SUSE-SU-2019:1862-1

Description

Security update for ardana and crowbar This update for ardana and crowbar fixes the following issues: - Restrict rootwrap directories for cinder (bsc#1132542) - Change Cinder default log level from DEBUG to INFO (SCRD-7132) - Remove configuration from migration (bsc#1126391) - Configurable innodb flush options (SCRD-7496) - Secure designate's rootwrap files (bsc#1132542) - specify rootwrap config file in designate sudoer (bsc#1132542) - Update Designate log threshold from DEBUG to INFO (SCRD-8459) - Change Glance default log level from DEBUG to INFO (SCRD-8592) - Change Heat default log level from DEBUG to INFO (SCRD-7132) - Fix Horizon missing create snapshot action for users (bsc#1130593) - Don't set external-name in ardana-ci models (SCRD-7471) - Fix fail-over/-back behavior of haproxy for galera (bsc#1122875) - Update swift endpoints from keystone-reconfigure.yml if needed (SCRD-8703) - Change Magnum default log level from DEFAULT to INFO (SCRD-7132) - Rip out vertica related code (SCRD-9031) - Tighten neutron sudoers to only execute rootwrap (bsc#1132542) - Change Neutron default log level from DEBUG to INFO (SCRD-7132) - SCRD-9031 Change permitted nova-rootwrap config file pattern (bsc#1132542) - specify rootwrap config file in nova sudoer (bsc#1132542) - Change Nova default log level from DEBUG to INFO (SCRD-7132) - Stop installing a sudoers root escalator (SCRD-9031) - Change Octavia default log level from DEBUG to INFO (SCRD-7132) - Increase number of connect retries (SCRD-7496) - UDEV rules for multi-port nics (SCRD-8329) - Ensure that the ceph group exists (SCRD-8347) - Disable test_create_health_monitor_with_scenarios tempest (SOC-9176) - Make --os-test-timeout configurable and increase default (SCRD-7496) - Disable TestVolumeBootPattern.test_volume_boot_pattern (SCRD-9015) - Increase and make timeout values configurable (SCRD-7496) - Configure heat boot config template path (SCRD-7496) - Fix typo on ceilometer filter (SCRD-7496) - barclamp: Fix setting MTU on networks using a bridge - Fix order of values in nodes piechart - Ignore CVE-2019-11068 during Travis (SOC-9262) - Fix cloud-mkcloud9-job-backup-restore (SCRD-7126) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - pacemaker: add failure nodes to sync fail message (bsc#1083721) - update suse-branding.patch (SOC-9297) - pacemaker: wait more for founder if SBD is configured (SCRD-8462) - pacemaker: don't check cluster members on founder (SCRD-8462) - database: Make wsrep_provider_options configurable (fate#327745) - database: Raise and align promote/demote timeouts (bsc#1131791) - mysql: improve galera HA setup (bsc#1122875) - Update suse-branding.patch with correct links for documentation (SCRD-8294) - neutron: Fix the rest of the keystone related settings for LBaaS - neutron: properly define neutron lbaas region (bsc#1128753) - CLM - update MariaDB manually (bsc#1132852, SOC-9022) - update MariaDB manually (bsc#1132852, SOC-9022) - SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) - Fix bsc#1118003 - add deprecation decision tree (shrub) (SCRD-8530) - add cert section (SCRD-5542) - grammar; make migration pairing more explicit (SCRD-7595) - Remove whitespace on top of login page (SCRD-7142) - Revert alert and form colors to default SCRD-6919 - Change active sidebar section text white SCRD-6919 - Updated the openstack-monasca-agent-sudoers file (bsc#1132542) - Don't restart neutron-ovs-cleanup on RPM update (bsc#1132860) - Fix KeyError in OVS firewall (bsc#1131712, CVE-2019-10876) - update to 1.11.20 (bsc#124991, CVE-2019-6975): - Memory exhaustion in ``django.utils.numberformat.format()`` - Include ops-console logs if exist (bsc-1126912) - Add a sed pattern to censor passwords from servers.yml (bsc#1105559) - Show the status file of crowbar upgrade (if it exists)

Affected Systems

• suse•ardana-ansible&distro=HPE Helion OpenStack 8

  < 8.0+git.1553878455.7439e04-3.61.1

• suse•ardana-ansible&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1553878455.7439e04-3.61.1

• suse•ardana-barbican&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266594.8136db7-4.30.1

• suse•ardana-barbican&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266594.8136db7-4.30.1

• suse•ardana-cassandra&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266612.44dcb20-3.12.1

• suse•ardana-cassandra&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266612.44dcb20-3.12.1

• suse•ardana-ceilometer&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266629.0bb5d54-3.9.1

• suse•ardana-ceilometer&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266629.0bb5d54-3.9.1

• suse•ardana-cinder&distro=HPE Helion OpenStack 8

  < 8.0+git.1558619942.6bd075c-3.36.1

• suse•ardana-cinder&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1558619942.6bd075c-3.36.1

• suse•ardana-cluster&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266734.ec4822f-3.33.1

• suse•ardana-cluster&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266734.ec4822f-3.33.1

• suse•ardana-cobbler&distro=HPE Helion OpenStack 8

  < 8.0+git.1550694449.df88054-3.38.1

• suse•ardana-cobbler&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1550694449.df88054-3.38.1

• suse•ardana-db&distro=HPE Helion OpenStack 8

  < 8.0+git.1555341117.d812d88-3.25.1

• suse•ardana-db&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1555341117.d812d88-3.25.1

• suse•ardana-designate&distro=HPE Helion OpenStack 8

  < 8.0+git.1558636763.f7f09ca-3.14.1

• suse•ardana-designate&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1558636763.f7f09ca-3.14.1

• suse•ardana-freezer&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266805.c9ea29b-3.15.1

• suse•ardana-freezer&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266805.c9ea29b-3.15.1

• suse•ardana-glance&distro=HPE Helion OpenStack 8

  < 8.0+git.1555450219.97789ac-3.11.1

• suse•ardana-glance&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1555450219.97789ac-3.11.1

• suse•ardana-heat&distro=HPE Helion OpenStack 8

  < 8.0+git.1555450207.a7d3bfe-3.12.1

• suse•ardana-heat&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1555450207.a7d3bfe-3.12.1

• suse•ardana-horizon&distro=HPE Helion OpenStack 8

  < 8.0+git.1554732431.8f9dd50-3.15.1

• suse•ardana-horizon&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1554732431.8f9dd50-3.15.1

• suse•ardana-input-model&distro=HPE Helion OpenStack 8

  < 8.0+git.1557418274.fb273dd-3.27.1

• suse•ardana-input-model&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1557418274.fb273dd-3.27.1

• suse•ardana-ironic&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266893.1d69df7-3.6.1

• suse•ardana-ironic&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266893.1d69df7-3.6.1

• suse•ardana-keystone&distro=HPE Helion OpenStack 8

  < 8.0+git.1554915846.db23473-3.24.1

• suse•ardana-keystone&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1554915846.db23473-3.24.1

• suse•ardana-logging&distro=HPE Helion OpenStack 8

  < 8.0+git.1544117621.1c9a954-3.18.1

• suse•ardana-logging&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1544117621.1c9a954-3.18.1

• suse•ardana-magnum&distro=HPE Helion OpenStack 8

  < 8.0+git.1555450198.c42dc52-3.6.1

• suse•ardana-magnum&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1555450198.c42dc52-3.6.1

• suse•ardana-manila&distro=HPE Helion OpenStack 8

  < 8.0+git.1551748668.7427826-1.18.1

• suse•ardana-manila&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1551748668.7427826-1.18.1

• suse•ardana-memcached&distro=HPE Helion OpenStack 8

  < 8.0+git.1534266982.498c352-3.6.1

• suse•ardana-memcached&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534266982.498c352-3.6.1

• suse•ardana-monasca-transform&distro=HPE Helion OpenStack 8

  < 8.0+git.1534267017.4bbecd9-3.9.1

• suse•ardana-monasca-transform&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1534267017.4bbecd9-3.9.1

• suse•ardana-monasca&distro=HPE Helion OpenStack 8

  < 8.0+git.1557856965.bde9eb2-3.18.1

• suse•ardana-monasca&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1557856965.bde9eb2-3.18.1

• suse•ardana-mq&distro=HPE Helion OpenStack 8

  < 8.0+git.1549882721.b2e8873-3.13.1

• suse•ardana-mq&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1549882721.b2e8873-3.13.1

• suse•ardana-neutron&distro=HPE Helion OpenStack 8

  < 8.0+git.1557523208.81aa1da-3.30.1

• suse•ardana-neutron&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1557523208.81aa1da-3.30.1

• suse•ardana-nova&distro=HPE Helion OpenStack 8

  < 8.0+git.1559253853.bb932ea-3.29.1

• suse•ardana-nova&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1559253853.bb932ea-3.29.1

Showing first 50 affected entries in server-rendered view.

References (41)

• https://www.suse.com/support/update/announcement/2019/suse-su-20191862-1/
• https://bugzilla.suse.com/1083721
• https://bugzilla.suse.com/1105559
• https://bugzilla.suse.com/1118003
• https://bugzilla.suse.com/1120932
• https://bugzilla.suse.com/1122875
• https://bugzilla.suse.com/1124170
• https://bugzilla.suse.com/1126391
• https://bugzilla.suse.com/1128753
• https://bugzilla.suse.com/1130593
• https://bugzilla.suse.com/1131712
• https://bugzilla.suse.com/1131791
• https://bugzilla.suse.com/1132542
• https://bugzilla.suse.com/1132852
• https://bugzilla.suse.com/1132860
• https://bugzilla.suse.com/124991
• https://www.suse.com/security/cve/CVE-2018-14574
• https://www.suse.com/security/cve/CVE-2019-10876
• https://www.suse.com/security/cve/CVE-2019-11068
• https://www.suse.com/security/cve/CVE-2019-3498
• https://www.suse.com/security/cve/CVE-2019-6975
• https://bugzilla.suse.com/SCRD-5542
• https://bugzilla.suse.com/SCRD-6919
• https://bugzilla.suse.com/SCRD-7126
• https://bugzilla.suse.com/SCRD-7132
• https://bugzilla.suse.com/SCRD-7142
• https://bugzilla.suse.com/SCRD-7471
• https://bugzilla.suse.com/SCRD-7496
• https://bugzilla.suse.com/SCRD-7595
• https://bugzilla.suse.com/SCRD-7710
• https://bugzilla.suse.com/SCRD-7984
• https://bugzilla.suse.com/SCRD-8294
• https://bugzilla.suse.com/SCRD-8329
• https://bugzilla.suse.com/SCRD-8347
• https://bugzilla.suse.com/SCRD-8459
• https://bugzilla.suse.com/SCRD-8462
• https://bugzilla.suse.com/SCRD-8530
• https://bugzilla.suse.com/SCRD-8592
• https://bugzilla.suse.com/SCRD-8703
• https://bugzilla.suse.com/SCRD-9015
• https://bugzilla.suse.com/SCRD-9031