SUSE-SU-2021:3728-1

Description

Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma This update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837) rubygem-puma: CVE-2021-41136: Fixed build of the Java state machine for parsing HTTP. (bsc#1191681) Non-security fixes included in this update: Changes in ardana-ansible: * Patch service.py to skip blank lines. Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543) Changes in documentation-suse-openstack-cloud: * CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal * DC files: Update to 2021 stylesheets (#1327) * CI: Use GitHub Actions Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets * OpenDev Migration Patch Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation Changes in python-Django: - Add missing dependency for CVE-2021-31542 Changes in python-monasca-common: - Remove renderspec source service. - Retry publish once on failures. (SOC-11543)

Affected Systems

• suse•ardana-ansible&distro=HPE Helion OpenStack 8

  < 8.0+git.1632499354.a56668f-3.82.1

• suse•ardana-ansible&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1632499354.a56668f-3.82.1

• suse•ardana-monasca&distro=HPE Helion OpenStack 8

  < 8.0+git.1627997000.6c3bc04-3.30.1

• suse•ardana-monasca&distro=SUSE OpenStack Cloud 8

  < 8.0+git.1627997000.6c3bc04-3.30.1

• suse•documentation-hpe-helion-openstack-installation&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-hpe-helion-openstack-operations&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-hpe-helion-openstack-opsconsole&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-hpe-helion-openstack-planning&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-hpe-helion-openstack-security&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-hpe-helion-openstack-user&distro=HPE Helion OpenStack 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-deployment&distro=SUSE OpenStack Cloud Crowbar 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-installation&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-operations&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-opsconsole&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-planning&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-security&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-supplement&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-supplement&distro=SUSE OpenStack Cloud Crowbar 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-upstream-admin&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-upstream-admin&distro=SUSE OpenStack Cloud Crowbar 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-upstream-user&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-upstream-user&distro=SUSE OpenStack Cloud Crowbar 8

  < 8.20210806-1.35.1

• suse•documentation-suse-openstack-cloud-user&distro=SUSE OpenStack Cloud 8

  < 8.20210806-1.35.1

• suse•openstack-ec2-api&distro=HPE Helion OpenStack 8

  < 5.0.1~dev12-4.9.1

• suse•openstack-ec2-api&distro=SUSE OpenStack Cloud 8

  < 5.0.1~dev12-4.9.1

• suse•openstack-ec2-api&distro=SUSE OpenStack Cloud Crowbar 8

  < 5.0.1~dev12-4.9.1

• suse•openstack-heat-templates&distro=HPE Helion OpenStack 8

  < 0.0.0+git.1628179051.7d761bf-3.24.1

• suse•openstack-heat-templates&distro=SUSE OpenStack Cloud 8

  < 0.0.0+git.1628179051.7d761bf-3.24.1

• suse•openstack-heat-templates&distro=SUSE OpenStack Cloud Crowbar 8

  < 0.0.0+git.1628179051.7d761bf-3.24.1

• suse•python-Django&distro=HPE Helion OpenStack 8

  < 1.11.29-3.28.1

• suse•python-Django&distro=SUSE OpenStack Cloud 8

  < 1.11.29-3.28.1

• suse•python-Django&distro=SUSE OpenStack Cloud Crowbar 8

  < 1.11.29-3.28.1

• suse•python-monasca-common&distro=HPE Helion OpenStack 8

  < 2.3.1~dev4-4.9.1

• suse•python-monasca-common&distro=SUSE OpenStack Cloud 8

  < 2.3.1~dev4-4.9.1

• suse•python-monasca-common&distro=SUSE OpenStack Cloud Crowbar 8

  < 2.3.1~dev4-4.9.1

• suse•rubygem-puma&distro=SUSE OpenStack Cloud Crowbar 8

  < 2.16.0-3.15.1

• suse•rubygem-redcarpet&distro=SUSE OpenStack Cloud Crowbar 8

  < 3.2.3-3.3.1

• suse•venv-openstack-heat&distro=HPE Helion OpenStack 8

  < 9.0.8~dev22-12.35.1

• suse•venv-openstack-heat&distro=SUSE OpenStack Cloud 8

  < 9.0.8~dev22-12.35.1

• suse•venv-openstack-horizon-hpe&distro=HPE Helion OpenStack 8

  < 12.0.5~dev6-14.38.1

• suse•venv-openstack-horizon&distro=SUSE OpenStack Cloud 8

  < 12.0.5~dev6-14.38.2

• suse•venv-openstack-monasca&distro=HPE Helion OpenStack 8

  < 2.2.2~dev1-11.30.1

• suse•venv-openstack-monasca&distro=SUSE OpenStack Cloud 8

  < 2.2.2~dev1-11.30.1

References (5)

• https://www.suse.com/support/update/announcement/2021/suse-su-20213728-1/
• https://bugzilla.suse.com/1180837
• https://bugzilla.suse.com/1191681
• https://www.suse.com/security/cve/CVE-2020-26298
• https://www.suse.com/security/cve/CVE-2021-41136