What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for OpenStack
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2576-1
Rating:             moderate
References:         #1084724 #1095482 #1099902 #1100751 #1102151 
                    
Cross-References:   CVE-2018-14432
Affected Products:
                    SUSE OpenStack Cloud 7
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   This update for OpenStack fixes the following issues:

   The following security issue with openstack-keystone has been fixed:

   - CVE-2018-14432: Reduce duplication in federated authentication APIs.
     (bsc#1102151)

   Additionally, the following non-security issues have been fixed:

   openstack-dashboard:

   - Fetch and show Cinder availability zones list during volume creation and
     volume creation from image. (bsc#1100751)

   openstack-heat:

   - Add Trunk resource support.

   openstack-horizon-plugin-designate-ui:

   - Install all designate panels that are available.

   openstack-nova:

   - Stop _undefine_domain erroring if domain not found. (bsc#1099902)
   - Fix Nova to allow using cinder v3 endpoint. (bsc#1095482)

   python-os-vif:

   - Check if interface belongs to a Linux Bridge before removing.
     (bsc#1084724)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1808=1



Package List:

   - SUSE OpenStack Cloud 7 (noarch):

      openstack-dashboard-10.0.6~dev4-4.15.1
      openstack-heat-7.0.7~dev10-5.12.1
      openstack-heat-api-7.0.7~dev10-5.12.1
      openstack-heat-api-cfn-7.0.7~dev10-5.12.1
      openstack-heat-api-cloudwatch-7.0.7~dev10-5.12.1
      openstack-heat-doc-7.0.7~dev10-5.12.1
      openstack-heat-engine-7.0.7~dev10-5.12.1
      openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12.1
      openstack-heat-test-7.0.7~dev10-5.12.1
      openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1
      openstack-keystone-10.0.3~dev9-7.12.1
      openstack-keystone-doc-10.0.3~dev9-7.12.1
      openstack-nova-14.0.11~dev13-4.25.1
      openstack-nova-api-14.0.11~dev13-4.25.1
      openstack-nova-cells-14.0.11~dev13-4.25.1
      openstack-nova-cert-14.0.11~dev13-4.25.1
      openstack-nova-compute-14.0.11~dev13-4.25.1
      openstack-nova-conductor-14.0.11~dev13-4.25.1
      openstack-nova-console-14.0.11~dev13-4.25.1
      openstack-nova-consoleauth-14.0.11~dev13-4.25.1
      openstack-nova-doc-14.0.11~dev13-4.25.1
      openstack-nova-novncproxy-14.0.11~dev13-4.25.1
      openstack-nova-placement-api-14.0.11~dev13-4.25.1
      openstack-nova-scheduler-14.0.11~dev13-4.25.1
      openstack-nova-serialproxy-14.0.11~dev13-4.25.1
      openstack-nova-vncproxy-14.0.11~dev13-4.25.1
      python-heat-7.0.7~dev10-5.12.1
      python-horizon-10.0.6~dev4-4.15.1
      python-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1
      python-keystone-10.0.3~dev9-7.12.1
      python-nova-14.0.11~dev13-4.25.1
      python-os-vif-1.2.1-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-14432.html
   https://bugzilla.suse.com/1084724
   https://bugzilla.suse.com/1095482
   https://bugzilla.suse.com/1099902
   https://bugzilla.suse.com/1100751
   https://bugzilla.suse.com/1102151

SUSE: 2018:2576-1 moderate: OpenStack

August 31, 2018
An update that solves one vulnerability and has four fixes is now available

Summary

This update for OpenStack fixes the following issues: The following security issue with openstack-keystone has been fixed: - CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151) Additionally, the following non-security issues have been fixed: openstack-dashboard: - Fetch and show Cinder availability zones list during volume creation and volume creation from image. (bsc#1100751) openstack-heat: - Add Trunk resource support. openstack-horizon-plugin-designate-ui: - Install all designate panels that are available. openstack-nova: - Stop _undefine_domain erroring if domain not found. (bsc#1099902) - Fix Nova to allow using cinder v3 endpoint. (bsc#1095482) python-os-vif: - Check if interface belongs to a Linux Bridge before removing. (bsc#1084724) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1808=1 Package List: - SUSE OpenStack Cloud 7 (noarch): openstack-dashboard-10.0.6~dev4-4.15.1 openstack-heat-7.0.7~dev10-5.12.1 openstack-heat-api-7.0.7~dev10-5.12.1 openstack-heat-api-cfn-7.0.7~dev10-5.12.1 openstack-heat-api-cloudwatch-7.0.7~dev10-5.12.1 openstack-heat-doc-7.0.7~dev10-5.12.1 openstack-heat-engine-7.0.7~dev10-5.12.1 openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12.1 openstack-heat-test-7.0.7~dev10-5.12.1 openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1 openstack-keystone-10.0.3~dev9-7.12.1 openstack-keystone-doc-10.0.3~dev9-7.12.1 openstack-nova-14.0.11~dev13-4.25.1 openstack-nova-api-14.0.11~dev13-4.25.1 openstack-nova-cells-14.0.11~dev13-4.25.1 openstack-nova-cert-14.0.11~dev13-4.25.1 openstack-nova-compute-14.0.11~dev13-4.25.1 openstack-nova-conductor-14.0.11~dev13-4.25.1 openstack-nova-console-14.0.11~dev13-4.25.1 openstack-nova-consoleauth-14.0.11~dev13-4.25.1 openstack-nova-doc-14.0.11~dev13-4.25.1 openstack-nova-novncproxy-14.0.11~dev13-4.25.1 openstack-nova-placement-api-14.0.11~dev13-4.25.1 openstack-nova-scheduler-14.0.11~dev13-4.25.1 openstack-nova-serialproxy-14.0.11~dev13-4.25.1 openstack-nova-vncproxy-14.0.11~dev13-4.25.1 python-heat-7.0.7~dev10-5.12.1 python-horizon-10.0.6~dev4-4.15.1 python-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1 python-keystone-10.0.3~dev9-7.12.1 python-nova-14.0.11~dev13-4.25.1 python-os-vif-1.2.1-3.3.1

References

#1084724 #1095482 #1099902 #1100751 #1102151

Cross- CVE-2018-14432

Affected Products:

SUSE OpenStack Cloud 7

https://www.suse.com/security/cve/CVE-2018-14432.html

https://bugzilla.suse.com/1084724

https://bugzilla.suse.com/1095482

https://bugzilla.suse.com/1099902

https://bugzilla.suse.com/1100751

https://bugzilla.suse.com/1102151

Severity
Announcement ID: SUSE-SU-2018:2576-1
Rating: moderate

Related News

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Dec 7, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo