Security update for openstack-dashboard

Announcement ID:	SUSE-SU-2015:2064-1
Rating:	moderate
References:	bsc#928891 bsc#931437 bsc#933607 bsc#933722 bsc#935442 bsc#936059 bsc#936368 bsc#945052 bsc#945515
Cross-References:	CVE-2015-3219 CVE-2015-3988
CVSS scores:
Affected Products:	SUSE Cloud 5

An update that solves two vulnerabilities and has seven security fixes can now be installed.

Description:

This update provides fixes and enhancements for openstack-dashboard, crowbar-barclamp-nova_dashboard and python-django_openstack_auth.

openstack-dashboard:

• Reset flavors for other than "Boot from Image" source type. (bsc#945515)
• Add deactivated status for glance image.
• Fix TemplateSyntaxError at hypervisors view.
• Fix addition of plugin panel to panel group.
• Remove admin role name 'admin' hardcode. (bsc#935442)
• Escape the description param from heat template. (bsc#933722, CVE-2015-3219)
• Enhance policy rules to workflow actions and identity project.
• Sanitation of metadata passed from Django to avoid persistent XSS. (bsc#931437, CVE-2015-3988)
• Fix Terminate Instance on network topology page.
• Show ports from shared nets in floating IP assoc.
• Fix incorrect ca arguments for calling ceilometer client.
• Fix dynamic select layout when help block is displayed.
• Pass correct project ID to get tenant_usages. (bsc#928891)

crowbar-barclamp-nova_dashboard:

• Allow switching on multidomain support. (bsc#945052)
• Fix quoting of supported_provider_types. (bsc#936368)
• Enable the POLICY_FILES setting configuration.
• Fix attribute being fetched from wrong node. (bsc#936059)

python-django_openstack_auth:

• Remove admin role name 'admin' hardcode in User.is_superuser().

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Cloud 5
  zypper in -t patch sleclo50sp3-openstack-crowbar-dashboard-201510-12220=1

Package List:

• SUSE Cloud 5 (noarch)
  • crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3
• SUSE Cloud 5 (x86_64)
  • openstack-dashboard-2014.2.4~a0~dev12-13.2
  • python-horizon-2014.2.4~a0~dev12-13.2
  • python-django_openstack_auth-1.1.7-11.3

References:

• https://www.suse.com/security/cve/CVE-2015-3219.html
• https://www.suse.com/security/cve/CVE-2015-3988.html
• https://bugzilla.suse.com/show_bug.cgi?id=928891
• https://bugzilla.suse.com/show_bug.cgi?id=931437
• https://bugzilla.suse.com/show_bug.cgi?id=933607
• https://bugzilla.suse.com/show_bug.cgi?id=933722
• https://bugzilla.suse.com/show_bug.cgi?id=935442
• https://bugzilla.suse.com/show_bug.cgi?id=936059
• https://bugzilla.suse.com/show_bug.cgi?id=936368
• https://bugzilla.suse.com/show_bug.cgi?id=945052
• https://bugzilla.suse.com/show_bug.cgi?id=945515