Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, py

Announcement ID:	SUSE-SU-2022:1729-1
Rating:	important
References:	bsc#1118088 bsc#1179534 bsc#1184177 bsc#1186380 bsc#1189390 bsc#1189794 bsc#1192070 bsc#1192073 bsc#1192075 bsc#1193597 bsc#1193688 bsc#1193752 bsc#1194521 bsc#1194551 bsc#1194552 bsc#1194952 bsc#1194954 bsc#1199138 jsc#SOC-11620 jsc#SOC-11621
Cross-References:	CVE-2018-19787 CVE-2020-27783 CVE-2021-28957 CVE-2021-38155 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2021-43813 CVE-2021-43818 CVE-2021-44716 CVE-2022-22815 CVE-2022-22816 CVE-2022-22817 CVE-2022-23451 CVE-2022-23452 CVE-2022-29970 CVE-MISC:cve.mitre.org:MLIST:[oss-security] 20210831 [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085)
CVSS scores:	CVE-2018-19787 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2018-19787 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-27783 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-28957 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38155 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-38155 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-41182 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-41182 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-41183 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-41183 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-41184 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-41184 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43813 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43818 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVE-2021-43818 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-44716 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44716 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22815 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-22815 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-22816 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-22816 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-22817 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2022-22817 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23451 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-23451 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-23452 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2022-23452 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-29970 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-29970 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves 17 vulnerabilities, contains two features and has one security fix can now be installed.

Description:

This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues:

Security fixes included on the update:

ardana-barbican:

• Update policies to protect container secret access (SOC-11621)
• Update policies to protect secret metadata access (SOC-11620)

openstack-neutron:

• CVE-2021-40085: Fixed arbitrary dnsmasq reconfiguration via extra_dhcp_opts (bsc#1189794).

rubygem-sinatra:

• CVE-2022-29970: Fixed path traversal possible outside of public_dir when serving static files (bsc#1199138).

python-XStatic-jquery-ui:

• CVE-2021-41182: Fixed XSS in the altField option of the Datepicker widget (bsc#1192070)
• CVE-2021-41183: Fixed XSS in the of option of the .position() util (bsc#1192073)
• CVE-2021-41184: Fixed XSS in *Text options of the Datepicker widget (bsc#1192075)

python-lxml:

• CVE-2018-19787: Fixed that the lxml.html.clean module does remove javascript in lxml/html/clean.py (bsc#1118088).
• CVE-2020-27783: Fixed mXSS due to the use of improper parser (bsc#1179534).
• CVE-2021-28957: Fixed missing input sanitization for formaction HTML5 attributes that may have led to XSS (bsc#1184177).
• CVE-2021-43818: Fixed HTML Cleaner that allowed crafted and SVG embedded scripts to pass through (bsc#1193752).

openstack-barbican:

• CVE-2022-23451: Disallows authenticated users to add/modify/delete arbitrary metadata on any secret (bsc#1194952).
• CVE-2022-23452: Disallows anyone with an admin role to add their secrets to a different project's containers (bsc#1194954).

grafana:

• CVE-2021-44716: Fixed net/http: limit growth of header canonicalization cache (bsc#1193597).

openstack-keystone:

• CVE-2021-38155: Fixed information disclosure during account locking (bsc#1189390).

Non-security fixes included on the update:

Changes in ardana-barbican: - Update to version 9.0+git.1644879908.8a641c1: * Update policies to protect container secret access (SOC-11621)

• Update to version 9.0+git.1643052417.9a3348e:
• update policies to protect secret metadata access (SOC-11620)

Changes in grafana: - Add CVE-2021-43813.patch (bsc#1193688, CVE-2021-43813) * directory traversal vulnerability for .md files

• Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
• Fix Go net/http: limit growth of header canonicalization cache

Changes in openstack-barbican: - Add patches (0001-Fix-RBAC-and-ACL-access-for-managing-secret-containe.patch and 0001-Fix-policy-for-adding-a-secret-to-a-container.patch) to fix the legacy policy rules for adding a secret to a container and removing a secret from a container. bsc#1194954,CVE-2022-23452

• Add patch (0001-Fix-secret-metadata-access-rules.patch) to fix the legacy policy rules for accessing secret metadata by checking that the user making the request is authenticated for the project that owns the secret. bsc#1194952,CVE-2022-23451

Changes in openstack-cinder: - Update to version cinder-13.0.10.dev24: * Correct group:reset_group_snapshot_status policy

Changes in openstack-cinder: - Update to version cinder-13.0.10.dev24: * Correct group:reset_group_snapshot_status policy

Changes in openstack-heat-gbp: - Update to version group-based-policy-automation-14.0.1.dev4: * Add support for yoga

• Update to version group-based-policy-automation-14.0.1.dev3:

• Python2/3 compatibility fixes

• Update to version group-based-policy-automation-14.0.1.dev2:

• Add support for xena

• Update to version group-based-policy-automation-14.0.1.dev1:

• Remove py27 from gate jobs 14.0.0

Changes in openstack-horizon-plugin-gbp-ui: - Update to version group-based-policy-ui-14.0.1.dev3: * Add support for yoga

• Update to version group-based-policy-ui-14.0.1.dev2:

• Python2/3 compatibility changes

• Update to version group-based-policy-ui-14.0.1.dev1:

• Add support for xena 14.0.0

Changes in openstack-ironic: - Update to version ironic-11.1.5.dev18: * Cleanup stable/rocky legacy jobs

Changes in openstack-ironic: - Update to version ironic-11.1.5.dev18: * Cleanup stable/rocky legacy jobs

Changes in openstack-keystone: - Update to version keystone-14.2.1.dev9: * Delete system role assignments from system_assignment table

Changes in openstack-keystone: - Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix the problem where AccountLocked exception discloses sensitive information. bsc#1189390,CVE-2021-38155

• Update to version keystone-14.2.1.dev9:
• Delete system role assignments from system_assignment table

Changes in openstack-neutron-gbp: - Update to version group-based-policy-14.0.1.dev33: * Populate network mtu for erspan

• Update to version group-based-policy-14.0.1.dev32:

• ERSPAN config error when Openstack port is created in a different project than network it belongs to 2014.2.rc1

• Update to version group-based-policy-14.0.1.dev31:

• Python2/3 compatibility fixes 2014.2.0rc1

• Update to version group-based-policy-14.0.1.dev29:

• Fix oslo_i18n usage

• Update to version group-based-policy-14.0.1.dev27:

• Update mechanism_driver cache 2014.2.rc1

• Update to version group-based-policy-14.0.1.dev26:

• Add support for xena

• Update to version group-based-policy-14.0.1.dev24:

• update_floatingip_status_while_deleting_the_vm

• Update to version group-based-policy-14.0.1.dev22:

• Updating host id by appending pid in existing host id 2014.2.0rc1

• Update to version group-based-policy-14.0.1.dev20:

• Revert "Add workaround to get_subnets"

Changes in python-lxml: - Fix bsc#1179534 (CVE-2020-27783) mXSS due to the use of improper parser Patch files: 0001-CVE-2020-27783.patch 0002-CVE-2020-27783.patch - Fix bsc#1118088 (CVE-2018-19787) lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks Patch file: 0001-CVE-2018-19787.patch - Fix bsc#1184177 (CVE-2021-28957) missing input sanitization for formaction HTML5 attributes may lead to XSS Patch file: 0001-CVE-2021-28957.patch - Fix bsc#1193752 (CVE-2021-43818) Cleaner: Remove SVG image data URLs since they can embed script content. Reported as GHSL-2021-1037 and GHSL-2021-1038 Patch files 0001-CVE-2021-43818.patch 0002-CVE-2021-43818.patch

Changes in openstack-neutron-doc: - Update to version neutron-13.0.8.dev206: * Wait longer before deleting DPDK vhu trunk bridges

• Update to version neutron-13.0.8.dev205:

• Do no use "--strict" for OF deletion in TRANSIENT_TABLE

• Update to version neutron-13.0.8.dev203:

• Populate self.floating_ips_dict using "ip rule" information

• Update to version neutron-13.0.8.dev201:

• [Functional] Wait for the initial state of ha router before test

• Don't setup bridge controller if it is already set

• Update to version neutron-13.0.8.dev198:

• Remove dhcp_extra_opt name after first newline character

• Update to version neutron-13.0.8.dev196:

• [L3] Use processing queue for network update events

• Add extra logs to the network update callback in L3 agent

• Update to version neutron-13.0.8.dev192:

• Remove dhcp_extra_opt value after first newline character

• Update to version neutron-13.0.8.dev190:

• Don't use singleton in routes.middleware.RoutesMiddleware

• Update to version neutron-13.0.8.dev189:

• Fix notify listener syntax for SEGMENT_HOST_MAPPING

• Update to version neutron-13.0.8.dev188:

• Clean port forwarding cache when router is DOWN

• Update to version neutron-13.0.8.dev186:

• Remove FIP agent's gw port when L3 agent is deleted

• Update to version neutron-13.0.8.dev184:

• Force to close http connection after notify about HA router status

• Update to version neutron-13.0.8.dev183:

• Don't configure dnsmasq entries for "network" ports

• Update to version neutron-13.0.8.dev181:

• Exclude fallback tunnel devices from netns cleanup

• Update to version neutron-13.0.8.dev180:

• [DVR] Send allowed address pairs info to the L3 agents
• designate: allow PTR zone creation to fail

• Don't try to create default SG when security groups are disabled

• Update to version neutron-13.0.8.dev174:

• Fix update of trunk subports during live migration

• Update to version neutron-13.0.8.dev172:

• [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses

• Update to version neutron-13.0.8.dev170:

• Call install_ingress_direct_goto_flows() when ovs restarts

• Update to version neutron-13.0.8.dev168:

• Fix multicast traffic with IGMP snooping enabled

• Update to version neutron-13.0.8.dev166:

• Fix OVS conjunctive IP flows cleanup

Changes in openstack-neutron: - Update to version neutron-13.0.8.dev206: * Wait longer before deleting DPDK vhu trunk bridges

• Update to version neutron-13.0.8.dev205:

• Do no use "--strict" for OF deletion in TRANSIENT_TABLE

• Update to version neutron-13.0.8.dev203:

• Populate self.floating_ips_dict using "ip rule" information

• Update to version neutron-13.0.8.dev201:

• [Functional] Wait for the initial state of ha router before test

• Don't setup bridge controller if it is already set

• Update to version neutron-13.0.8.dev198:

• Remove dhcp_extra_opt name after first newline character

• Update to version neutron-13.0.8.dev196:

• [L3] Use processing queue for network update events

• Add extra logs to the network update callback in L3 agent

• Remove cve-2021-40085-stable-rocky.patch (merged upstream)

• Update to version neutron-13.0.8.dev192:

• Remove dhcp_extra_opt value after first newline character

• Update to version neutron-13.0.8.dev190:

• Don't use singleton in routes.middleware.RoutesMiddleware

• Update to version neutron-13.0.8.dev189:

• Fix notify listener syntax for SEGMENT_HOST_MAPPING

• Add cve-2021-40085-stable-rocky.patch (bsc#1189794, CVE-2021-40085)

• Remove dhcp_extra_opt value after first newline character

• Update to version neutron-13.0.8.dev188:

• Clean port forwarding cache when router is DOWN

• Update to version neutron-13.0.8.dev186:

• Remove FIP agent's gw port when L3 agent is deleted

• Update to version neutron-13.0.8.dev184:

• Force to close http connection after notify about HA router status

• Update to version neutron-13.0.8.dev183:

• Don't configure dnsmasq entries for "network" ports

• Update to version neutron-13.0.8.dev181:

• Exclude fallback tunnel devices from netns cleanup

• Update to version neutron-13.0.8.dev180:

• [DVR] Send allowed address pairs info to the L3 agents
• designate: allow PTR zone creation to fail

• Don't try to create default SG when security groups are disabled

• Update to version neutron-13.0.8.dev174:

• Fix update of trunk subports during live migration

• Update to version neutron-13.0.8.dev172:

• [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses

• Update to version neutron-13.0.8.dev170:

• Call install_ingress_direct_goto_flows() when ovs restarts

• Update to version neutron-13.0.8.dev168:

• Fix multicast traffic with IGMP snooping enabled

• Update to version neutron-13.0.8.dev166:

• Fix OVS conjunctive IP flows cleanup

Changes in python-Pillow: - Add 030-CVE-2022-22817.patch * From upstream, backported * Fixes CVE-2022-22817, bsc#1194521 * test from upstream updated for python2

• Add 028-CVE-2022-22815.patch
• From upstream, backported
• Fixes CVE-2022-22815, bsc#1194552
• Add 029-CVE-2022-22816.patch
• From upstream, backported
• Fixes CVE-2022-22816, bsc#1194551

Changes in python-XStatic-jquery-ui: - Update to version 1.13.0.1 (bsc#1192070, CVE-2021-41182, bsc#1192073, CVE-2021-41184, bsc#1192075, CVE-2021-41183) * Fix XSS in the altField option of the Datepicker widget (CVE-2021-41182) * Fix XSS in *Text options of the Datepicker widget (CVE-2021-41183) * Fix XSS in the of option of the .position() util (CVE-2021-41184) * Drop support for Query 1.7 * Accordion: allow function parameter for selecting header elements * Datepicker: add optional onUpdateDatepicker callback

Changes in release-notes-suse-openstack-cloud: - Update to version 9.20220413: * Update release notes to indicate support for SES7 - Update to version 9.20220112: * Add reference to keystone bcrypt issue to known limitations (bsc#1186380)

Changes in rubygem-sinatra: - Add CVE-2022-29970.patch (bsc#1199138, CVE-2022-29970)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1729=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1729=1

Package List:

• SUSE OpenStack Cloud 9 (noarch)
  • openstack-ironic-api-11.1.5~dev18-3.28.2
  • openstack-keystone-14.2.1~dev9-3.28.2
  • python-barbican-7.0.1~dev24-3.14.1
  • venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1
  • openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1
  • venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1
  • openstack-heat-gbp-14.0.1~dev4-3.9.1
  • openstack-barbican-retry-7.0.1~dev24-3.14.1
  • openstack-ironic-conductor-11.1.5~dev18-3.28.2
  • python-cinder-13.0.10~dev24-3.34.2
  • openstack-neutron-l3-agent-13.0.8~dev206-3.40.1
  • python-XStatic-jquery-ui-1.13.0.1-4.3.1
  • python-neutron-13.0.8~dev206-3.40.1
  • openstack-neutron-gbp-14.0.1~dev33-3.31.1
  • openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1
  • python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1
  • openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1
  • python-keystone-14.2.1~dev9-3.28.2
  • openstack-cinder-13.0.10~dev24-3.34.2
  • openstack-neutron-metering-agent-13.0.8~dev206-3.40.1
  • venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1
  • release-notes-suse-openstack-cloud-9.20220413-3.30.1
  • venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1
  • ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1
  • venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1
  • openstack-barbican-7.0.1~dev24-3.14.1
  • openstack-neutron-13.0.8~dev206-3.40.1
  • venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1
  • venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2
  • venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1
  • openstack-barbican-worker-7.0.1~dev24-3.14.1
  • venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1
  • venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1
  • openstack-cinder-api-13.0.10~dev24-3.34.2
  • venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1
  • openstack-cinder-scheduler-13.0.10~dev24-3.34.2
  • openstack-cinder-backup-13.0.10~dev24-3.34.2
  • openstack-cinder-volume-13.0.10~dev24-3.34.2
  • openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1
  • openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1
  • openstack-ironic-11.1.5~dev18-3.28.2
  • venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1
  • openstack-barbican-api-7.0.1~dev24-3.14.1
  • openstack-neutron-ha-tool-13.0.8~dev206-3.40.1
  • openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1
  • venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1
  • openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1
  • venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1
  • venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1
  • python-heat-gbp-14.0.1~dev4-3.9.1
  • openstack-neutron-server-13.0.8~dev206-3.40.1
  • venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1
  • python-ironic-11.1.5~dev18-3.28.2
  • venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1
  • python-neutron-gbp-14.0.1~dev33-3.31.1
• SUSE OpenStack Cloud 9 (x86_64)
  • grafana-6.7.4-3.26.1
  • python-Pillow-debugsource-5.2.0-3.17.1
  • grafana-debuginfo-6.7.4-3.26.1
  • python-Pillow-5.2.0-3.17.1
  • python-Pillow-debuginfo-5.2.0-3.17.1
  • python-lxml-debuginfo-4.2.4-3.3.1
  • python-lxml-4.2.4-3.3.1
  • python-lxml-debugsource-4.2.4-3.3.1
• SUSE OpenStack Cloud Crowbar 9 (x86_64)
  • grafana-6.7.4-3.26.1
  • python-Pillow-debugsource-5.2.0-3.17.1
  • grafana-debuginfo-6.7.4-3.26.1
  • python-Pillow-5.2.0-3.17.1
  • python-Pillow-debuginfo-5.2.0-3.17.1
  • ruby2.1-rubygem-sinatra-1.4.6-4.3.1
  • python-lxml-debuginfo-4.2.4-3.3.1
  • python-lxml-4.2.4-3.3.1
  • python-lxml-debugsource-4.2.4-3.3.1
• SUSE OpenStack Cloud Crowbar 9 (noarch)
  • openstack-ironic-api-11.1.5~dev18-3.28.2
  • openstack-keystone-14.2.1~dev9-3.28.2
  • python-barbican-7.0.1~dev24-3.14.1
  • openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1
  • openstack-heat-gbp-14.0.1~dev4-3.9.1
  • openstack-barbican-retry-7.0.1~dev24-3.14.1
  • openstack-ironic-conductor-11.1.5~dev18-3.28.2
  • python-cinder-13.0.10~dev24-3.34.2
  • openstack-neutron-l3-agent-13.0.8~dev206-3.40.1
  • python-XStatic-jquery-ui-1.13.0.1-4.3.1
  • python-neutron-13.0.8~dev206-3.40.1
  • openstack-neutron-gbp-14.0.1~dev33-3.31.1
  • openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1
  • python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1
  • openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1
  • python-keystone-14.2.1~dev9-3.28.2
  • openstack-cinder-13.0.10~dev24-3.34.2
  • openstack-neutron-metering-agent-13.0.8~dev206-3.40.1
  • release-notes-suse-openstack-cloud-9.20220413-3.30.1
  • openstack-barbican-7.0.1~dev24-3.14.1
  • openstack-neutron-13.0.8~dev206-3.40.1
  • openstack-barbican-worker-7.0.1~dev24-3.14.1
  • openstack-cinder-api-13.0.10~dev24-3.34.2
  • openstack-cinder-scheduler-13.0.10~dev24-3.34.2
  • openstack-cinder-backup-13.0.10~dev24-3.34.2
  • openstack-cinder-volume-13.0.10~dev24-3.34.2
  • openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1
  • openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1
  • openstack-ironic-11.1.5~dev18-3.28.2
  • openstack-barbican-api-7.0.1~dev24-3.14.1
  • openstack-neutron-ha-tool-13.0.8~dev206-3.40.1
  • openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1
  • openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1
  • python-heat-gbp-14.0.1~dev4-3.9.1
  • openstack-neutron-server-13.0.8~dev206-3.40.1
  • python-ironic-11.1.5~dev18-3.28.2
  • python-neutron-gbp-14.0.1~dev33-3.31.1

References:

• https://www.suse.com/security/cve/CVE-2018-19787.html
• https://www.suse.com/security/cve/CVE-2020-27783.html
• https://www.suse.com/security/cve/CVE-2021-28957.html
• https://www.suse.com/security/cve/CVE-2021-38155.html
• https://www.suse.com/security/cve/CVE-2021-41182.html
• https://www.suse.com/security/cve/CVE-2021-41183.html
• https://www.suse.com/security/cve/CVE-2021-41184.html
• https://www.suse.com/security/cve/CVE-2021-43813.html
• https://www.suse.com/security/cve/CVE-2021-43818.html
• https://www.suse.com/security/cve/CVE-2021-44716.html
• https://www.suse.com/security/cve/CVE-2022-22815.html
• https://www.suse.com/security/cve/CVE-2022-22816.html
• https://www.suse.com/security/cve/CVE-2022-22817.html
• https://www.suse.com/security/cve/CVE-2022-23451.html
• https://www.suse.com/security/cve/CVE-2022-23452.html
• https://www.suse.com/security/cve/CVE-2022-29970.html
• https://www.suse.com/security/cve/CVE-MISC:cve.mitre.org:MLIST:[oss-security] 20210831 [OSSA-2021-005] Neutron: Arbitrary dnsmasq reconfiguration via extra_dhcp_opts (CVE-2021-40085).html
• https://bugzilla.suse.com/show_bug.cgi?id=1118088
• https://bugzilla.suse.com/show_bug.cgi?id=1179534
• https://bugzilla.suse.com/show_bug.cgi?id=1184177
• https://bugzilla.suse.com/show_bug.cgi?id=1186380
• https://bugzilla.suse.com/show_bug.cgi?id=1189390
• https://bugzilla.suse.com/show_bug.cgi?id=1189794
• https://bugzilla.suse.com/show_bug.cgi?id=11920