SUSE-SU-2020:0081-1
- Source
- https://www.suse.com/support/update/announcement/2020/suse-su-20200081-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0081-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:0081-1
- Related
- Published
- 2020-01-13T09:38:16Z
- Modified
- 2020-01-13T09:38:16Z
- Summary
- Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client
- Details
-
This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes:
Security issue fixed for rubygem-puma:
- CVE-2019-16770: Fixed a potential denial of service in Puma's reactor (bsc#1158675, jsc#SOC-10999)
Security issue fixed for rubygem-rest-client:
- CVE-2015-3448: Fixed a plain text local password disclosure. (bsc#917802)
Updates for crowbar-core: - Update to version 4.0+git.1574788924.e4a6aeb0c: * Allow pacemaker remotes for upgrade (SOC-10133)
- Update to version 4.0+git.1574713660.972029d1a:
- Ignore CVE-2019-13117 in CI builds (bsc#1157028)
Updates for crowbar-openstack: - Update to version 4.0+git.1574869671.9c7bade2d: * tempest: configure Kibana version (SOC-10131)
- Update to version 4.0+git.1574764112.c260c70e5:
- horizon: install lbaas horizon dashboard (SOC-10883)
Updates for openstack-horizon-plugin-monasca-ui: - Refresh allow-raw-grafana-links.patch - update to version 1.5.5~dev3 * Replace openstack.org git:// URLs with https:// * Fix the partial missing metrics in Create Alarm Definition flow * import zuul job settings from project-config * Fix incorrect splitting of dimension in ProxyView * Fix Alarm status Panel on Overview page * Change IntegerField to ChoiceField for notification period * Imported Translations from Zanata * Display unique metric names for alarm * Fix Alarm Details section in Alarm History view * Fix validators for creating and editing notifications * Center the text for the button Deterministic * Adding title to Filter Alarms pop-up * Fix misleading validation error * Fix nit found in monasca-ui * Fix Breadcrumbs * Fix description for name field * Fixing 'Create Alarm Definition' for IE11 * Imported Translations from Zanata
Updates to openstack-monasca-api: - added fix-metric-name-offset.patch (SOC-10131) - removed 0001-Fix-InfluxDB-repository-listdimensionvalues-to-sup.patch (merged upstream) - update to version 1.7.1~dev18 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Upgrade Apache Storm to 1.0.6 * Zuul: Remove project name
Updates to openstack-monasca-log-api: - added fix-tempest-region.patch (SOC-10131) - update to version 1.4.3~dev3 * Replace openstack.org git:// URLs with https:// * import zuul job settings from project-config * Avoid tox_install.sh for constraints support
Updates to openstack-neutron: - neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20200081-1/
- https://bugzilla.suse.com/1157028
- https://bugzilla.suse.com/1157482
- https://bugzilla.suse.com/1158675
- https://bugzilla.suse.com/917802
- https://www.suse.com/security/cve/CVE-2015-3448
- https://www.suse.com/security/cve/CVE-2019-13117
- https://www.suse.com/security/cve/CVE-2019-16770
- https://bugzilla.suse.com/SOC-10131
- https://bugzilla.suse.com/SOC-10133
- https://bugzilla.suse.com/SOC-10883
- https://bugzilla.suse.com/SOC-10999
Affected packages
SUSE:OpenStack Cloud 7 / crowbar-core
Package
- Name
- crowbar-core
- Purl
- purl:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0+git.1574788924.e4a6aeb0c-9.60.2
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / crowbar-openstack
Package
- Name
- crowbar-openstack
- Purl
- purl:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.0+git.1574869671.9c7bade2d-9.65.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / openstack-horizon-plugin-monasca-ui
Package
- Name
- openstack-horizon-plugin-monasca-ui
- Purl
- purl:rpm/suse/openstack-horizon-plugin-monasca-ui&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.5~dev3-8.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / openstack-monasca-api
Package
- Name
- openstack-monasca-api
- Purl
- purl:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.1~dev18-12.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / openstack-monasca-log-api
Package
- Name
- openstack-monasca-log-api
- Purl
- purl:rpm/suse/openstack-monasca-log-api&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.3~dev3-5.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / openstack-neutron
Package
- Name
- openstack-neutron
- Purl
- purl:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.4.2~dev21-7.38.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / openstack-neutron-doc
Package
- Name
- openstack-neutron-doc
- Purl
- purl:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.4.2~dev21-7.38.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}
SUSE:OpenStack Cloud 7 / rubygem-puma
Package
- Name
- rubygem-puma
- Purl
- purl:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16.0-4.3.1
Ecosystem specific
{
"binaries": [
{
"openstack-neutron-macvtap-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-openvswitch-agent": "9.4.2~dev21-7.38.1",
"ruby2.1-rubygem-puma": "2.16.0-4.3.1",
"crowbar-openstack": "4.0+git.1574869671.9c7bade2d-9.65.1",
"openstack-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-neutron-dhcp-agent": "9.4.2~dev21-7.38.1",
"python-monasca-api": "1.7.1~dev18-12.1",
"crowbar-core-branding-upstream": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-l3-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron": "9.4.2~dev21-7.38.1",
"crowbar-core": "4.0+git.1574788924.e4a6aeb0c-9.60.2",
"openstack-neutron-metadata-agent": "9.4.2~dev21-7.38.1",
"openstack-monasca-api": "1.7.1~dev18-12.1",
"openstack-neutron-doc": "9.4.2~dev21-7.38.1",
"openstack-neutron-server": "9.4.2~dev21-7.38.1",
"python-horizon-plugin-monasca-ui": "1.5.5~dev3-8.1",
"openstack-monasca-log-api": "1.4.3~dev3-5.1",
"openstack-neutron-ha-tool": "9.4.2~dev21-7.38.1",
"grafana-monasca-ui-drilldown": "1.5.5~dev3-8.1",
"openstack-neutron-linuxbridge-agent": "9.4.2~dev21-7.38.1",
"openstack-neutron-metering-agent": "9.4.2~dev21-7.38.1",
"python-monasca-log-api": "1.4.3~dev3-5.1",
"python-neutron": "9.4.2~dev21-7.38.1"
}
]
}