SUSE-SU-2019:2267-1

Advisory lineage Upstream: 9 Downstream: 0

Upstream

CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324 CVE-2019-13611 CVE-2019-7164

Published: 18 Sept 2019, 15:25

Last modified:04 Feb 2026, 04:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Sept 2019, 15:25

Published

Vulnerability first disclosed

04 Feb 2026, 04:24

Last Modified

Vulnerability information updated

Description

Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues: - Update to version 9.0+git.1566374020.301191f: * Use raw image format when using SES backend on Nova (SOC-9285) - Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) - Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840) - Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for policy.yaml.j2. (SOC-0000) - Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non local ipv6 addresses (SOC-9330) - Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for ipv6 address comparison (SOC-9940) - Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with 'zypper' (SOC-9997) - Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for ipv6 (SOC-9369) - Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin for l2gw (SOC-5837) - Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway Service definition (SOC-5837) - Switch to new Gerrit Server - Update to version 9.0+git.1566375806.f0b2333: * Configure glance image_direct_url/multiple_locations (SOC-9285) - Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1564491141.602fdf9: * Default glance_default_store to rbd if SES enabled (SOC-8749) - Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from rule (SOC-10003) - Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json permission to be 664 (SOC-9872) - Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the minimal ardana-ci model (SOC-9800) - Update to version 9.0+git.1566255088.3443670: * Add server state column (SOC-9957) - Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677) (#357) - Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload option when ses is not configured (SOC-8555) (#356) - Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is created during upgrade (SOC-9923) - Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565691188.2309798: * Use systemd for monasca-thresh (SOC-10145) - Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on rabbitmq-server (SOC-9745) - Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure VPN and Firewall service providers (SOC-9935) - Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to neutron services (SOC-8746) - Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/https urls (SOC-10063) - Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk discard when using RBD (SOC-10182) - Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint override (SOC-10130) - Update to version 9.0+git.1565366126.4993583: * Make default/rpc_response_timeout configurable (SOC-9285) - Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy random status failures (SOC-9574) - Update to version 9.0+git.1566206502.6c87b41: * Use default values for amphora connection retries/timeout (SOC-9285) - Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/https urls (SOC-10063) - Add ipaddr bower dependency (SOC-9679) - Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565380193.f006466: * Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939) - Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857) - Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user for ovs as 'root' (SOC-8139) - Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url entry totally fictitious (SOC-6800) - Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry to lvm.conf (bsc#1140512) - Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for logrotate (SOC-8139) - Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in iptables command (SOC-9349) - Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on ovs-bridges anymore (SOC-9239) - Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677) - Update to version 9.0+git.1563468620.5035cf8: * Add support for ses integration (SOC-8555) - Update to version 9.0+git.1563461311.16ea2df: * Change url of upper-constraints file (SOC-9863) - Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook (SOC-9902) - Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint during deploy (SOC-9303) - Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls (SOC-10063) - Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade enhancements (SOC-10146) - Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter before deploying it (SOC-10287) - Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in parallel (SOC-9285) - Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve tests (SOC-9775) - Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve tests (SOC-9775) - Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby version for package installation (SOC-10010) - Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova services after upgrade - Update to version 6.0+git.1565859218.525130340: * upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164) - Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove controller for admin bridge (SOC-10073) - Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix get_proposal_json (SOC-9954) - Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 * dns: fix migration for designate - Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar batch error output (SOC-9954) - Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911) - Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup before upgrade (SOC-9482) * bind9: Fix spelling error in template - Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup clone_stateless_services leftovers (SOC-9842) - Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file names for 8 -> 9 (SOC-9029) - Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098) - Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby version for package installation (SOC-10010) - Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB pools configuration (SOC-9767) * horizon: Install designate plugin when configured (SOC-9695) - Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old ceilometer-api vhosts (SOC-9483) - Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp (SOC-6100) - Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure resource settings (SOC-9633) - Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029) - Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719) - Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync (SOC-9981) - Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests (SOC-9298) * Fix nova tempest tests (SOC-9298) - Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation error if domain names dont end with a dot(.) - Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support (SOC-9298) - Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server node for VIP look ups (SOC-9631) - add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to run the barbican tempest test - Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup clone_stateless_services leftovers (SOC-9842) - Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for cinder using ceph as backenid (SOC-9298) - Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes (SOC-9683) - Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling error inside comments (SOC-6361) - Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when lookup by name (SOC-9339) - Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB creation - Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689) - Update to version 1.3.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version - Bumped package version to 1.3 to differentiate it from 8-9 version - Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom version to 1.3.0 * Remove cassandra.patch (merged upstream) - Fix license - Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common - Update to version ceilometer-11.0.2.dev14: * Fixing broken links - Update to version ceilometer-11.0.2.dev14: * Fixing broken links - Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve - Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list - Update to version cinder-13.0.6.dev16: * Revert 'Declare multiattach support for HPE MSA' - Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config - Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue - Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve - Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list - Update to version cinder-13.0.6.dev16: * Revert 'Declare multiattach support for HPE MSA' - Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config - Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue * nimble: Fix missing ssl support (bsc#1027315) - Update to version designate-7.0.1.dev21: * Improve log message for better understanding - Update to version designate-7.0.1.dev21: * Improve log message for better understanding - Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation - Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user - Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts - Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource - Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() - Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation - Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user - Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts - Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource - Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create() - Do not exclude python bytecode files (see https://review.opendev.org/#/c/666611 for details) - Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for new upper constraints strategy * OpenDev Migration Patch - Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards - Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images - Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master - Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images - Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master - Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi from git master - Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a warning when lshw cannot be run - Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw output, collect it with other logs instead 3.3.2 - Update to version keystone-14.1.1.dev8: * Revert 'Blacklist bandit 1.6.0' - Update to version keystone-14.1.1.dev8: * Revert 'Blacklist bandit 1.6.0' - Update to version magnum-7.1.1.dev28: * Revert 'support http/https proxy for discovery url' * Use rocky heat-container-agent for stable/rocky - Update to version magnum-7.1.1.dev28: * Revert 'support http/https proxy for discovery url' * Use rocky heat-container-agent for stable/rocky - Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor - Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor - update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105 test failure - update to version 1.12.1~dev9 - Update all columns in metrics on an update to refresh TTL - update to version 1.12.1~dev7 - Widen exception catch for point parse failure - update to version 1.12.1~dev6 - some points unable to parse - OpenDev Migration Patch - Rebased patches: + 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream) - Update to version monasca-persister-1.12.1.dev9: * Update all columns in metrics on an update to refresh TTL * OpenDev Migration Patch - Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch - Update to version monasca-persister-1.12.1.dev4 * Java persister config: defaults and robustness * Add Cassandra db support - Remove java-persister-defaults.patch (merged upstream) - Remove cassandra.patch (merged upstream) - Add missing URLs for patches - Updated to kit tarball built from 1.12.1.dev4 - Updated README.updating for current version - Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug - Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port - Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError - Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges - Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports() - Update to version neutron-13.0.5.dev6: * Ignore first local port update notification - Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 - Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug - Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port - Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError - Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges - Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports() - Update to version neutron-13.0.5.dev6: * Ignore first local port update notification - Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4 * When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) - Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test for Connection Tracking - Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and icmp\_type for SG rule * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call - Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance gbp-validate to detect routed subnet overlap - Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent overlapping CIDRs in routed VRF * Disallow external subnets as router interfaces - Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\_state display on neutron based on AIM status - Update to version group-based-policy-5.0.1.dev446: * Send the port updates for the SNAT use case if needed * Make DHCP provisioning blocks conditional - Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky - add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch - Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky * Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051) - Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the gate queue - Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation function - Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP listener health - Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper constraints strategy - Add patches fixing tempest cleanup removing all networks https://bugs.launchpad.net/tempest/+bug/1812660 * 0001-Remove-deprecated-services-from-cleanup.patch * 0002-Fix-tempest-cleanup.patch * 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch - Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to baremetal ServersValidator (SOC-9940) - Update to version 9.0+git.1565384645.8fcf5db: * Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939) - Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on MANAGEMENT network group (SOC-9939) - Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses for endpoint urls (SOC-9357) - added 0001-Fix-volume-revert-to-snapshot-tests.patch - update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override is used - OpenDev Migration Patch - added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch - added 0001-Use-unicode-literals-in-test_metrics.patch - update to version 3.16.2 (bsc#1144027, bsc#1144026) - update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org git:// URLs with https:// - Fixes for Unicode characters in python 2 requests - Fix functional tests on stable/rocky - Correct updating baremetal nodes by name or ID - Support bare metal service error messages - import zuul job settings from project-config - Correct update operations for baremetal - Add simple create/show/delete functional tests for all baremetal resources - Add a simple baremetal functional job - Pass microversion info through from Profile - update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation - Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) * python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server - Switch to new Gerrit Server - Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean orphaned section rules * OpenDev Migration Patch * Delete SG rules when deleting their remote group * NSX|V3: Limit number of subnet static routes per backend * NSX|V: Restrict creating conflicting address_pair in the same network * NSX|V3: Add verification of num defined address pairs * constrain rocky dependencies * Update rocky .gitreview branch * Handle multiple default SG creation in all plugins * update tox for stable branch * NSX|V3: remove redundent code in get_port/s * NSX|V3: Change status code of SG failure * NSX|V: enable allow_address_pairs upon request * Revert 'NSX|V3: Simplify LBaaS implementation' * NSX|V3: Fix LBaaS loadbalancer creation * NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS implementation * Complete the init of the Neutron main process * NSX|V3: Respect default keyword for physical_net * NSX|V admin utils: Find and fix spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin * Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation * Revert 'NSX|V3: Init FWaaS before spawn' * NSX|V3: prevent user from changing the NSX internal SG * Fix provider security group exception call * NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code & tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX|V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack: Delete old project before deciding how to get the new code * NSX|V3: Init FWaaS before spawn * Devstack: Fix failed of ml2 directory creation * Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints * NSX|V3: Do not allow external subnets overlapping with uplink cidr * Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully * NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2 config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use upper-constraints from stable/rocky * fix lower constraints * TVD: Add missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V use context reader for router driver * NSX|V Fix AdminUtils get apis to use the right context * TVD LBaaS: fix operational status api * Use tenant context to get router GW network * NSX-v3: Fix listener for pool not fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl * NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback * NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields * TVD verify loadbalancer project match the LB object project * TVD: Do not crash in case the project is not found * NSX|V3: Fix member fip error message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill VIF data for upgraded ports * Devstack plugin: fetch Neutron only when needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS operation status function params * NSX|V3: Add LB status calls validations * NSX|V3 remove lbaas import to allow the plugin to work without lbaas * NSX|V Allow updating port security and mac learning together * NSX|V3: Change external provider network error message * NSX|V+V3: Prevent adding different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX|V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception when deleting dhcp port * NSX|V3 Validate rate-limit value in admin utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix port MAC learning flag handling * NSX|V3 update port revision on update_port response * NSX|V: Avoid updating the default section at init * NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member create * Devstack: Use the right python version in cleanup * NSX|V: Fix host groups for DRS HA for AZ * NSX|V Fix policy security group update * NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make sure LB member is connected to the LB router * NSX|V3: Prevent adding an external net as a router interface * NSX|V: Shorten the L2 bridge edge name * NSX|V3: Fix port binding update on new ports - update to version 13.0.1~dev146 - Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX|V3+P: Change max allowed host routes * Adding the option to configure disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter for max subnet static routes * NSX|T: Add NSX limit of IP address association to port * Fix nsgroup update to access the logging field safely * Retry http requests on timeouts * Added retries if API call fails due to MP cluster reconfig * Fix check_manager_status to support older NSX versions * Improve Cluster validation checks * Add apis to get tier0 uplink cidrs and not just ips * Support response status codes for LB HM * Add manager status validation to validate connection * Handle get_default_headers errors * Update the max NS groups criteria tags number dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and codes in strict mode * Fix cluster connectivity * Fix the revision needed for security rules version * New api for getting VPN session status * New api for getting the LB virtual servers status * NSX|V3: Support new icmp codes and types list- - update to version 13.0.1~dev24 - Fix the Requires: format in spec file (bsc#1134232) - 3.4.2

Affected Systems

suse•ardana-ansible&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566374020.301191f-3.7.2
suse•ardana-barbican&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566251498.be02ca4-3.7.2
suse•ardana-cinder&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565678764.c3a9b9f-3.7.2
suse•ardana-cluster&distro=SUSE OpenStack Cloud 9
< 9.0+git.1559333871.40508f7-3.7.2
suse•ardana-cobbler&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566336494.93967dd-3.7.2
suse•ardana-db&distro=SUSE OpenStack Cloud 9
< 9.0+git.1564409964.b7e4fc3-3.7.2
suse•ardana-designate&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565680593.df7a432-3.7.2
suse•ardana-extensions-nsx&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566213657.69862ab-8.1
suse•ardana-glance&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566375806.f0b2333-3.7.2
suse•ardana-heat&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565721273.f44b8d7-3.7.2
suse•ardana-horizon&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565891518.2a545a1-3.7.2
suse•ardana-input-model&distro=SUSE OpenStack Cloud 9
< 9.0+git.1562848565.91e75b2-3.7.2
suse•ardana-installer-ui&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566255088.3443670-3.7.2
suse•ardana-ironic&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565721987.ddc59c8-3.7.2
suse•ardana-keystone&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565891593.cad6d1a-3.7.2
suse•ardana-logging&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565761582.2dc823a-3.7.2
suse•ardana-magnum&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565762005.016032a-3.7.2
suse•ardana-monasca&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566332665.ad894c0-3.7.2
suse•ardana-mq&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565115025.148d092-3.7.2
suse•ardana-neutron&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566251310.3a1e8f9-3.7.2
suse•ardana-nova&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566332515.e232568-3.7.2
suse•ardana-octavia&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566206502.6c87b41-3.7.2
suse•ardana-opsconsole-ui&distro=SUSE OpenStack Cloud 9
< 9.0+git.1555530925.206f1a8-4.7.2
suse•ardana-opsconsole&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566251377.b1caeaa-3.7.2
suse•ardana-osconfig&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565764394.545b573-3.7.2
suse•ardana-service&distro=SUSE OpenStack Cloud 9
< 9.0+git.1564706915.edd44c4-3.7.2
suse•ardana-ses&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565962617.523149b-3.7.2
suse•ardana-swift&distro=SUSE OpenStack Cloud 9
< 9.0+git.1565891872.73fc3c7-3.7.2
suse•ardana-tempest&distro=SUSE OpenStack Cloud 9
< 9.0+git.1566471752.a3c5c9c-3.7.2
suse•crowbar-core&distro=SUSE OpenStack Cloud Crowbar 9
< 6.0+git.1566321308.1de18b9a4-3.7.2
suse•crowbar-ha&distro=SUSE OpenStack Cloud Crowbar 9
< 6.0+git.1566406179.7549de2-3.7.2
suse•crowbar-openstack&distro=SUSE OpenStack Cloud Crowbar 9
< 6.0+git.1566404979.41279a88e-3.7.2
suse•crowbar-ui&distro=SUSE OpenStack Cloud Crowbar 9
< 1.3.0+git.1563181545.65360af5-8.1
suse•openstack-ceilometer&distro=SUSE OpenStack Cloud 9
< 11.0.2~dev14-3.7.2
suse•openstack-ceilometer&distro=SUSE OpenStack Cloud Crowbar 9
< 11.0.2~dev14-3.7.2
suse•openstack-cinder&distro=SUSE OpenStack Cloud 9
< 13.0.7~dev3-3.7.2
suse•openstack-cinder&distro=SUSE OpenStack Cloud Crowbar 9
< 13.0.7~dev3-3.7.2
suse•openstack-designate&distro=SUSE OpenStack Cloud 9
< 7.0.1~dev21-3.7.2
suse•openstack-designate&distro=SUSE OpenStack Cloud Crowbar 9
< 7.0.1~dev21-3.7.2
suse•openstack-heat&distro=SUSE OpenStack Cloud 9
< 11.0.3~dev19-3.7.2
suse•openstack-heat&distro=SUSE OpenStack Cloud Crowbar 9
< 11.0.3~dev19-3.7.2
suse•openstack-horizon-plugin-neutron-fwaas-ui&distro=SUSE OpenStack Cloud 9
< 1.5.1~dev6-8.1
suse•openstack-horizon-plugin-neutron-fwaas-ui&distro=SUSE OpenStack Cloud Crowbar 9
< 1.5.1~dev6-8.1
suse•openstack-horizon-plugin-neutron-lbaas-ui&distro=SUSE OpenStack Cloud 9
< 5.0.1~dev7-8.1
suse•openstack-horizon-plugin-neutron-lbaas-ui&distro=SUSE OpenStack Cloud Crowbar 9
< 5.0.1~dev7-8.1
suse•openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE OpenStack Cloud 9
< 1.4.1~dev7-8.1
suse•openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE OpenStack Cloud Crowbar 9
< 1.4.1~dev7-8.1
suse•openstack-ironic-python-agent&distro=SUSE OpenStack Cloud 9
< 3.3.3~dev4-3.7.2
suse•openstack-ironic-python-agent&distro=SUSE OpenStack Cloud Crowbar 9
< 3.3.3~dev4-3.7.2
suse•openstack-ironic&distro=SUSE OpenStack Cloud 9
< 11.1.4~dev9-3.7.2

Showing first 50 affected entries in server-rendered view.

SUSE-SU-2019:2267-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (80)