Recommended update for ardana-ansible SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2018:3638-1 Final 1 1 2018-11-06T12:29:32Z current 2018-11-06T12:29:32Z 2018-11-06T12:29:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for ardana-ansible This update for ardana-ansible fixes the following issues: ardana-ansible: - Initial checkin of info capture tool - Rename dayzero-site.yml (bsc#1111886) - Switch to non-legacy media layout by default. - Add Keystone Fernet master node monitoring. (bsc#1097241) - Add restart verb for maintenance updates. - Remove tasks to in-place modify systemd files. - Don't install systemd service file when SUSEified. (bsc#1082708) - Use sosreport for RHEL and supportutils for SLES nodes (bsc#1100688) - Obtain notification URL from environment - Add support for callback plugin post initial install - Added start and stop tracking events - New Service Manila Integration in Ardana - Make changes to return both openstack and cloud pkgs - Added a new playbook to generate hosts file - Make get_ts_pkgs more robust - Add Ansible play and library tool to gather package data - Adding sosreport upgrade to be included in update path (bsc#1105141) - Remove obsolete config.json file (bsc#1104047) ardana-barbican: - Switch to stable/pike branch ardana-cinder: - Updating swift backup url to check non-empty value (bsc#1099412) ardana-cluster: - Fix haproxy not being able to log using journald (bsc#1005886) ardana-cobbler: - Updating failure behavior on power down step in reimage (bsc#1089243) ardana-freezer: - Freezer: Restoring control node fails (bsc#1099741) ardana-glance: - Fix security audit. (bsc#1109445) - Filter out API health checks from logs (bsc#1049737, bsc#1096798) ardana-input-model: - Relicense manila to Apache-2.0. - Remove manila-share dependency to keystone-client (bsc#1109264) - New Service Manila Integration in Ardana - CVE-2016-8611: Add glance-api rate limit to address (bsc#1005886) ardana-keystone: - Updates keystone user if it exists (bsc#1102662) - Reruns of keystone credentials change (bsc#1102662) ardana-mq: - Add rabbitmq-server-plugins (bsc#1103903) ardana-neutron: - Make ovsvapp_agent.log logging consistent with other agents (bsc#1105420) - Allow 3rd-party drivers to pass in dhcp_driver option value - Allow SDNs to replace neutron's policy.json file ardana-nova: - Fixes cell0 map updates (bsc#1091490) ardana-octavia: - Set the correct systemd_service_dir for octavia (bsc#1094847) ardana-osconfig: - Restart dpdk network after restarting openvswitch (bsc#1104407) - Allow passwordless root logins - Added start and stop tracking events ardana-service: - Pass notify_url in extra-vars to playbook - add monasca support - filter out the item where ardana_ansible_host empty - Pass encrypt and rekey parms when running config-processor (bsc#1102789) - Support legacy playbook names for dev env for day2 - Replace dayzero playbook reference with installui - Added mocks for running ardana-start.yml - merge changes up to Sept 17 2018 to stable/pike - Support legacy playbook names for dev env for day2 - Updated REST packages call to handle all packages - handle run playbooks for adding compute nodes - Add DELETE service file method - Added deployed_servers endpoint in ardana-service - Add mock for keystone endpoints - add mocking, robustness, pep8 fix - Gracefully handle missing service description - Add fake playbook, log for running keystone-status - Support insecure mode for keystone - Add caching for internal cp files - Allow insecure mode for keystone sessions - Make packages changes Python 3 compatible - Add ability to get remote host package data - Add endpoint for getting internal cp files - add python-monascaclient dependency - Make packages changes Python 3 compatible - Add ability to get remote host package data ardana-service-ansible: - Include service URL in config file - Create cache directory ardana-ses: - Support phase 2 SES config. - Add SES config yaml conversion utility. - Fix the cinder-backup settings (bsc#1096988, bsc#1096798) ardana-swift: - Switch to stable/pike branch The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2018-2588,SUSE-OpenStack-Cloud-8-2018-2588 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ru-20183638-1/ Link for SUSE-RU-2018:3638-1 https://lists.suse.com/pipermail/sle-updates/2018-November/009993.html E-Mail link for SUSE-RU-2018:3638-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1005886 SUSE Bug 1005886 https://bugzilla.suse.com/1049737 SUSE Bug 1049737 https://bugzilla.suse.com/1082708 SUSE Bug 1082708 https://bugzilla.suse.com/1089243 SUSE Bug 1089243 https://bugzilla.suse.com/1091490 SUSE Bug 1091490 https://bugzilla.suse.com/1094847 SUSE Bug 1094847 https://bugzilla.suse.com/1095166 SUSE Bug 1095166 https://bugzilla.suse.com/1096798 SUSE Bug 1096798 https://bugzilla.suse.com/1096988 SUSE Bug 1096988 https://bugzilla.suse.com/1097241 SUSE Bug 1097241 https://bugzilla.suse.com/1099412 SUSE Bug 1099412 https://bugzilla.suse.com/1099741 SUSE Bug 1099741 https://bugzilla.suse.com/1100688 SUSE Bug 1100688 https://bugzilla.suse.com/1102662 SUSE Bug 1102662 https://bugzilla.suse.com/1102789 SUSE Bug 1102789 https://bugzilla.suse.com/1103903 SUSE Bug 1103903 https://bugzilla.suse.com/1104047 SUSE Bug 1104047 https://bugzilla.suse.com/1104407 SUSE Bug 1104407 https://bugzilla.suse.com/1105141 SUSE Bug 1105141 https://bugzilla.suse.com/1105420 SUSE Bug 1105420 https://bugzilla.suse.com/1109264 SUSE Bug 1109264 https://bugzilla.suse.com/1109445 SUSE Bug 1109445 https://bugzilla.suse.com/1111886 SUSE Bug 1111886 https://www.suse.com/security/cve/CVE-2016-8611/ SUSE CVE CVE-2016-8611 page HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 ardana-ansible-8.0+git.1539739656.0ef51c9-3.46.1 ardana-barbican-8.0+git.1534266594.8136db7-4.27.2 ardana-cinder-8.0+git.1535412193.d9ad231-3.27.2 ardana-cluster-8.0+git.1534266734.ec4822f-3.30.2 ardana-cobbler-8.0+git.1534780521.780753b-3.29.2 ardana-freezer-8.0+git.1534266805.c9ea29b-3.12.2 ardana-glance-8.0+git.1537790499.b15fdea-3.8.2 ardana-input-model-8.0+git.1539086744.5ae1d6f-3.21.2 ardana-keystone-8.0+git.1536100286.ddd8d3e-3.15.2 ardana-mq-8.0+git.1534267034.f95e1ec-3.5.2 ardana-neutron-8.0+git.1537805998.7898f24-3.21.2 ardana-nova-8.0+git.1537895345.35a03a2-3.14.2 ardana-octavia-8.0+git.1534267086.b7dbe77-3.8.2 ardana-osconfig-8.0+git.1540330973.aab0174-3.27.1 ardana-service-8.0+git.1537825617.23552c2-3.14.2 ardana-service-ansible-8.0+git.1537806377.25b5d68-3.11.2 ardana-ses-8.0+git.1539113493.6631423-1.8.2 ardana-swift-8.0+git.1534267211.78fb7e3-3.18.2 ardana-ansible-8.0+git.1539739656.0ef51c9-3.46.1 as a component of HPE Helion OpenStack 8 ardana-barbican-8.0+git.1534266594.8136db7-4.27.2 as a component of HPE Helion OpenStack 8 ardana-cinder-8.0+git.1535412193.d9ad231-3.27.2 as a component of HPE Helion OpenStack 8 ardana-cluster-8.0+git.1534266734.ec4822f-3.30.2 as a component of HPE Helion OpenStack 8 ardana-cobbler-8.0+git.1534780521.780753b-3.29.2 as a component of HPE Helion OpenStack 8 ardana-freezer-8.0+git.1534266805.c9ea29b-3.12.2 as a component of HPE Helion OpenStack 8 ardana-glance-8.0+git.1537790499.b15fdea-3.8.2 as a component of HPE Helion OpenStack 8 ardana-input-model-8.0+git.1539086744.5ae1d6f-3.21.2 as a component of HPE Helion OpenStack 8 ardana-keystone-8.0+git.1536100286.ddd8d3e-3.15.2 as a component of HPE Helion OpenStack 8 ardana-mq-8.0+git.1534267034.f95e1ec-3.5.2 as a component of HPE Helion OpenStack 8 ardana-neutron-8.0+git.1537805998.7898f24-3.21.2 as a component of HPE Helion OpenStack 8 ardana-nova-8.0+git.1537895345.35a03a2-3.14.2 as a component of HPE Helion OpenStack 8 ardana-octavia-8.0+git.1534267086.b7dbe77-3.8.2 as a component of HPE Helion OpenStack 8 ardana-osconfig-8.0+git.1540330973.aab0174-3.27.1 as a component of HPE Helion OpenStack 8 ardana-service-8.0+git.1537825617.23552c2-3.14.2 as a component of HPE Helion OpenStack 8 ardana-service-ansible-8.0+git.1537806377.25b5d68-3.11.2 as a component of HPE Helion OpenStack 8 ardana-ses-8.0+git.1539113493.6631423-1.8.2 as a component of HPE Helion OpenStack 8 ardana-swift-8.0+git.1534267211.78fb7e3-3.18.2 as a component of HPE Helion OpenStack 8 ardana-ansible-8.0+git.1539739656.0ef51c9-3.46.1 as a component of SUSE OpenStack Cloud 8 ardana-barbican-8.0+git.1534266594.8136db7-4.27.2 as a component of SUSE OpenStack Cloud 8 ardana-cinder-8.0+git.1535412193.d9ad231-3.27.2 as a component of SUSE OpenStack Cloud 8 ardana-cluster-8.0+git.1534266734.ec4822f-3.30.2 as a component of SUSE OpenStack Cloud 8 ardana-cobbler-8.0+git.1534780521.780753b-3.29.2 as a component of SUSE OpenStack Cloud 8 ardana-freezer-8.0+git.1534266805.c9ea29b-3.12.2 as a component of SUSE OpenStack Cloud 8 ardana-glance-8.0+git.1537790499.b15fdea-3.8.2 as a component of SUSE OpenStack Cloud 8 ardana-input-model-8.0+git.1539086744.5ae1d6f-3.21.2 as a component of SUSE OpenStack Cloud 8 ardana-keystone-8.0+git.1536100286.ddd8d3e-3.15.2 as a component of SUSE OpenStack Cloud 8 ardana-mq-8.0+git.1534267034.f95e1ec-3.5.2 as a component of SUSE OpenStack Cloud 8 ardana-neutron-8.0+git.1537805998.7898f24-3.21.2 as a component of SUSE OpenStack Cloud 8 ardana-nova-8.0+git.1537895345.35a03a2-3.14.2 as a component of SUSE OpenStack Cloud 8 ardana-octavia-8.0+git.1534267086.b7dbe77-3.8.2 as a component of SUSE OpenStack Cloud 8 ardana-osconfig-8.0+git.1540330973.aab0174-3.27.1 as a component of SUSE OpenStack Cloud 8 ardana-service-8.0+git.1537825617.23552c2-3.14.2 as a component of SUSE OpenStack Cloud 8 ardana-service-ansible-8.0+git.1537806377.25b5d68-3.11.2 as a component of SUSE OpenStack Cloud 8 ardana-ses-8.0+git.1539113493.6631423-1.8.2 as a component of SUSE OpenStack Cloud 8 ardana-swift-8.0+git.1534267211.78fb7e3-3.18.2 as a component of SUSE OpenStack Cloud 8 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. CVE-2016-8611 HPE Helion OpenStack 8:ardana-ansible-8.0+git.1539739656.0ef51c9-3.46.1 HPE Helion OpenStack 8:ardana-barbican-8.0+git.1534266594.8136db7-4.27.2 HPE Helion OpenStack 8:ardana-cinder-8.0+git.1535412193.d9ad231-3.27.2 HPE Helion OpenStack 8:ardana-cluster-8.0+git.1534266734.ec4822f-3.30.2 HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1534780521.780753b-3.29.2 HPE Helion OpenStack 8:ardana-freezer-8.0+git.1534266805.c9ea29b-3.12.2 HPE Helion OpenStack 8:ardana-glance-8.0+git.1537790499.b15fdea-3.8.2 HPE Helion OpenStack 8:ardana-input-model-8.0+git.1539086744.5ae1d6f-3.21.2 HPE Helion OpenStack 8:ardana-keystone-8.0+git.1536100286.ddd8d3e-3.15.2 HPE Helion OpenStack 8:ardana-mq-8.0+git.1534267034.f95e1ec-3.5.2 HPE Helion OpenStack 8:ardana-neutron-8.0+git.1537805998.7898f24-3.21.2 HPE Helion OpenStack 8:ardana-nova-8.0+git.1537895345.35a03a2-3.14.2 HPE Helion OpenStack 8:ardana-octavia-8.0+git.1534267086.b7dbe77-3.8.2 HPE Helion OpenStack 8:ardana-osconfig-8.0+git.1540330973.aab0174-3.27.1 HPE Helion OpenStack 8:ardana-service-8.0+git.1537825617.23552c2-3.14.2 HPE Helion OpenStack 8:ardana-service-ansible-8.0+git.1537806377.25b5d68-3.11.2 HPE Helion OpenStack 8:ardana-ses-8.0+git.1539113493.6631423-1.8.2 HPE Helion OpenStack 8:ardana-swift-8.0+git.1534267211.78fb7e3-3.18.2 SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1539739656.0ef51c9-3.46.1 SUSE OpenStack Cloud 8:ardana-barbican-8.0+git.1534266594.8136db7-4.27.2 SUSE OpenStack Cloud 8:ardana-cinder-8.0+git.1535412193.d9ad231-3.27.2 SUSE OpenStack Cloud 8:ardana-cluster-8.0+git.1534266734.ec4822f-3.30.2 SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1534780521.780753b-3.29.2 SUSE OpenStack Cloud 8:ardana-freezer-8.0+git.1534266805.c9ea29b-3.12.2 SUSE OpenStack Cloud 8:ardana-glance-8.0+git.1537790499.b15fdea-3.8.2 SUSE OpenStack Cloud 8:ardana-input-model-8.0+git.1539086744.5ae1d6f-3.21.2 SUSE OpenStack Cloud 8:ardana-keystone-8.0+git.1536100286.ddd8d3e-3.15.2 SUSE OpenStack Cloud 8:ardana-mq-8.0+git.1534267034.f95e1ec-3.5.2 SUSE OpenStack Cloud 8:ardana-neutron-8.0+git.1537805998.7898f24-3.21.2 SUSE OpenStack Cloud 8:ardana-nova-8.0+git.1537895345.35a03a2-3.14.2 SUSE OpenStack Cloud 8:ardana-octavia-8.0+git.1534267086.b7dbe77-3.8.2 SUSE OpenStack Cloud 8:ardana-osconfig-8.0+git.1540330973.aab0174-3.27.1 SUSE OpenStack Cloud 8:ardana-service-8.0+git.1537825617.23552c2-3.14.2 SUSE OpenStack Cloud 8:ardana-service-ansible-8.0+git.1537806377.25b5d68-3.11.2 SUSE OpenStack Cloud 8:ardana-ses-8.0+git.1539113493.6631423-1.8.2 SUSE OpenStack Cloud 8:ardana-swift-8.0+git.1534267211.78fb7e3-3.18.2 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20183638-1/ https://www.suse.com/security/cve/CVE-2016-8611.html CVE-2016-8611 https://bugzilla.suse.com/1005886 SUSE Bug 1005886