SUSE: 2020:0311-1 Critical Security Advisory for Crowbar Password Leak
suse
February 3, 2020
An update that fixes two vulnerabilities is now available
Summary
This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client contains the following fixes: Security fixes for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080) Changes in crowbar-core: - Update to version 4.0+git.1578392992.fabfd186c: * Avoid nil crash when provisioner attributes are not set (bsc#1160048) - Update to version 4.0+git.1578294389.acc7385d5: * Adding CVE-2019-16770 to the ignore list, regarding SOC-10999. Changes in crowbar-openstack: - Update to version 4.0+git.1579171175.d53ab6363: * tempest: tempest run filters as templates (SOC-11052) * Add tempest filters based on services (SOC-9801) Changes in openstack-neutron-fwaas:
Topics Covered
References
#1117080 #1160048
Cross- CVE-2018-17954 CVE-2019-16770
Affected Products:
SUSE OpenStack Cloud 7
https://www.suse.com/security/cve/CVE-2018-17954.html
https://www.suse.com/security/cve/CVE-2019-16770.html
https://bugzilla.suse.com/1117080
https://bugzilla.suse.com/1160048
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2020:0311-1
Rating: critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!