SUSE: 2019:1450-1 moderate: Cloud7 packages

    Date07 Jun 2019
    CategorySuSE
    328
    Posted ByLinuxSecurity Advisories
    An update that solves two vulnerabilities and has 13 fixes is now available.
    
       SUSE Security Update: Security update for Cloud7 packages
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1450-1
    Rating:             moderate
    References:         #1063535 #1074662 #1112767 #1113107 #1118004 
                        #1120767 #1122053 #1122875 #1123709 #1127558 
                        #1127752 #1128954 #1128987 #1130414 #1131053 
                        
    Cross-References:   CVE-2017-1000433 CVE-2018-1000872
    Affected Products:
                        SUSE OpenStack Cloud 7
                        SUSE Enterprise Storage 4
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has 13 fixes
       is now available.
    
    Description:
    
       This update provides fixes for the following packages issues:
    
       caasp-openstack-heat-templates:
    
       - Update to version 1.0+git.1553079189.3bf8922:
         * SCRD-2813 Add support for CPI parameters
       - Update to version 1.0+git.1547562889.43707e7:
         * Switch LB protocol from HTTP to HTTPS
    
       crowbar:
    
       - Update to version 4.0+git.1551088848.823bcaa3:
         * install-chef-suse: filter comments from  authorized_keys file
    
       crowbar-core:
    
       - Update to version 4.0+git.1556285635.ab602dd4d:
         * network: run wicked ifdown for interface cleanup (bsc#1063535)
       - Update to version 4.0+git.1554931881.d98412e0e:
         * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126)
       - Update to version 4.0+git.1552239940.5bc9aaac4:
         * crowbar: Do not rely on Chef::Util::FileEdit to write the file
           (bsc#1127752)
       - Update to version 4.0+git.1550493400.9787ea9ad:
         * upgrade: Delay status switch after upgrade ends
       - Update to version 4.0+git.1549474445.d9a35cf52:
         * fix hound warning
         * Support RAID 0
       - Packaged default upgrade timeouts file
       - Update to version 4.0+git.1549136953.afcde921f:
         * apache2: enable sslsessioncache
       - Update to version 4.0+git.1548859099.0edbbfdc2:
         * upgrade: Add default upgrade timeouts file
    
       crowbar-ha:
    
       - Update to version 4.0+git.1556181005.47c643d:
         * pacemaker: wait more for founder if SBD is configured (SCRD-8462)
         * pacemaker: don't check cluster members on founder (SCRD-8462)
       - Update to version 4.0+git.1554215159.8a42a71:
         * improve galera HA setup (bsc#1122875)
    
       crowbar-openstack:
    
       - Update to version 4.0+git.1554887450.ff7c30c1c:
         * neutron: Added option to use L3 HA with Keepalived
       - Update to version 4.0+git.1554843756.5622551da:
         * ironic: Fix regression in helper
       - Update to version 4.0+git.1554814630.ec3c89f25:
         * ceilometer: Install package which contains cron file (bsc#1130414)
       - Update to version 4.0+git.1551459192.89433e13b:
         * rabbit: fix mirroring regex
       - Update to version 4.0+git.1550582615.f6b433ec7:
         * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107)
       - Update to version 4.0+git.1550262335.9667fa580:
         * mysql: Do not set a custom logfile for mysqld (bsc#1112767)
         * mysql: create .my.cnf in root home directory for mysql cmdline
       - Update to version 4.0+git.1549986893.df836d6cc:
         * mariadb: Remove installing the xtrabackup package
         * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709)
    
       galera-python-clustercheck:
    
       - readtimeout.patch: Add socket read timeout (bsc#1122053)
    
       openstack-ceilometer:
    
       - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer
         This is needed in a clustered environment where multiple
         ceilometer-collector services are installed on different nodes (and due
         to that multiple expirer cron jobs installed). That can lead to
         deadlocks when the cron jobs run in parallel on the different nodes
         (bsc#1113107)
    
       openstack-heat-gbp:
    
       - switch to newton branch
    
       python-PyKMIP:
    
       - Fix a denial-of-service bug by setting the server socket timeout
         (bsc#1120767 CVE-2018-1000872)
    
       python-pysaml2:
    
       - Fix for the authentication bypass due to optimizations
         (CVE-2017-1000433, bsc#1074662)
    
       rubygem-crowbar-client:
    
       - Update to 3.9.0
        - Add support for the restricted APIs
        - Add --raw to "proposal show" and "proposal edit"
        - Correctly parse error messages that we don't handle natively
        - Better upgrade repocheck output
       - Update to 3.7.0
         - upgrade: Use cloud_version config for upgrade
         - ses: Add ses upload subcommand
         - Add cloud_version config field.
         - Wrap os-release file parsing for better reuse.
         - upgrade: Fix repocheck component in error message
         - upgrade: Better repocheck output
       - updated to version 3.6.1
         * Hide the database step when it is not used (bsc#1118004)
         * Fix help strings
         * Describe how to upgrade more nodes with one command
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1
    
       - SUSE Enterprise Storage 4:
    
          zypper in -t patch SUSE-Storage-4-2019-1450=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE OpenStack Cloud 7 (noarch):
    
          caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-ha-4.0+git.1556181005.47c643d-4.46.3
          crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3
          galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2
          openstack-ceilometer-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3
          openstack-ceilometer-api-7.1.1~dev4-4.15.3
          openstack-ceilometer-collector-7.1.1~dev4-4.15.3
          openstack-ceilometer-doc-7.1.1~dev4-4.15.3
          openstack-ceilometer-polling-7.1.1~dev4-4.15.3
          openstack-heat-gbp-5.1.1~dev1-2.6.3
          python-PyKMIP-0.5.0-3.3.3
          python-ceilometer-7.1.1~dev4-4.15.3
          python-heat-gbp-5.1.1~dev1-2.6.3
          python-pysaml2-4.0.2-3.6.3
    
       - SUSE Enterprise Storage 4 (aarch64 x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE Enterprise Storage 4 (noarch):
    
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-1000433.html
       https://www.suse.com/security/cve/CVE-2018-1000872.html
       https://bugzilla.suse.com/1063535
       https://bugzilla.suse.com/1074662
       https://bugzilla.suse.com/1112767
       https://bugzilla.suse.com/1113107
       https://bugzilla.suse.com/1118004
       https://bugzilla.suse.com/1120767
       https://bugzilla.suse.com/1122053
       https://bugzilla.suse.com/1122875
       https://bugzilla.suse.com/1123709
       https://bugzilla.suse.com/1127558
       https://bugzilla.suse.com/1127752
       https://bugzilla.suse.com/1128954
       https://bugzilla.suse.com/1128987
       https://bugzilla.suse.com/1130414
       https://bugzilla.suse.com/1131053
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    You are not authorised to post comments.

    ccommentViewComments Object ( [document] => [_name:protected] => comments [_models:protected] => Array ( ) [_basePath:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment [_defaultModel:protected] => [_layout:protected] => default [_layoutExt:protected] => php [_layoutTemplate:protected] => _ [_path:protected] => Array ( [template] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_comment/templates/default/ [1] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/ [2] => /var/www/www.linuxsecurity.com-443/html/templates/shaperhelix_child/html/com_content/comments/ [3] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/views/comments/tmpl/ ) [helper] => Array ( [0] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/helpers/ ) ) [_template:protected] => /var/www/www.linuxsecurity.com-443/html/components/com_comment/templates/default/default_menu.php [_output:protected] => [_escape:protected] => htmlspecialchars [_charset:protected] => UTF-8 [_errors:protected] => Array ( ) [baseurl] => [plugin] => CcommentComponentContentPlugin Object ( [row] => stdClass Object ( [id] => 268402 [asset_id] => 0 [title] => SUSE: 2019:1450-1 moderate: Cloud7 packages [alias] => suse-2019-1450-1-moderate-cloud7-packages [introtext] => An update that solves two vulnerabilities and has 13 fixes is now available. [fulltext] =>
    
       SUSE Security Update: Security update for Cloud7 packages
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1450-1
    Rating:             moderate
    References:         #1063535 #1074662 #1112767 #1113107 #1118004 
                        #1120767 #1122053 #1122875 #1123709 #1127558 
                        #1127752 #1128954 #1128987 #1130414 #1131053 
                        
    Cross-References:   CVE-2017-1000433 CVE-2018-1000872
    Affected Products:
                        SUSE OpenStack Cloud 7
                        SUSE Enterprise Storage 4
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has 13 fixes
       is now available.
    
    Description:
    
       This update provides fixes for the following packages issues:
    
       caasp-openstack-heat-templates:
    
       - Update to version 1.0+git.1553079189.3bf8922:
         * SCRD-2813 Add support for CPI parameters
       - Update to version 1.0+git.1547562889.43707e7:
         * Switch LB protocol from HTTP to HTTPS
    
       crowbar:
    
       - Update to version 4.0+git.1551088848.823bcaa3:
         * install-chef-suse: filter comments from  authorized_keys file
    
       crowbar-core:
    
       - Update to version 4.0+git.1556285635.ab602dd4d:
         * network: run wicked ifdown for interface cleanup (bsc#1063535)
       - Update to version 4.0+git.1554931881.d98412e0e:
         * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126)
       - Update to version 4.0+git.1552239940.5bc9aaac4:
         * crowbar: Do not rely on Chef::Util::FileEdit to write the file
           (bsc#1127752)
       - Update to version 4.0+git.1550493400.9787ea9ad:
         * upgrade: Delay status switch after upgrade ends
       - Update to version 4.0+git.1549474445.d9a35cf52:
         * fix hound warning
         * Support RAID 0
       - Packaged default upgrade timeouts file
       - Update to version 4.0+git.1549136953.afcde921f:
         * apache2: enable sslsessioncache
       - Update to version 4.0+git.1548859099.0edbbfdc2:
         * upgrade: Add default upgrade timeouts file
    
       crowbar-ha:
    
       - Update to version 4.0+git.1556181005.47c643d:
         * pacemaker: wait more for founder if SBD is configured (SCRD-8462)
         * pacemaker: don't check cluster members on founder (SCRD-8462)
       - Update to version 4.0+git.1554215159.8a42a71:
         * improve galera HA setup (bsc#1122875)
    
       crowbar-openstack:
    
       - Update to version 4.0+git.1554887450.ff7c30c1c:
         * neutron: Added option to use L3 HA with Keepalived
       - Update to version 4.0+git.1554843756.5622551da:
         * ironic: Fix regression in helper
       - Update to version 4.0+git.1554814630.ec3c89f25:
         * ceilometer: Install package which contains cron file (bsc#1130414)
       - Update to version 4.0+git.1551459192.89433e13b:
         * rabbit: fix mirroring regex
       - Update to version 4.0+git.1550582615.f6b433ec7:
         * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107)
       - Update to version 4.0+git.1550262335.9667fa580:
         * mysql: Do not set a custom logfile for mysqld (bsc#1112767)
         * mysql: create .my.cnf in root home directory for mysql cmdline
       - Update to version 4.0+git.1549986893.df836d6cc:
         * mariadb: Remove installing the xtrabackup package
         * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709)
    
       galera-python-clustercheck:
    
       - readtimeout.patch: Add socket read timeout (bsc#1122053)
    
       openstack-ceilometer:
    
       - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer
         This is needed in a clustered environment where multiple
         ceilometer-collector services are installed on different nodes (and due
         to that multiple expirer cron jobs installed). That can lead to
         deadlocks when the cron jobs run in parallel on the different nodes
         (bsc#1113107)
    
       openstack-heat-gbp:
    
       - switch to newton branch
    
       python-PyKMIP:
    
       - Fix a denial-of-service bug by setting the server socket timeout
         (bsc#1120767 CVE-2018-1000872)
    
       python-pysaml2:
    
       - Fix for the authentication bypass due to optimizations
         (CVE-2017-1000433, bsc#1074662)
    
       rubygem-crowbar-client:
    
       - Update to 3.9.0
        - Add support for the restricted APIs
        - Add --raw to "proposal show" and "proposal edit"
        - Correctly parse error messages that we don't handle natively
        - Better upgrade repocheck output
       - Update to 3.7.0
         - upgrade: Use cloud_version config for upgrade
         - ses: Add ses upload subcommand
         - Add cloud_version config field.
         - Wrap os-release file parsing for better reuse.
         - upgrade: Fix repocheck component in error message
         - upgrade: Better repocheck output
       - updated to version 3.6.1
         * Hide the database step when it is not used (bsc#1118004)
         * Fix help strings
         * Describe how to upgrade more nodes with one command
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1
    
       - SUSE Enterprise Storage 4:
    
          zypper in -t patch SUSE-Storage-4-2019-1450=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE OpenStack Cloud 7 (noarch):
    
          caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-ha-4.0+git.1556181005.47c643d-4.46.3
          crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3
          galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2
          openstack-ceilometer-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3
          openstack-ceilometer-api-7.1.1~dev4-4.15.3
          openstack-ceilometer-collector-7.1.1~dev4-4.15.3
          openstack-ceilometer-doc-7.1.1~dev4-4.15.3
          openstack-ceilometer-polling-7.1.1~dev4-4.15.3
          openstack-heat-gbp-5.1.1~dev1-2.6.3
          python-PyKMIP-0.5.0-3.3.3
          python-ceilometer-7.1.1~dev4-4.15.3
          python-heat-gbp-5.1.1~dev1-2.6.3
          python-pysaml2-4.0.2-3.6.3
    
       - SUSE Enterprise Storage 4 (aarch64 x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE Enterprise Storage 4 (noarch):
    
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-1000433.html
       https://www.suse.com/security/cve/CVE-2018-1000872.html
       https://bugzilla.suse.com/1063535
       https://bugzilla.suse.com/1074662
       https://bugzilla.suse.com/1112767
       https://bugzilla.suse.com/1113107
       https://bugzilla.suse.com/1118004
       https://bugzilla.suse.com/1120767
       https://bugzilla.suse.com/1122053
       https://bugzilla.suse.com/1122875
       https://bugzilla.suse.com/1123709
       https://bugzilla.suse.com/1127558
       https://bugzilla.suse.com/1127752
       https://bugzilla.suse.com/1128954
       https://bugzilla.suse.com/1128987
       https://bugzilla.suse.com/1130414
       https://bugzilla.suse.com/1131053
    
    _______________________________________________
    sle-security-updates mailing list
    sle-security-updates@lists.suse.com
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    [state] => 1 [catid] => 100 [created] => 2019-06-07 14:12:00 [created_by] => 62 [created_by_alias] => LinuxSecurity.com Team [modified] => 2019-06-07 14:12:00 [modified_by] => 0 [checked_out] => 0 [checked_out_time] => 0000-00-00 00:00:00 [publish_up] => 2019-06-07 14:12:00 [publish_down] => 0000-00-00 00:00:00 [images] => {"image_intro":"/images/distros-large/suse-large.png","image_fulltext_alt":"'SUSE: 2019:1450-1 moderate: Cloud7 packages'","image_intro_alt":"'SUSE: 2019:1450-1 moderate: Cloud7 packages'","image_fulltext_caption":"'SUSE: 2019:1450-1 moderate: Cloud7 packages'","float_fulltext":"/images/distros-large/suse-large.png","image_fulltext":"/images/distros-large/suse-large.png","float_intro":"","image_intro_caption":"'SUSE: 2019:1450-1 moderate: Cloud7 packages'"} [urls] => [attribs] => [version] => 1 [ordering] => 1 [metakey] => [metadesc] => [access] => 1 [hits] => 328 [metadata] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [robots] => [author] => [rights] => [xreference] => ) [initialized:protected] => 1 [separator] => . ) [featured] => 0 [language] => * [xreference] => [category_title] => SuSE [category_alias] => suse [category_access] => 1 [author] => LinuxSecurity Advisories [parent_title] => ADVISORIES [parent_id] => 181 [parent_route] => advisories [parent_alias] => advisories [rating] => [rating_count] => [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"108","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Advisories [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) [tagLayout] => Joomla\CMS\Layout\FileLayout Object ( [layoutId:protected] => joomla.content.tags [basePath:protected] => [fullPath:protected] => [includePaths:protected] => Array ( ) [options:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [component] => com_content [client] => 0 ) [initialized:protected] => [separator] => . ) [data:protected] => Array ( ) [debugMessages:protected] => Array ( ) ) [slug] => 268402:suse-2019-1450-1-moderate-cloud7-packages [catslug] => 100:suse [parent_slug] => 181:advisories [readmore_link] => /advisories/suse/suse-2019-1450-1-moderate-cloud7-packages [text] => An update that solves two vulnerabilities and has 13 fixes is now available.
    
       SUSE Security Update: Security update for Cloud7 packages
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2019:1450-1
    Rating:             moderate
    References:         #1063535 #1074662 #1112767 #1113107 #1118004 
                        #1120767 #1122053 #1122875 #1123709 #1127558 
                        #1127752 #1128954 #1128987 #1130414 #1131053 
                        
    Cross-References:   CVE-2017-1000433 CVE-2018-1000872
    Affected Products:
                        SUSE OpenStack Cloud 7
                        SUSE Enterprise Storage 4
    ______________________________________________________________________________
    
       An update that solves two vulnerabilities and has 13 fixes
       is now available.
    
    Description:
    
       This update provides fixes for the following packages issues:
    
       caasp-openstack-heat-templates:
    
       - Update to version 1.0+git.1553079189.3bf8922:
         * SCRD-2813 Add support for CPI parameters
       - Update to version 1.0+git.1547562889.43707e7:
         * Switch LB protocol from HTTP to HTTPS
    
       crowbar:
    
       - Update to version 4.0+git.1551088848.823bcaa3:
         * install-chef-suse: filter comments from  authorized_keys file
    
       crowbar-core:
    
       - Update to version 4.0+git.1556285635.ab602dd4d:
         * network: run wicked ifdown for interface cleanup (bsc#1063535)
       - Update to version 4.0+git.1554931881.d98412e0e:
         * Fix cloud-mkcloud9-job-backup-restore (SCRD-7126)
       - Update to version 4.0+git.1552239940.5bc9aaac4:
         * crowbar: Do not rely on Chef::Util::FileEdit to write the file
           (bsc#1127752)
       - Update to version 4.0+git.1550493400.9787ea9ad:
         * upgrade: Delay status switch after upgrade ends
       - Update to version 4.0+git.1549474445.d9a35cf52:
         * fix hound warning
         * Support RAID 0
       - Packaged default upgrade timeouts file
       - Update to version 4.0+git.1549136953.afcde921f:
         * apache2: enable sslsessioncache
       - Update to version 4.0+git.1548859099.0edbbfdc2:
         * upgrade: Add default upgrade timeouts file
    
       crowbar-ha:
    
       - Update to version 4.0+git.1556181005.47c643d:
         * pacemaker: wait more for founder if SBD is configured (SCRD-8462)
         * pacemaker: don't check cluster members on founder (SCRD-8462)
       - Update to version 4.0+git.1554215159.8a42a71:
         * improve galera HA setup (bsc#1122875)
    
       crowbar-openstack:
    
       - Update to version 4.0+git.1554887450.ff7c30c1c:
         * neutron: Added option to use L3 HA with Keepalived
       - Update to version 4.0+git.1554843756.5622551da:
         * ironic: Fix regression in helper
       - Update to version 4.0+git.1554814630.ec3c89f25:
         * ceilometer: Install package which contains cron file (bsc#1130414)
       - Update to version 4.0+git.1551459192.89433e13b:
         * rabbit: fix mirroring regex
       - Update to version 4.0+git.1550582615.f6b433ec7:
         * ceilometer: Use pacemaker to handle expirer cron link (bsc#1113107)
       - Update to version 4.0+git.1550262335.9667fa580:
         * mysql: Do not set a custom logfile for mysqld (bsc#1112767)
         * mysql: create .my.cnf in root home directory for mysql cmdline
       - Update to version 4.0+git.1549986893.df836d6cc:
         * mariadb: Remove installing the xtrabackup package
         * ssl: Fix ACL setup in ssl_setup provider (bsc#1123709)
    
       galera-python-clustercheck:
    
       - readtimeout.patch: Add socket read timeout (bsc#1122053)
    
       openstack-ceilometer:
    
       - Install openstack-ceilometer-expirer.cron into /usr/share/ceilometer
         This is needed in a clustered environment where multiple
         ceilometer-collector services are installed on different nodes (and due
         to that multiple expirer cron jobs installed). That can lead to
         deadlocks when the cron jobs run in parallel on the different nodes
         (bsc#1113107)
    
       openstack-heat-gbp:
    
       - switch to newton branch
    
       python-PyKMIP:
    
       - Fix a denial-of-service bug by setting the server socket timeout
         (bsc#1120767 CVE-2018-1000872)
    
       python-pysaml2:
    
       - Fix for the authentication bypass due to optimizations
         (CVE-2017-1000433, bsc#1074662)
    
       rubygem-crowbar-client:
    
       - Update to 3.9.0
        - Add support for the restricted APIs
        - Add --raw to "proposal show" and "proposal edit"
        - Correctly parse error messages that we don't handle natively
        - Better upgrade repocheck output
       - Update to 3.7.0
         - upgrade: Use cloud_version config for upgrade
         - ses: Add ses upload subcommand
         - Add cloud_version config field.
         - Wrap os-release file parsing for better reuse.
         - upgrade: Fix repocheck component in error message
         - upgrade: Better repocheck output
       - updated to version 3.6.1
         * Hide the database step when it is not used (bsc#1118004)
         * Fix help strings
         * Describe how to upgrade more nodes with one command
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE OpenStack Cloud 7:
    
          zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1450=1
    
       - SUSE Enterprise Storage 4:
    
          zypper in -t patch SUSE-Storage-4-2019-1450=1
    
    
    
    Package List:
    
       - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          crowbar-core-branding-upstream-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE OpenStack Cloud 7 (noarch):
    
          caasp-openstack-heat-templates-1.0+git.1553079189.3bf8922-1.6.2
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-devel-4.0+git.1551088848.823bcaa3-7.29.2
          crowbar-ha-4.0+git.1556181005.47c643d-4.46.3
          crowbar-openstack-4.0+git.1554887450.ff7c30c1c-9.51.3
          galera-python-clustercheck-0.0+git.1506329536.8f5878c-1.6.2
          openstack-ceilometer-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-central-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-compute-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-ipmi-7.1.1~dev4-4.15.3
          openstack-ceilometer-agent-notification-7.1.1~dev4-4.15.3
          openstack-ceilometer-api-7.1.1~dev4-4.15.3
          openstack-ceilometer-collector-7.1.1~dev4-4.15.3
          openstack-ceilometer-doc-7.1.1~dev4-4.15.3
          openstack-ceilometer-polling-7.1.1~dev4-4.15.3
          openstack-heat-gbp-5.1.1~dev1-2.6.3
          python-PyKMIP-0.5.0-3.3.3
          python-ceilometer-7.1.1~dev4-4.15.3
          python-heat-gbp-5.1.1~dev1-2.6.3
          python-pysaml2-4.0.2-3.6.3
    
       - SUSE Enterprise Storage 4 (aarch64 x86_64):
    
          crowbar-core-4.0+git.1556285635.ab602dd4d-9.46.3
          ruby2.1-rubygem-crowbar-client-3.9.0-7.14.2
    
       - SUSE Enterprise Storage 4 (noarch):
    
          crowbar-4.0+git.1551088848.823bcaa3-7.29.2
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-1000433.html
       https://www.suse.com/security/cve/CVE-2018-1000872.html
       https://bugzilla.suse.com/1063535
       https://bugzilla.suse.com/1074662
       https://bugzilla.suse.com/1112767
       https://bugzilla.suse.com/1113107
       https://bugzilla.suse.com/1118004
       https://bugzilla.suse.com/1120767
       https://bugzilla.suse.com/1122053
       https://bugzilla.suse.com/1122875
       https://bugzilla.suse.com/1123709
       https://bugzilla.suse.com/1127558
       https://bugzilla.suse.com/1127752
       https://bugzilla.suse.com/1128954
       https://bugzilla.suse.com/1128987
       https://bugzilla.suse.com/1130414
       https://bugzilla.suse.com/1131053
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://lists.suse.com/mailman/listinfo/sle-security-updates
    
    [tags] => Joomla\CMS\Helper\TagsHelper Object ( [tagsChanged:protected] => [replaceTags:protected] => [typeAlias] => [itemTags] => Array ( ) ) [jcfields] => Array ( ) [event] => stdClass Object ( [afterDisplayTitle] => [beforeDisplayContent] => ) [prev] => /advisories/suse/suse-2019-1452-1-important-libvirt [next] => /advisories/suse/suse-2019-1449-1-important-bind [prev_label] => Prev [next_label] => Next [pagination] => [paginationposition] => 1 [paginationrelative] => 0 ) [params] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [article_layout] => _:default [show_title] => 1 [link_titles] => 1 [show_intro] => 1 [info_block_position] => 0 [info_block_show_title] => 1 [show_category] => 1 [link_category] => 1 [show_parent_category] => 0 [link_parent_category] => 0 [show_associations] => 0 [flags] => 1 [show_author] => 1 [link_author] => 0 [show_create_date] => 0 [show_modify_date] => 0 [show_publish_date] => 1 [show_item_navigation] => 1 [show_vote] => 0 [show_readmore] => 1 [show_readmore_title] => 1 [readmore_limit] => 100 [show_tags] => 1 [show_icons] => 1 [show_print_icon] => 1 [show_email_icon] => 0 [show_hits] => 1 [show_noauth] => 0 [urls_position] => 0 [captcha] => [show_publishing_options] => 1 [show_article_options] => 1 [save_history] => 1 [history_limit] => 10 [show_urls_images_frontend] => 0 [show_urls_images_backend] => 1 [targeta] => 0 [targetb] => 0 [targetc] => 0 [float_intro] => left [float_fulltext] => left [category_layout] => _:blog [show_category_heading_title_text] => 1 [show_category_title] => 0 [show_description] => 0 [show_description_image] => 0 [maxLevel] => 1 [show_empty_categories] => 0 [show_no_articles] => 1 [show_subcat_desc] => 1 [show_cat_num_articles] => 0 [show_cat_tags] => 1 [show_base_description] => 1 [maxLevelcat] => -1 [show_empty_categories_cat] => 0 [show_subcat_desc_cat] => 1 [show_cat_num_articles_cat] => 1 [num_leading_articles] => 0 [num_intro_articles] => 5 [num_columns] => 1 [num_links] => 4 [multi_column_order] => 0 [show_subcategory_content] => 0 [show_pagination_limit] => 1 [filter_field] => hide [show_headings] => 1 [list_show_date] => 0 [date_format] => [list_show_hits] => 1 [list_show_author] => 1 [orderby_pri] => alpha [orderby_sec] => rdate [order_date] => created [show_pagination] => 2 [show_pagination_results] => 1 [show_featured] => show [show_feed_link] => 1 [feed_summary] => 0 [feed_show_readmore] => 0 [sef_advanced] => 1 [sef_ids] => 1 [custom_fields_enable] => 0 [show_page_heading] => 0 [layout_type] => blog [menu_text] => 1 [menu_show] => 1 [secure] => 0 [menulayout] => {"width":600,"menuItem":1,"menuAlign":"right","layout":[{"type":"row","attr":[{"type":"column","colGrid":12,"menuParentId":"108","moduleId":""}]}]} [megamenu] => 0 [showmenutitle] => 1 [enable_page_title] => 0 [page_title] => Advisories [page_description] => LinuxSecurity.com is the community's central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals. [page_rights] => [robots] => [access-view] => 1 ) [initialized:protected] => 1 [separator] => . ) ) [config] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( [basic] => stdClass Object ( [include_categories] => 1 [categories] => Array ( [0] => 179 [1] => 171 [2] => 84 [3] => 83 [4] => 82 [5] => 81 [6] => 80 [7] => 79 [8] => 78 [9] => 77 [10] => 76 [11] => 75 [12] => 74 [13] => 73 [14] => 72 [15] => 69 [16] => 67 [17] => 178 [18] => 181 [19] => 87 [20] => 89 [21] => 91 [22] => 98 [23] => 99 [24] => 100 [25] => 172 [26] => 197 [27] => 198 [28] => 199 [29] => 200 [30] => 182 [31] => 159 [32] => 102 [33] => 183 [34] => 157 [35] => 156 [36] => 184 [37] => 107 [38] => 106 [39] => 105 [40] => 104 [41] => 103 [42] => 185 [43] => 186 [44] => 108 [45] => 187 [46] => 160 [47] => 166 [48] => 169 [49] => 161 [50] => 167 [51] => 162 [52] => 163 [53] => 188 [54] => 170 [55] => 189 [56] => 196 ) [exclude_content_items] => Array ( ) [disable_additional_comments] => Array ( ) ) [security] => stdClass Object ( [authorised_users] => Array ( [0] => 6 [1] => 7 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 8 ) [auto_publish] => 1 [notify_moderators] => 0 [moderators] => Array ( [0] => 8 ) [captcha] => 1 [captcha_type] => default [maxlength_text] => 30000 ) [layout] => stdClass Object ( [tree] => 1 [sort] => 0 [comments_per_page] => 10 [support_ubb] => 1 [support_pictures] => 0 [pictures_maxwidth] => 200 [voting_visible] => 1 [date_format] => age [show_readon] => 1 [menu_readon] => 0 [intro_only] => 0 [emoticon_pack] => modern ) [template] => stdClass Object ( [template] => default ) [template_params] => stdClass Object ( [emulate_bootstrap] => 1 [minify_scripts] => 0 [notify_users] => 1 [pagination_position] => 0 [form_position] => 1 [form_avatar] => 1 [form_ubb] => 1 [required_user] => 1 [required_email] => 1 [show_rss] => 1 [show_search] => 1 [preview_visible] => 1 [preview_length] => 80 [preview_lines] => 10 ) [integrations] => stdClass Object ( [gravatar] => 1 [support_profiles] => 0 ) [global] => stdClass Object ( [censorship_word_list] => Array ( ) ) ) [initialized:protected] => 1 [separator] => . [id] => 1 [component] => com_content ) [count] => 0 [contentId] => 268402 [component] => com_content [allowedToPost] => [discussionClosed] => [emoticons] => Array ( [:angry:] => /media/com_comment/emoticons/modern/images/Angry.gif [:angry-red:] => /media/com_comment/emoticons/modern/images/Angry-Red.gif [:evil:] => /media/com_comment/emoticons/modern/images/Evil-Toothy.gif [:idea:] => /media/com_comment/emoticons/modern/images/Idea.gif [:love:] => /media/com_comment/emoticons/modern/images/Love.gif [:x] => /media/com_comment/emoticons/modern/images/Mad.gif [:no-comments:] => /media/com_comment/emoticons/modern/images/No-Comments.gif [:ooo:] => /media/com_comment/emoticons/modern/images/Oooo.gif [:pirate:] => /media/com_comment/emoticons/modern/images/Pirate.gif [:?:] => /media/com_comment/emoticons/modern/images/Question.gif [:(] => /media/com_comment/emoticons/modern/images/Sad.gif [:sleep:] => /media/com_comment/emoticons/modern/images/Sleeping.gif [:)] => /media/com_comment/emoticons/modern/images/Smile.gif [,)] => /media/com_comment/emoticons/modern/images/Wink.gif [,))] => /media/com_comment/emoticons/modern/images/Wink-2.gif [:0] => /media/com_comment/emoticons/modern/images/Wooo.gif ) [customfieldsForm] => Joomla\CMS\Form\Form Object ( [data:protected] => Joomla\Registry\Registry Object ( [data:protected] => stdClass Object ( ) [initialized:protected] => [separator] => . ) [errors:protected] => Array ( ) [name:protected] => customfields [options:protected] => Array ( [control] => jform ) [xml:protected] => SimpleXMLElement Object ( [fields] => SimpleXMLElement Object ( [@attributes] => Array ( [name] => customfields ) ) ) [repeat] => ) )

    Comments powered by CComment

    LinuxSecurity Poll

    Have you used our RSS feeds?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    21
    radio
    [{"id":"77","title":"Yes, for articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"78","title":"Yes, for advisories","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"79","title":"Hybrid that contains both","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"80","title":"No","votes":"2","type":"x","order":"4","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.