Security update for python modules

Announcement ID:	SUSE-SU-2015:1602-1
Rating:	low
References:	bsc#914910 bsc#928205 bsc#933758
Cross-References:	CVE-2015-1852
CVSS scores:
Affected Products:	SUSE Cloud for SLE 12 Compute Nodes 5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves one vulnerability and has two security fixes can now be installed.

Description:

This update for several python modules provides the following security fix and improvements.

• python-keystonemiddleware:

• Fix s3_token middleware parsing insecure option (bsc#928205, CVE-2015-1852)

• python-novaclient:

• Update novaclient shell to use shared arguments from Session (bnc#933758)

• Support using the Keystone V3 API from the Nova CLI (bnc#933758)

• python-swiftclient:

• Add dependency to python-setuptools (bnc#914910)

• python-glanceclient:

• Remove deprecation warning

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Cloud for SLE 12 Compute Nodes 5
  zypper in -t patch SUSE-SLE12-CLOUD-5-2015-570=1

Package List:

• SUSE Cloud for SLE 12 Compute Nodes 5 (noarch)
  • python-keystoneclient-1.0.0-19.1
  • python-novaclient-doc-2.20.0-6.1
  • python-swiftclient-2.3.1-3.1
  • python-swiftclient-doc-2.3.1-3.1
  • python-keystonemiddleware-1.2.0-4.1
  • python-keystoneclient-doc-1.0.0-19.1
  • python-novaclient-2.20.0-6.1
  • python-glanceclient-0.15.0-3.1

References:

• https://www.suse.com/security/cve/CVE-2015-1852.html
• https://bugzilla.suse.com/show_bug.cgi?id=914910
• https://bugzilla.suse.com/show_bug.cgi?id=928205
• https://bugzilla.suse.com/show_bug.cgi?id=933758