Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp
| Announcement ID: | SUSE-SU-2023:0070-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues:
Security fixes included on this update:
openstack-barbican:
- CVE-2022-3100: Fixed an access policy bypass via query string injection (bsc#1203873).
spark:
- CVE-2022-33891: Fixed a command injection vulnerability via Spark UI (bsc#1204326).
Non Security fixes:
Changes in openstack-barbican: - Add patch to address access policy bypass via query string injection. (bsc#1203873, CVE-2022-3100.)
Changes in openstack-heat-gbp: - Update to version group-based-policy-automation-14.0.1.dev5: * Add support for zed
Changes in openstack-horizon-plugin-gbp-ui: - Update to version group-based-policy-ui-14.0.1.dev6: * Add support for zed
- Update to version group-based-policy-ui-14.0.1.dev5:
- fix launch instance GBP issue
Changes in openstack-neutron: - Update to version neutron-13.0.8.dev209: * Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
-
fix: Fix url of Floodlight
-
Update to version neutron-13.0.8.dev207:
- Mellanox_eth.img url expires, remove the mellanox_eth.img node
Changes in openstack-neutron: - Update to version neutron-13.0.8.dev209: * Update documentation link for openSUSE index
- Update to version neutron-13.0.8.dev208:
-
fix: Fix url of Floodlight
-
Update to version neutron-13.0.8.dev207:
- Mellanox_eth.img url expires, remove the mellanox_eth.img node
Changes in openstack-neutron-gbp: - Update to version group-based-policy-14.0.1.dev52: * Fix keystone notification listener
- Update to version group-based-policy-14.0.1.dev51:
-
Support for epg subnet 2014.2.0rc1
-
Update to version group-based-policy-14.0.1.dev50:
-
Use top-level contract references 2014.2.rc1
-
Update to version group-based-policy-14.0.1.dev48:
- Remove py37 jobs from gate 2014.2rc1
Changes in spark: - Avoid using bash -c in ShellBasedGroupsMappingProvider. (bsc#1204326, CVE-2022-33891)
-
Add _constraints to prevent build from running out of disk space
-
Update to version group-based-policy-14.0.1.dev47:
- Remove python39 from voting
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2023-70=1 -
SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-70=1
Package List:
-
SUSE OpenStack Cloud 9 (noarch)
- venv-openstack-barbican-x86_64-7.0.1~dev24-3.37.1
- openstack-neutron-13.0.8~dev209-3.43.1
- openstack-neutron-gbp-14.0.1~dev52-3.37.1
- openstack-neutron-l3-agent-13.0.8~dev209-3.43.1
- spark-2.2.3-5.12.1
- python-neutron-gbp-14.0.1~dev52-3.37.1
- venv-openstack-horizon-x86_64-14.1.1~dev11-4.43.1
- python-barbican-7.0.1~dev24-3.17.1
- openstack-neutron-dhcp-agent-13.0.8~dev209-3.43.1
- openstack-neutron-openvswitch-agent-13.0.8~dev209-3.43.1
- openstack-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1
- openstack-barbican-worker-7.0.1~dev24-3.17.1
- venv-openstack-neutron-x86_64-13.0.8~dev209-6.43.1
- python-heat-gbp-14.0.1~dev5-3.12.1
- openstack-neutron-metering-agent-13.0.8~dev209-3.43.1
- openstack-heat-gbp-14.0.1~dev5-3.12.1
- openstack-barbican-keystone-listener-7.0.1~dev24-3.17.1
- openstack-neutron-ha-tool-13.0.8~dev209-3.43.1
- openstack-barbican-api-7.0.1~dev24-3.17.1
- openstack-barbican-7.0.1~dev24-3.17.1
- python-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1
- openstack-neutron-linuxbridge-agent-13.0.8~dev209-3.43.1
- openstack-neutron-macvtap-agent-13.0.8~dev209-3.43.1
- openstack-neutron-server-13.0.8~dev209-3.43.1
- python-neutron-13.0.8~dev209-3.43.1
- openstack-neutron-metadata-agent-13.0.8~dev209-3.43.1
- openstack-barbican-retry-7.0.1~dev24-3.17.1
- venv-openstack-nova-x86_64-18.3.1~dev92-3.43.1
-
SUSE OpenStack Cloud Crowbar 9 (noarch)
- openstack-neutron-13.0.8~dev209-3.43.1
- openstack-neutron-gbp-14.0.1~dev52-3.37.1
- openstack-neutron-l3-agent-13.0.8~dev209-3.43.1
- spark-2.2.3-5.12.1
- python-neutron-gbp-14.0.1~dev52-3.37.1
- python-barbican-7.0.1~dev24-3.17.1
- openstack-neutron-dhcp-agent-13.0.8~dev209-3.43.1
- openstack-neutron-openvswitch-agent-13.0.8~dev209-3.43.1
- openstack-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1
- openstack-barbican-worker-7.0.1~dev24-3.17.1
- python-heat-gbp-14.0.1~dev5-3.12.1
- openstack-neutron-metering-agent-13.0.8~dev209-3.43.1
- openstack-heat-gbp-14.0.1~dev5-3.12.1
- openstack-barbican-keystone-listener-7.0.1~dev24-3.17.1
- openstack-neutron-ha-tool-13.0.8~dev209-3.43.1
- openstack-barbican-api-7.0.1~dev24-3.17.1
- openstack-barbican-7.0.1~dev24-3.17.1
- python-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1
- openstack-neutron-linuxbridge-agent-13.0.8~dev209-3.43.1
- openstack-neutron-macvtap-agent-13.0.8~dev209-3.43.1
- openstack-neutron-server-13.0.8~dev209-3.43.1
- python-neutron-13.0.8~dev209-3.43.1
- openstack-neutron-metadata-agent-13.0.8~dev209-3.43.1
- openstack-barbican-retry-7.0.1~dev24-3.17.1