Recommended update for ardana-horizon, ardana-logging, ardana-monasca, ardana-mq, ardana-osconfig, crowbar-ha, crowbar-openstack, kibana, openstack-neutron, openstack-nova, python-Django, release-note

Announcement ID: SUSE-RU-2021:0351-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2016-8611 ( NVD ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2020-10743 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
  • CVE-2020-10743 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • CVE-2021-3281 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2021-3281 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
  • HPE Helion OpenStack 8
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud Crowbar 8

An update that solves three vulnerabilities, contains 77 features and has four fixes can now be installed.

Description:

This update for ardana-horizon, ardana-logging, ardana-monasca, ardana-mq, ardana-osconfig, crowbar-ha, crowbar-openstack, kibana, openstack-neutron, openstack-nova, python-Django, release-notes-suse-openstack-cloud, sleshammer, spark fixes the following issues:

Security fix from this update: python-Django1 - CVE-2021-3281: Fixed a potential directory traversal when extracting archives (bsc#1181379).

Changes in ardana-horizon_Update: - Update to version 8.0+git.1610733160.0f577f4: * Add Fix for logfile permissions (bsc#1179189)

Changes in ardana-logging_Update: - Update to version 8.0+git.1610573640.452aed1: * Remove some files from upgrade.yml (bsc#1179189)

Changes in ardana-monasca_Update: - Update to version 8.0+git.1610740501.5dca121: * Add Fix for logfile permissions (bsc#1179189)

Changes in ardana-mq_Update: - Update to version 8.0+git.1605176800.52cccfa: * Re-enable mirroring of fanout and reply queues (bsc#1177611)

Changes in ardana-osconfig_Update: - Update to version 8.0+git.1610643571.91b88d6: * Remove SLES-12-SP3-LTSS repos (bsc#1180916)

Changes in crowbar-ha: - Update to version 5.0+git.1610564036.b75ee1b: * [5.0] crowbar-pacemaker: Cluster member SSH key improvements

Changes in crowbar-openstack: - Update to version 5.0+git.1610402513.08dca931e: * neutron: Fix handling of networks with non-ascii names (SOC-11429)

  • Update to version 5.0+git.1610372799.621afb999:
  • keystone: fix keystone node lookup (SOC-11333, bsc#1164838)

Changes in kibana: - Add 0001-Configurable-custom-response-headers-for-server.patch (bsc#1171909, CVE-2020-10743)

  • Added kibana.yml symlink (bsc#1048688, FATE#323204)

Changes in openstack-nova_Update: - Update to version nova-16.1.9.dev78: * [stable-only] Cap bandit to 1.6.2

Changes in python-Django_Update: - Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281) * Fixes a potential directory traversal when extracting archives

Changes in release-notes-suse-openstack-cloud: - Fix incorrect issue number for bsc#1179955 - Update to version 8.20201214: * Add workaround for secure boot issue when shim package is updated. (bsc#1179955)

Changes in spark_Update: - Add _constraints to prevent build from running out of disk space.

Changes in sleshammer: - Really drop etc/udev/rules.d/70-persistent-net.rules from the overlay it was still present in the tarball. (SOC-9288)

  • added ruby2.1-rubygem-crowbar-client providing crowbarctl

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • HPE Helion OpenStack 8
    zypper in -t patch HPE-Helion-OpenStack-8-2021-351=1
  • SUSE OpenStack Cloud 8
    zypper in -t patch SUSE-OpenStack-Cloud-8-2021-351=1
  • SUSE OpenStack Cloud Crowbar 8
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-351=1

Package List:

  • HPE Helion OpenStack 8 (noarch)
    • spark-1.6.3-8.6.1
    • openstack-nova-cells-16.1.9~dev78-3.45.1
    • venv-openstack-nova-x86_64-16.1.9~dev78-11.34.1
    • openstack-nova-placement-api-16.1.9~dev78-3.45.1
    • venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.34.1
    • ardana-horizon-8.0+git.1610733160.0f577f4-3.21.1
    • openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.40.1
    • openstack-nova-doc-16.1.9~dev78-3.45.1
    • openstack-neutron-dhcp-agent-11.0.9~dev69-3.40.1
    • openstack-neutron-server-11.0.9~dev69-3.40.1
    • openstack-nova-consoleauth-16.1.9~dev78-3.45.1
    • openstack-neutron-ha-tool-11.0.9~dev69-3.40.1
    • venv-openstack-neutron-x86_64-11.0.9~dev69-13.36.1
    • openstack-nova-vncproxy-16.1.9~dev78-3.45.1
    • openstack-nova-serialproxy-16.1.9~dev78-3.45.1
    • openstack-nova-compute-16.1.9~dev78-3.45.1
    • ardana-osconfig-8.0+git.1610643571.91b88d6-3.52.1
    • openstack-neutron-openvswitch-agent-11.0.9~dev69-3.40.1
    • openstack-nova-console-16.1.9~dev78-3.45.1
    • openstack-nova-conductor-16.1.9~dev78-3.45.1
    • openstack-neutron-metering-agent-11.0.9~dev69-3.40.1
    • python-Django-1.11.29-3.22.1
    • openstack-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-doc-11.0.9~dev69-3.40.1
    • ardana-mq-8.0+git.1605176800.52cccfa-3.29.1
    • python-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-l3-agent-11.0.9~dev69-3.40.1
    • openstack-nova-api-16.1.9~dev78-3.45.1
    • ardana-monasca-8.0+git.1610740501.5dca121-3.27.1
    • openstack-nova-scheduler-16.1.9~dev78-3.45.1
    • openstack-neutron-metadata-agent-11.0.9~dev69-3.40.1
    • release-notes-hpe-helion-openstack-8.20201214-3.29.1
    • openstack-neutron-macvtap-agent-11.0.9~dev69-3.40.1
    • ardana-logging-8.0+git.1610573640.452aed1-3.27.1
    • python-nova-16.1.9~dev78-3.45.1
    • openstack-nova-16.1.9~dev78-3.45.1
    • openstack-nova-novncproxy-16.1.9~dev78-3.45.1
  • HPE Helion OpenStack 8 (x86_64)
    • kibana-4.6.3-3.6.1
    • kibana-debuginfo-4.6.3-3.6.1
  • SUSE OpenStack Cloud 8 (noarch)
    • spark-1.6.3-8.6.1
    • openstack-nova-cells-16.1.9~dev78-3.45.1
    • venv-openstack-nova-x86_64-16.1.9~dev78-11.34.1
    • openstack-nova-placement-api-16.1.9~dev78-3.45.1
    • ardana-horizon-8.0+git.1610733160.0f577f4-3.21.1
    • openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.40.1
    • openstack-nova-doc-16.1.9~dev78-3.45.1
    • openstack-neutron-dhcp-agent-11.0.9~dev69-3.40.1
    • openstack-neutron-server-11.0.9~dev69-3.40.1
    • openstack-nova-consoleauth-16.1.9~dev78-3.45.1
    • openstack-neutron-ha-tool-11.0.9~dev69-3.40.1
    • venv-openstack-neutron-x86_64-11.0.9~dev69-13.36.1
    • openstack-nova-vncproxy-16.1.9~dev78-3.45.1
    • openstack-nova-serialproxy-16.1.9~dev78-3.45.1
    • openstack-nova-compute-16.1.9~dev78-3.45.1
    • release-notes-suse-openstack-cloud-8.20201214-3.29.1
    • ardana-osconfig-8.0+git.1610643571.91b88d6-3.52.1
    • openstack-neutron-openvswitch-agent-11.0.9~dev69-3.40.1
    • openstack-nova-console-16.1.9~dev78-3.45.1
    • openstack-nova-conductor-16.1.9~dev78-3.45.1
    • openstack-neutron-metering-agent-11.0.9~dev69-3.40.1
    • python-Django-1.11.29-3.22.1
    • openstack-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-doc-11.0.9~dev69-3.40.1
    • ardana-mq-8.0+git.1605176800.52cccfa-3.29.1
    • venv-openstack-horizon-x86_64-12.0.5~dev6-14.34.3
    • python-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-l3-agent-11.0.9~dev69-3.40.1
    • openstack-nova-api-16.1.9~dev78-3.45.1
    • ardana-monasca-8.0+git.1610740501.5dca121-3.27.1
    • openstack-nova-scheduler-16.1.9~dev78-3.45.1
    • openstack-neutron-metadata-agent-11.0.9~dev69-3.40.1
    • openstack-neutron-macvtap-agent-11.0.9~dev69-3.40.1
    • ardana-logging-8.0+git.1610573640.452aed1-3.27.1
    • python-nova-16.1.9~dev78-3.45.1
    • openstack-nova-16.1.9~dev78-3.45.1
    • openstack-nova-novncproxy-16.1.9~dev78-3.45.1
  • SUSE OpenStack Cloud 8 (x86_64)
    • kibana-4.6.3-3.6.1
    • kibana-debuginfo-4.6.3-3.6.1
  • SUSE OpenStack Cloud Crowbar 8 (noarch)
    • spark-1.6.3-8.6.1
    • openstack-nova-cells-16.1.9~dev78-3.45.1
    • sleshammer-debugsource-0.8.0-0.20.2
    • sleshammer-s390x-0.8.0-0.20.2
    • openstack-nova-placement-api-16.1.9~dev78-3.45.1
    • openstack-neutron-linuxbridge-agent-11.0.9~dev69-3.40.1
    • openstack-nova-doc-16.1.9~dev78-3.45.1
    • openstack-neutron-dhcp-agent-11.0.9~dev69-3.40.1
    • openstack-neutron-server-11.0.9~dev69-3.40.1
    • openstack-nova-consoleauth-16.1.9~dev78-3.45.1
    • openstack-neutron-ha-tool-11.0.9~dev69-3.40.1
    • sleshammer-x86_64-0.8.0-0.20.2
    • openstack-nova-vncproxy-16.1.9~dev78-3.45.1
    • openstack-nova-serialproxy-16.1.9~dev78-3.45.1
    • openstack-nova-compute-16.1.9~dev78-3.45.1
    • release-notes-suse-openstack-cloud-8.20201214-3.29.1
    • openstack-neutron-openvswitch-agent-11.0.9~dev69-3.40.1
    • openstack-nova-console-16.1.9~dev78-3.45.1
    • openstack-nova-conductor-16.1.9~dev78-3.45.1
    • crowbar-openstack-5.0+git.1610402513.08dca931e-4.49.1
    • openstack-neutron-metering-agent-11.0.9~dev69-3.40.1
    • python-Django-1.11.29-3.22.1
    • openstack-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-doc-11.0.9~dev69-3.40.1
    • sleshammer-ppc64le-0.8.0-0.20.2
    • python-neutron-11.0.9~dev69-3.40.1
    • openstack-neutron-l3-agent-11.0.9~dev69-3.40.1
    • openstack-nova-api-16.1.9~dev78-3.45.1
    • crowbar-ha-5.0+git.1610564036.b75ee1b-3.35.1
    • openstack-nova-scheduler-16.1.9~dev78-3.45.1
    • openstack-neutron-metadata-agent-11.0.9~dev69-3.40.1
    • sleshammer-aarch64-0.8.0-0.20.2
    • openstack-neutron-macvtap-agent-11.0.9~dev69-3.40.1
    • python-nova-16.1.9~dev78-3.45.1
    • openstack-nova-16.1.9~dev78-3.45.1
    • openstack-nova-novncproxy-16.1.9~dev78-3.45.1
  • SUSE OpenStack Cloud Crowbar 8 (x86_64)
    • kibana-4.6.3-3.6.1
    • kibana-debuginfo-4.6.3-3.6.1

References: