SUSE-SU-2021:3729-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 19 Nov 2021, 12:39
Last modified:04 Feb 2026, 04:40

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Nov 2021, 12:39
Published
Vulnerability first disclosed
04 Feb 2026, 04:40
Last Modified
Vulnerability information updated

Description

Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868). python-eventlet: CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836) rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837) rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681) Non-security fixes included in this update: Changes in ardana-ansible: * Patch service.py to skip blank lines. Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543) Changes in crowbar-openstack: * keystone wakeup: get new session on any error. (bsc#1189052) Changes in influxdb: - Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on Canges in kibana: - Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868) Changes in openstack-cinder: * Fix typo in Dell EMC Unity driver documentation. * Drop lower-constraints job. * [stable-only] Cap bandit to v1.6.2 and fix constraints. Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets. * OpenDev Migration Patch. Changes in openstack-heat-gbp: * Add support for Wallaby. * Fix upstream gate. Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation. * Fix zuul config for heat-templates-check. * Remove testr. Changes in openstack-horizon-plugin-gbp-ui: * Add support for Wallaby. * Fix upstream gate. Changes in openstack-keystone: * Retry update\_user when sqlalchemy raises StaleDataErrors. * Pin keystone-tempest-plugin for py27 compatibility. Changes in openstack-neutron-gbp: * Fix update router API. * Fix HA IP DB migration. * Revert 'Fix HA IP DB migration'. * Fix HA IP DB migration. * Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * Use custom converter for extra attributes. * Validate network before creating or updating router. * Fix Data Migration query for HA IP table. * System security grp:Add system sg in port sg list. * Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * [apic\_aim]: Fix HA IP UTs. * Fixing the exception msg for IPAddressGenerationFailure. * Enhancement regarding router/instance attachment to an external network floating ip and snat subnets. * Setting legacy-group-based-policy-dsvm-aim to non-voting gate. * Add support for Wallaby. * Bug fixes for gbp-validate. * [apic\_aim]: Filter endpoint details. * Bugfix: Policy Enforcement Pref. * Fix unit-tests for tenant-scope validation. * [AIM] Add Policy Enforcement Pref to network extension. Changes in openstack-nova: * [neutron] Get only ID and name of the SGs from Neutron. * Remove allocations before setting vm\_status to SHELVED\_OFFLOADED. * libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available. * Update pci stat pools based on PCI device changes. * Use subqueryload() instead of joinedload() for (system\_)metadata. Changes in python-eventlet: Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419)

Affected Systems

  • suseardana-ansible&distro=SUSE OpenStack Cloud 9

    < 9.0+git.1628097238.f6cbb0e-3.29.1

  • suseardana-monasca&distro=SUSE OpenStack Cloud 9

    < 9.0+git.1627995376.30bdf85-3.25.1

  • susecrowbar-openstack&distro=SUSE OpenStack Cloud Crowbar 9

    < 6.0+git.1630614261.26948f746-3.37.2

  • suseinfluxdb&distro=SUSE OpenStack Cloud 9

    < 1.3.8-4.6.1

  • suseinfluxdb&distro=SUSE OpenStack Cloud Crowbar 9

    < 1.3.8-4.6.1

  • susekibana&distro=SUSE OpenStack Cloud 9

    < 4.6.6-4.12.1

  • susekibana&distro=SUSE OpenStack Cloud Crowbar 9

    < 4.6.6-4.12.1

  • suseopenstack-cinder&distro=SUSE OpenStack Cloud 9

    < 13.0.10~dev23-3.31.2

  • suseopenstack-cinder&distro=SUSE OpenStack Cloud Crowbar 9

    < 13.0.10~dev23-3.31.2

  • suseopenstack-ec2-api&distro=SUSE OpenStack Cloud 9

    < 7.1.1~dev6-3.3.2

  • suseopenstack-ec2-api&distro=SUSE OpenStack Cloud Crowbar 9

    < 7.1.1~dev6-3.3.2

  • suseopenstack-heat-gbp&distro=SUSE OpenStack Cloud 9

    < 12.0.1~dev4-3.6.1

  • suseopenstack-heat-gbp&distro=SUSE OpenStack Cloud Crowbar 9

    < 12.0.1~dev4-3.6.1

  • suseopenstack-heat-templates&distro=SUSE OpenStack Cloud 9

    < 0.0.0+git.1628179051.7d761bff-3.12.1

  • suseopenstack-heat-templates&distro=SUSE OpenStack Cloud Crowbar 9

    < 0.0.0+git.1628179051.7d761bff-3.12.1

  • suseopenstack-horizon-plugin-gbp-ui&distro=SUSE OpenStack Cloud 9

    < 12.0.1~dev5-3.6.1

  • suseopenstack-horizon-plugin-gbp-ui&distro=SUSE OpenStack Cloud Crowbar 9

    < 12.0.1~dev5-3.6.1

  • suseopenstack-keystone&distro=SUSE OpenStack Cloud 9

    < 14.2.1~dev7-3.25.2

  • suseopenstack-keystone&distro=SUSE OpenStack Cloud Crowbar 9

    < 14.2.1~dev7-3.25.2

  • suseopenstack-neutron-gbp&distro=SUSE OpenStack Cloud 9

    < 14.0.1~dev19-3.28.1

  • suseopenstack-neutron-gbp&distro=SUSE OpenStack Cloud Crowbar 9

    < 14.0.1~dev19-3.28.1

  • suseopenstack-nova&distro=SUSE OpenStack Cloud 9

    < 18.3.1~dev91-3.40.1

  • suseopenstack-nova&distro=SUSE OpenStack Cloud Crowbar 9

    < 18.3.1~dev91-3.40.1

  • susepython-eventlet&distro=SUSE OpenStack Cloud 9

    < 0.20.0-8.3.1

  • susepython-eventlet&distro=SUSE OpenStack Cloud Crowbar 9

    < 0.20.0-8.3.1

  • suserubygem-puma&distro=SUSE OpenStack Cloud Crowbar 9

    < 2.16.0-4.15.1

  • suserubygem-redcarpet&distro=SUSE OpenStack Cloud Crowbar 9

    < 3.2.3-4.3.1

  • susevenv-openstack-barbican&distro=SUSE OpenStack Cloud 9

    < 7.0.1~dev24-3.25.1

  • susevenv-openstack-cinder&distro=SUSE OpenStack Cloud 9

    < 13.0.10~dev23-3.28.1

  • susevenv-openstack-designate&distro=SUSE OpenStack Cloud 9

    < 7.0.2~dev2-3.25.1

  • susevenv-openstack-glance&distro=SUSE OpenStack Cloud 9

    < 17.0.1~dev30-3.23.1

  • susevenv-openstack-heat&distro=SUSE OpenStack Cloud 9

    < 11.0.4~dev4-3.25.1

  • susevenv-openstack-horizon&distro=SUSE OpenStack Cloud 9

    < 14.1.1~dev11-4.29.1

  • susevenv-openstack-ironic&distro=SUSE OpenStack Cloud 9

    < 11.1.5~dev17-4.23.1

  • susevenv-openstack-keystone&distro=SUSE OpenStack Cloud 9

    < 14.2.1~dev7-3.26.1

  • susevenv-openstack-magnum&distro=SUSE OpenStack Cloud 9

    < 7.2.1~dev1-4.25.1

  • susevenv-openstack-manila&distro=SUSE OpenStack Cloud 9

    < 7.4.2~dev60-3.31.1

  • susevenv-openstack-monasca-ceilometer&distro=SUSE OpenStack Cloud 9

    < 1.8.2~dev3-3.25.1

  • susevenv-openstack-monasca&distro=SUSE OpenStack Cloud 9

    < 2.7.1~dev10-3.23.1

  • susevenv-openstack-neutron&distro=SUSE OpenStack Cloud 9

    < 13.0.8~dev164-6.29.1

  • susevenv-openstack-nova&distro=SUSE OpenStack Cloud 9

    < 18.3.1~dev91-3.29.1

  • susevenv-openstack-octavia&distro=SUSE OpenStack Cloud 9

    < 3.2.3~dev7-4.25.1

  • susevenv-openstack-sahara&distro=SUSE OpenStack Cloud 9

    < 9.0.2~dev15-3.25.1

  • susevenv-openstack-swift&distro=SUSE OpenStack Cloud 9

    < 2.19.2~dev48-2.20.1

References (10)