Recommended update for various Crowbar barclamps and OpenStack components

Announcement ID:	SUSE-RU-2015:1730-1
Rating:	moderate
References:	bsc#895594 bsc#915245 bsc#917091 bsc#917328 bsc#919963 bsc#922751 bsc#927625 bsc#928189 bsc#931043 bsc#931284 bsc#931839 bsc#934225 bsc#934523 bsc#934651 bsc#934688 bsc#937117
Cross-References:	CVE-2015-0259
CVSS scores:
Affected Products:	SUSE Cloud 5

An update that solves one vulnerability and has 15 fixes can now be installed.

Description:

This update provides fixes and enhancements for various Crowbar barclamps and OpenStack components.

crowbar-barclamp-ceilometer:

• Do not assume ceilometer-agent-hyperv is listed in elements. (bsc#937117)

crowbar-barclamp-cinder:

• Fix hideShow toggle of password_field in backends. (bsc#919963)

crowbar-barclamp-neutron:

• Set dhcp_agents_per_network option. (bsc#928189)
• Set dhcp_agents_per_network only in HA mode. (bsc#934651)
• Allocate SDN IP for NSX nodes. (bsc#934688)
• Pass keystone admin password to neutron-ha-tool via file. (bsc#922751)
• Use lower MTU value for GRE+VXLAN tunnels. (bsc#917328)
• Allow Nova to work with ssl-keystone. (bsc#895594)

crowbar-barclamp-nova:

• Add support for Docker as tech preview. (fate#317913)
• Enable the 2.1 API. (bsc#934225)
• Fix parsing of "virsh secret-list" header. (bsc#931284)
• Allow neutron+glance+cinder to work with ssl-keystone. (bsc#895594)

openstack-neutron:

• Change neutron-ha-tool to read password from /etc/neutron/os_password. (bsc#922751)
• Allow images with existing routes in the network 169.254.0.0/16 to access metadata server. (bnc#915245)

openstack-nova:

• Backport of the NUMA checks from the master branch. (bsc#931043)
• Fix metadata not returning just instance private IP. (bsc#934523)
• Enable tenant/user specific instance filtering. (bsc#927625)
• Cleanup allocated networks after rescheduling. (bsc#931839)
• Websocket Proxy should verify Origin header to prevent Cross-Site WebSocket hijacking. (bsc#917091, CVE-2015-0259)

The packages crowbar-barclamp-keystone, crowbar-barclamp-hyperv and openstack-resource-agents also received bug fixes and enhancements. For a comprehensive list of changes please refer to each package's change log.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Cloud 5
  zypper in -t patch sleclo50sp3-crowbar-barclamp-201508-12124=1

Package List:

• SUSE Cloud 5 (noarch)
  • crowbar-barclamp-hyperv-1.9+git.1432022529.1952009-10.8
  • openstack-neutron-doc-2014.2.4~a0~dev78-13.9
  • crowbar-barclamp-nova-1.9+git.1438201051.f8b5f34-9.8
  • crowbar-barclamp-hyperv-data-1.9+git.1432022529.1952009-10.8
  • crowbar-barclamp-ceilometer-1.9+git.1438201205.04a7436-9.8
  • openstack-resource-agents-1.0+git.1417010594.e813e10-9.2
  • openstack-nova-doc-2014.2.4~a0~dev61-11.4
  • crowbar-barclamp-neutron-1.9+git.1438265717.eb633ae-9.8
  • crowbar-barclamp-cinder-1.9+git.1438200979.c385b03-10.8
  • crowbar-barclamp-keystone-1.9+git.1438197158.e32ec9e-10.7
• SUSE Cloud 5 (x86_64)
  • openstack-neutron-ibm-agent-2014.2.4~a0~dev78-13.4
  • python-neutron-2014.2.4~a0~dev78-13.4
  • openstack-nova-objectstore-2014.2.4~a0~dev61-11.4
  • openstack-nova-serialproxy-2014.2.4~a0~dev61-11.4
  • openstack-neutron-l3-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-api-2014.2.4~a0~dev61-11.4
  • openstack-neutron-nec-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-compute-2014.2.4~a0~dev61-11.4
  • openstack-neutron-vpn-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-metadata-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-metering-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-restproxy-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-scheduler-2014.2.4~a0~dev61-11.4
  • openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-cells-2014.2.4~a0~dev61-11.4
  • openstack-neutron-ryu-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-consoleauth-2014.2.4~a0~dev61-11.4
  • openstack-nova-console-2014.2.4~a0~dev61-11.4
  • openstack-nova-2014.2.4~a0~dev61-11.4
  • openstack-nova-novncproxy-2014.2.4~a0~dev61-11.4
  • openstack-nova-vncproxy-2014.2.4~a0~dev61-11.4
  • python-nova-2014.2.4~a0~dev61-11.4
  • openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-13.4
  • openstack-nova-conductor-2014.2.4~a0~dev61-11.4
  • openstack-neutron-mlnx-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-server-2014.2.4~a0~dev78-13.4
  • openstack-neutron-nvsd-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-13.4
  • openstack-neutron-2014.2.4~a0~dev78-13.4
  • openstack-neutron-ha-tool-2014.2.4~a0~dev78-13.4
  • openstack-nova-cert-2014.2.4~a0~dev61-11.4
  • openstack-neutron-plugin-cisco-2014.2.4~a0~dev78-13.4

References:

• https://www.suse.com/security/cve/CVE-2015-0259.html
• https://bugzilla.suse.com/show_bug.cgi?id=895594
• https://bugzilla.suse.com/show_bug.cgi?id=915245
• https://bugzilla.suse.com/show_bug.cgi?id=917091
• https://bugzilla.suse.com/show_bug.cgi?id=917328
• https://bugzilla.suse.com/show_bug.cgi?id=919963
• https://bugzilla.suse.com/show_bug.cgi?id=922751
• https://bugzilla.suse.com/show_bug.cgi?id=927625
• https://bugzilla.suse.com/show_bug.cgi?id=928189
• https://bugzilla.suse.com/show_bug.cgi?id=931043
• https://bugzilla.suse.com/show_bug.cgi?id=931284
• https://bugzilla.suse.com/show_bug.cgi?id=931839
• https://bugzilla.suse.com/show_bug.cgi?id=934225
• https://bugzilla.suse.com/show_bug.cgi?id=934523
• https://bugzilla.suse.com/show_bug.cgi?id=934651
• https://bugzilla.suse.com/show_bug.cgi?id=934688
• https://bugzilla.suse.com/show_bug.cgi?id=937117