SUSE-SU-2020:0081-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20200081-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0081-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:0081-1
Related
Published
2020-01-13T09:38:16Z
Modified
2020-01-13T09:38:16Z
Summary
Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client
Details

This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes:

Security issue fixed for rubygem-puma:

  • CVE-2019-16770: Fixed a potential denial of service in Puma's reactor (bsc#1158675, jsc#SOC-10999)

Security issue fixed for rubygem-rest-client:

  • CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802)

Updates for crowbar-core: - Update to version 4.0+git.1574788924.e4a6aeb0c: * Allow pacemaker remotes for upgrade (SOC-10133)

  • Update to version 4.0+git.1574713660.972029d1a:
    • Ignore CVE-2019-13117 in CI builds (bsc#1157028)

Updates for crowbar-openstack: - Update to version 4.0+git.1574869671.9c7bade2d: * tempest: configure Kibana version (SOC-10131)

  • Update to version 4.0+git.1574764112.c260c70e5:
    • horizon: install lbaas horizon dashboard (SOC-10883)

Updates for openstack-horizon-plugin-monasca-ui: - Refresh allow-raw-grafana-links.patch - update to version 1.5.5~dev3 * Replace openstack.org git:// URLs with https:// * Fix the partial missing metrics in Create Alarm Definition flow * import zuul job settings from project-config * Fix incorrect splitting of dimension in ProxyView * Fix Alarm status Panel on Overview page * Change IntegerField to ChoiceField for notification period * Imported Translations from Zanata * Display unique metric names for alarm * Fix Alarm Details section in Alarm History view * Fix validators for creating and editing notifications * Center the text for the button Deterministic * Adding title to Filter Alarms pop-up * Fix misleading validation error * Fix nit found in monasca-ui * Fix Breadcrumbs * Fix description for name field * Fixing 'Create Alarm Definition' for IE11 * Imported Translations from Zanata

Updates to openstack-monasca-api: - added fix-metric-name-offset.patch (SOC-10131) - removed 0001-Fix-InfluxDB-repository-listdimensionvalues-to-sup.patch (merged upstream) - update to version 1.7.1~dev18 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Upgrade Apache Storm to 1.0.6 * Zuul: Remove project name

Updates to openstack-monasca-log-api: - added fix-tempest-region.patch (SOC-10131) - update to version 1.4.3~dev3 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Avoid tox_install.sh for constraints support

Updates to openstack-neutron: - neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/

References

Affected packages

SUSE:OpenStack Cloud 7 / crowbar-core

Package

Name
crowbar-core
Purl
pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0+git.1574788924.e4a6aeb0c-9.60.2

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / crowbar-openstack

Package

Name
crowbar-openstack
Purl
pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0+git.1574869671.9c7bade2d-9.65.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / openstack-horizon-plugin-monasca-ui

Package

Name
openstack-horizon-plugin-monasca-ui
Purl
pkg:rpm/suse/openstack-horizon-plugin-monasca-ui&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.5~dev3-8.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / openstack-monasca-api

Package

Name
openstack-monasca-api
Purl
pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1~dev18-12.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / openstack-monasca-log-api

Package

Name
openstack-monasca-log-api
Purl
pkg:rpm/suse/openstack-monasca-log-api&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3~dev3-5.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / openstack-neutron

Package

Name
openstack-neutron
Purl
pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.2~dev21-7.38.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / openstack-neutron-doc

Package

Name
openstack-neutron-doc
Purl
pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.4.2~dev21-7.38.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}

SUSE:OpenStack Cloud 7 / rubygem-puma

Package

Name
rubygem-puma
Purl
pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.0-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
            "ruby2.1-rubygem-puma": "2.16.0-4.3.1",
            "crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
            "openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-api": "1.7.1~dev18-12.1",
            "crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron": "9.4.2~dev21-7.38.1",
            "crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
            "openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
            "openstack-monasca-api": "1.7.1~dev18-12.1",
            "openstack-neutron-doc": "9.4.2~dev21-7.38.1",
            "openstack-neutron-server": "9.4.2~dev21-7.38.1",
            "python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
            "openstack-monasca-log-api": "1.4.3~dev3-5.1",
            "openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
            "grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
            "openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
            "openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
            "python-monasca-log-api": "1.4.3~dev3-5.1",
            "python-neutron": "9.4.2~dev21-7.38.1"
        }
    ]
}