Recommended update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila,

Announcement ID:	SUSE-RU-2021:0497-1
Rating:	important
References:	bsc#1048688 bsc#1149535 bsc#1179189 bsc#1179955 bsc#1180507 bsc#1181040 bsc#1181379 bsc#1181521 jsc#SOC-11429
Cross-References:	CVE-2021-3281
CVSS scores:	CVE-2021-3281 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-3281 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:	SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves one vulnerability, contains one feature and has seven fixes can now be installed.

Description:

This update for ardana-db, ardana-horizon, ardana-logging, ardana-monasca, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, crowbar-openstack, kibana, openstack-dashboard, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, release-notes-suse-openstack-cloud, sleshammer fixes the following issues:

Security fix included in this update: python-Django1 - CVE-2021-3281: Fixed a potential directory traversal when extracting archives (bsc#1181379).

Non-security fixes included in this update

Changes in ardana-db: - Update to version 9.0+git.1611600773.5f1de5f: * Add tasks to check for the TLS certificate expiry (bsc#1181040)

Changes in ardana-horizon: - Update to version 9.0+git.1610491814.38661c2: * Add Fix for logfile permissions (bsc#1179189)

Changes in ardana-logging: - Update to version 9.0+git.1610490922.d5f9813: * Remove some files and fix mysql logs locations (bsc#1179189)

Changes in ardana-monasca: - Update to version 9.0+git.1610547641.d79ecfd: * Add Fix for logfile permissions (bsc#1179189)

Changes in ardana-opsconsole-ui: - Update to version 9.0+git.1611867924.eb82818: * Adjust period used to query monasca summary metrics (bsc#1181521)

Changes in ardana-osconfig: - Update to version 9.0+git.1610634027.5934cf8: * Fix logrotate code that needs to silence the grep (bsc#1179189)

Changes in crowbar-core: - Update to version 6.0+git.1611320924.849e748ff: * avoid v4.1.5 of delayed_job_active_record (noref) * add CVE-2020-26247 to travis ignore list (bsc#1180507)

Changes in crowbar-openstack: - Update to version 6.0+git.1610402342.21499240d: * neutron: Fix handling of networks with non-ascii names (SOC-11429)

• Update to version 6.0+git.1610374680.e68ff27d2:
• Terminate ssl on haproxy for cinder (bsc#1149535)
• Terminate ssl on haproxy for nova (bsc#1149535)

Changes in kibana: - Added kibana.yml symlink (bsc#1048688, FATE#323204) Changes in openstack-dashboard: - add 0001-Fix-network_topology-view-memory-and-file-leaks.patch

• Update to version horizon-14.1.1.dev10:

• Fix open redirect (OSSA-2020-008, CVE-2020-29565)

• Update to version horizon-14.1.1.dev8:

• Cap bandit for python 2.7 env

Changes in openstack-manila: - Update to version manila-7.4.2.dev60: * [stable/rocky] Adjust CI jobs * [NetApp] Fix CIFS promote back issue

• Update to version manila-7.4.2.dev58:
• [stable/rocky] Adjust CI jobs

Changes in openstack-manila: - Update to version manila-7.4.2.dev60: * [stable/rocky] Adjust CI jobs * [NetApp] Fix CIFS promote back issue

• Update to version manila-7.4.2.dev58:
• [stable/rocky] Adjust CI jobs

Changes in openstack-neutron: - Update to version neutron-13.0.8.dev147: * Improve DHCP agent's debug messages

• Update to version neutron-13.0.8.dev145:

• Use consistent filter API syntax

• Update to version neutron-13.0.8.dev144:

• Improve the CIDRs overlap check method for router add interface

• Update to version neutron-13.0.8.dev142:

• [GRE] Add possibility to create GRE tunnels over IPv6

• Update to version neutron-13.0.8.dev140:

• Fix migration from the HA to non-HA routers

• Update to version neutron-13.0.8.dev138:

• Dropping lower constraints testing (stable Rocky)

• Fix calling of add_tunnel_port method from sanity checks module

• Update to version neutron-13.0.8.dev136:

• Dropping lower constraints testing (stable Rocky)

Changes in openstack-neutron: - Update to version neutron-13.0.8.dev147: * Improve DHCP agent's debug messages

• Update to version neutron-13.0.8.dev145:

• Use consistent filter API syntax

• Update to version neutron-13.0.8.dev144:

• Improve the CIDRs overlap check method for router add interface

• Update to version neutron-13.0.8.dev142:

• [GRE] Add possibility to create GRE tunnels over IPv6

• Update to version neutron-13.0.8.dev140:

• Fix migration from the HA to non-HA routers

• Update to version neutron-13.0.8.dev138:

• Dropping lower constraints testing (stable Rocky)

• Fix calling of add_tunnel_port method from sanity checks module

• Update to version neutron-13.0.8.dev136:

• Dropping lower constraints testing (stable Rocky)

Changes in openstack-neutron-gbp: - Update to version group-based-policy-12.0.1.dev16: * [AIM] Add extension for ERSPAN 2014.2.rc1

• Update to version group-based-policy-12.0.1.dev15:

• Fix QoS unit tests 2014.2rc1

• Update to version group-based-policy-12.0.1.dev14:

• Fix session handling

• Fix DB query call 2014.2.0rc1

• Update to version group-based-policy-12.0.1.dev11:

• Fix bug where security-group rule config doesn't reflect new VMs addition

• Fix DB performance with sessions 2014.2rc1

• Update to version group-based-policy-12.0.1.dev8: 2014.2.0rc1

• Update to version group-based-policy-12.0.1.dev11:

• Fix bug where security-group rule config doesn't reflect new VMs addition

• Fix DB performance with sessions 2014.2rc1

• Update to version group-based-policy-12.0.1.dev8:

• Fix upstream gate 2014.2.0rc1

• Update to version group-based-policy-12.0.1.dev7:

• Block qos config in floating ip
• Fix upstream gate 2014.2rc1

Changes in openstack-nova: - Update to version nova-18.3.1.dev78: * [stable-only] Cap bandit and make lower-constraints job non-voting

Changes in openstack-nova: - Update to version nova-18.3.1.dev78: * [stable-only] Cap bandit and make lower-constraints job non-voting

Changes in python-Django1: - Add CVE-2021-3281.patch (bsc#1181379, CVE-2021-3281) * Fixes a potential directory traversal when extracting archives

Changes in release-notes-suse-openstack-cloud: - Update to version 9.20201214: * Add workaround for secure boot issue when shim package is updated. Removed deprecated note about Crowbar Octavia plugin. (bsc#1179955)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2021-497=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-497=1

Package List:

• SUSE OpenStack Cloud 9 (noarch)
  • python-manila-7.4.2~dev60-4.33.2
  • openstack-manila-share-7.4.2~dev60-4.33.2
  • openstack-manila-data-7.4.2~dev60-4.33.2
  • openstack-nova-novncproxy-18.3.1~dev78-3.34.2
  • openstack-neutron-server-13.0.8~dev147-3.34.2
  • openstack-manila-api-7.4.2~dev60-4.33.2
  • openstack-neutron-gbp-12.0.1~dev16-3.22.2
  • python-nova-18.3.1~dev78-3.34.2
  • openstack-nova-18.3.1~dev78-3.34.2
  • python-neutron-13.0.8~dev147-3.34.2
  • openstack-neutron-macvtap-agent-13.0.8~dev147-3.34.2
  • ardana-monasca-9.0+git.1610547641.d79ecfd-3.22.1
  • openstack-nova-cells-18.3.1~dev78-3.34.2
  • openstack-neutron-13.0.8~dev147-3.34.2
  • openstack-nova-console-18.3.1~dev78-3.34.2
  • release-notes-suse-openstack-cloud-9.20201214-3.27.2
  • ardana-horizon-9.0+git.1610491814.38661c2-3.16.1
  • openstack-neutron-dhcp-agent-13.0.8~dev147-3.34.2
  • venv-openstack-manila-x86_64-7.4.2~dev60-3.27.2
  • venv-openstack-neutron-x86_64-13.0.8~dev147-6.25.2
  • ardana-logging-9.0+git.1610490922.d5f9813-3.16.1
  • openstack-dashboard-14.1.1~dev10-3.21.3
  • python-Django1-1.11.29-3.18.2
  • openstack-neutron-metering-agent-13.0.8~dev147-3.34.2
  • venv-openstack-horizon-x86_64-14.1.1~dev10-4.25.2
  • ardana-db-9.0+git.1611600773.5f1de5f-3.22.1
  • openstack-neutron-ha-tool-13.0.8~dev147-3.34.2
  • openstack-manila-scheduler-7.4.2~dev60-4.33.2
  • ardana-osconfig-9.0+git.1610634027.5934cf8-3.25.1
  • openstack-nova-api-18.3.1~dev78-3.34.2
  • openstack-nova-vncproxy-18.3.1~dev78-3.34.2
  • openstack-neutron-openvswitch-agent-13.0.8~dev147-3.34.2
  • venv-openstack-nova-x86_64-18.3.1~dev78-3.25.2
  • openstack-nova-placement-api-18.3.1~dev78-3.34.2
  • openstack-neutron-l3-agent-13.0.8~dev147-3.34.2
  • ardana-opsconsole-ui-9.0+git.1611867924.eb82818-4.16.1
  • openstack-neutron-linuxbridge-agent-13.0.8~dev147-3.34.2
  • openstack-manila-7.4.2~dev60-4.33.2
  • openstack-nova-scheduler-18.3.1~dev78-3.34.2
  • openstack-nova-serialproxy-18.3.1~dev78-3.34.2
  • openstack-neutron-metadata-agent-13.0.8~dev147-3.34.2
  • openstack-nova-conductor-18.3.1~dev78-3.34.2
  • python-horizon-14.1.1~dev10-3.21.3
  • python-neutron-gbp-12.0.1~dev16-3.22.2
  • openstack-nova-compute-18.3.1~dev78-3.34.2
  • python-openstack_auth-14.1.1~dev10-3.21.3
• SUSE OpenStack Cloud 9 (x86_64)
  • kibana-debuginfo-4.6.3-4.6.1
  • kibana-4.6.3-4.6.1
• SUSE OpenStack Cloud Crowbar 9 (x86_64)
  • crowbar-core-6.0+git.1611320924.849e748ff-3.34.1
  • kibana-debuginfo-4.6.3-4.6.1
  • crowbar-core-branding-upstream-6.0+git.1611320924.849e748ff-3.34.1
  • kibana-4.6.3-4.6.1
• SUSE OpenStack Cloud Crowbar 9 (noarch)
  • python-manila-7.4.2~dev60-4.33.2
  • openstack-manila-share-7.4.2~dev60-4.33.2
  • openstack-manila-data-7.4.2~dev60-4.33.2
  • openstack-nova-novncproxy-18.3.1~dev78-3.34.2
  • sleshammer-debugsource-0.9.0-7.6.1
  • openstack-neutron-server-13.0.8~dev147-3.34.2
  • openstack-manila-api-7.4.2~dev60-4.33.2
  • sleshammer-x86_64-0.9.0-7.6.1
  • openstack-neutron-gbp-12.0.1~dev16-3.22.2
  • python-nova-18.3.1~dev78-3.34.2
  • openstack-nova-18.3.1~dev78-3.34.2
  • python-neutron-13.0.8~dev147-3.34.2
  • openstack-neutron-macvtap-agent-13.0.8~dev147-3.34.2
  • openstack-nova-cells-18.3.1~dev78-3.34.2
  • openstack-neutron-13.0.8~dev147-3.34.2
  • openstack-nova-console-18.3.1~dev78-3.34.2
  • release-notes-suse-openstack-cloud-9.20201214-3.27.2
  • openstack-neutron-dhcp-agent-13.0.8~dev147-3.34.2
  • openstack-dashboard-14.1.1~dev10-3.21.3
  • python-Django1-1.11.29-3.18.2
  • openstack-neutron-metering-agent-13.0.8~dev147-3.34.2
  • openstack-neutron-ha-tool-13.0.8~dev147-3.34.2
  • openstack-manila-scheduler-7.4.2~dev60-4.33.2
  • openstack-nova-api-18.3.1~dev78-3.34.2
  • crowbar-openstack-6.0+git.1610402342.21499240d-3.31.1
  • openstack-nova-vncproxy-18.3.1~dev78-3.34.2
  • openstack-neutron-openvswitch-agent-13.0.8~dev147-3.34.2
  • openstack-nova-placement-api-18.3.1~dev78-3.34.2
  • openstack-neutron-l3-agent-13.0.8~dev147-3.34.2
  • openstack-neutron-linuxbridge-agent-13.0.8~dev147-3.34.2
  • openstack-manila-7.4.2~dev60-4.33.2
  • openstack-nova-scheduler-18.3.1~dev78-3.34.2
  • openstack-nova-serialproxy-18.3.1~dev78-3.34.2
  • openstack-neutron-metadata-agent-13.0.8~dev147-3.34.2
  • openstack-nova-conductor-18.3.1~dev78-3.34.2
  • python-horizon-14.1.1~dev10-3.21.3
  • python-neutron-gbp-12.0.1~dev16-3.22.2
  • openstack-nova-compute-18.3.1~dev78-3.34.2
  • python-openstack_auth-14.1.1~dev10-3.21.3

References:

• https://www.suse.com/security/cve/CVE-2021-3281.html
• https://bugzilla.suse.com/show_bug.cgi?id=1048688
• https://bugzilla.suse.com/show_bug.cgi?id=1149535
• https://bugzilla.suse.com/show_bug.cgi?id=1179189
• https://bugzilla.suse.com/show_bug.cgi?id=1179955
• https://bugzilla.suse.com/show_bug.cgi?id=1180507
• https://bugzilla.suse.com/show_bug.cgi?id=1181040
• https://bugzilla.suse.com/show_bug.cgi?id=1181379
• https://bugzilla.suse.com/show_bug.cgi?id=1181521
• https://jira.suse.com/browse/SOC-11429