installed OR crowbar-openstack-6.0+git.1572264221.3826a58b8-3.13.3 is installed OR grafana-6.2.5-3.9.3 is installed OR openstack-cinder-13.0.8~dev8-3.13.5 is installed OR openstack-cinder-api-13.0.8~dev8-3.13.5 is installed OR openstack-cinder-backup-13.0.8~dev8-3.13.5 is installed OR openstack-cinder-scheduler-13.0.8~dev8-3.13.5 is installed OR openstack-cinder-volume-13.0.8~dev8-3.13.5 is installed OR openstack-dashboard-14.0.5~dev1-3.9.4 is installed OR openstack-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 is installed OR openstack-keystone-14.1.1~dev26-3.13.4 is installed OR openstack-manila-7.3.1~dev15-4.13.4 is installed OR openstack-manila-api-7.3.1~dev15-4.13.4 is installed OR openstack-manila-data-7.3.1~dev15-4.13.4 is installed OR openstack-manila-scheduler-7.3.1~dev15-4.13.4 is installed OR openstack-manila-share-7.3.1~dev15-4.13.4 is installed OR openstack-neutron-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-dhcp-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-fwaas-13.0.3~dev2-3.6.3 is installed OR openstack-neutron-ha-tool-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-l3-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-lbaas-13.0.1~dev15-3.10.3 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev15-3.10.3 is installed OR openstack-neutron-linuxbridge-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-macvtap-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-metadata-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-metering-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-openvswitch-agent-13.0.6~dev3-3.13.4 is installed OR openstack-neutron-server-13.0.6~dev3-3.13.4 is installed OR openstack-nova-18.2.4~dev18-3.13.5 is installed OR openstack-nova-api-18.2.4~dev18-3.13.5 is installed OR openstack-nova-cells-18.2.4~dev18-3.13.5 is installed OR openstack-nova-compute-18.2.4~dev18-3.13.5 is installed OR openstack-nova-conductor-18.2.4~dev18-3.13.5 is installed OR openstack-nova-console-18.2.4~dev18-3.13.5 is installed OR openstack-nova-novncproxy-18.2.4~dev18-3.13.5 is installed OR openstack-nova-placement-api-18.2.4~dev18-3.13.5 is installed OR openstack-nova-scheduler-18.2.4~dev18-3.13.5 is installed OR openstack-nova-serialproxy-18.2.4~dev18-3.13.5 is installed OR openstack-nova-vncproxy-18.2.4~dev18-3.13.5 is installed OR openstack-octavia-3.2.1~dev1-3.13.3 is installed OR openstack-octavia-amphora-agent-3.2.1~dev1-3.13.3 is installed OR openstack-octavia-amphora-image-x86_64-0.1.1-7.3.4 is installed OR openstack-octavia-api-3.2.1~dev1-3.13.3 is installed OR openstack-octavia-health-manager-3.2.1~dev1-3.13.3 is installed OR openstack-octavia-housekeeping-3.2.1~dev1-3.13.3 is installed OR openstack-octavia-worker-3.2.1~dev1-3.13.3 is installed OR python-Django1-1.11.24-3.12.3 is installed OR python-cinder-13.0.8~dev8-3.13.5 is installed OR python-horizon-14.0.5~dev1-3.9.4 is installed OR python-horizon-plugin-manila-ui-2.16.2~dev2-3.3.3 is installed OR python-keystone-14.1.1~dev26-3.13.4 is installed OR python-keystonemiddleware-5.2.1-11.4 is installed OR python-manila-7.3.1~dev15-4.13.4 is installed OR python-neutron-13.0.6~dev3-3.13.4 is installed OR python-neutron-fwaas-13.0.3~dev2-3.6.3 is installed OR python-neutron-lbaas-13.0.1~dev15-3.10.3 is installed OR python-nova-18.2.4~dev18-3.13.5 is installed OR python-octavia-3.2.1~dev1-3.13.3 is installed OR python-octaviaclient-1.6.1-3.3.3 is installed OR python-openstack_auth-14.0.5~dev1-3.9.4 is installed OR python-os-brick-2.5.8-3.6.3 is installed OR python-os-brick-common-2.5.8-3.6.3 is installed OR python-oslo.cache-1.30.4-3.3.3 is installed OR python-oslo.messaging-8.1.4-3.3.3 is installed

BACK