Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3728-1 Final 1 1 2021-11-19T12:37:40Z current 2021-11-19T12:37:40Z 2021-11-19T12:37:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma This update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837) rubygem-puma: CVE-2021-41136: Fixed build of the Java state machine for parsing HTTP. (bsc#1191681) Non-security fixes included in this update: Changes in ardana-ansible: * Patch service.py to skip blank lines. Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543) Changes in documentation-suse-openstack-cloud: * CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal * DC files: Update to 2021 stylesheets (#1327) * CI: Use GitHub Actions Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets * OpenDev Migration Patch Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation Changes in python-Django: - Add missing dependency for CVE-2021-31542 Changes in python-monasca-common: - Remove renderspec source service. - Retry publish once on failures. (SOC-11543) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-3728,SUSE-2021-3728,SUSE-OpenStack-Cloud-8-2021-3728,SUSE-OpenStack-Cloud-Crowbar-8-2021-3728 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213728-1/ Link for SUSE-SU-2021:3728-1 https://lists.suse.com/pipermail/sle-security-updates/2021-November/009746.html E-Mail link for SUSE-SU-2021:3728-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180837 SUSE Bug 1180837 https://bugzilla.suse.com/1191681 SUSE Bug 1191681 https://www.suse.com/security/cve/CVE-2020-26298/ SUSE CVE CVE-2020-26298 page https://www.suse.com/security/cve/CVE-2021-41136/ SUSE CVE CVE-2021-41136 page HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 documentation-hpe-helion-openstack-installation-8.20210806-1.35.1 documentation-hpe-helion-openstack-operations-8.20210806-1.35.1 documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1 documentation-hpe-helion-openstack-planning-8.20210806-1.35.1 documentation-hpe-helion-openstack-security-8.20210806-1.35.1 documentation-hpe-helion-openstack-user-8.20210806-1.35.1 openstack-ec2-api-5.0.1~dev12-4.9.1 openstack-ec2-api-api-5.0.1~dev12-4.9.1 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 python-Django-1.11.29-3.28.1 python-ec2api-5.0.1~dev12-4.9.1 python-monasca-common-2.3.1~dev4-4.9.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1 documentation-suse-openstack-cloud-installation-8.20210806-1.35.1 documentation-suse-openstack-cloud-operations-8.20210806-1.35.1 documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1 documentation-suse-openstack-cloud-planning-8.20210806-1.35.1 documentation-suse-openstack-cloud-security-8.20210806-1.35.1 documentation-suse-openstack-cloud-socmmsoperator-8.20210806-1.35.1 documentation-suse-openstack-cloud-socmosoperator-8.20210806-1.35.1 documentation-suse-openstack-cloud-socmoverview-8.20210806-1.35.1 documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 documentation-suse-openstack-cloud-user-8.20210806-1.35.1 openstack-ec2-api-test-5.0.1~dev12-4.9.1 python3-Django-1.11.29-3.28.1 ruby2.1-rubygem-puma-2.16.0-3.15.1 ruby2.1-rubygem-puma-doc-2.16.0-3.15.1 ruby2.1-rubygem-redcarpet-3.2.3-3.3.1 ruby2.1-rubygem-redcarpet-doc-3.2.3-3.3.1 ruby2.1-rubygem-redcarpet-testsuite-3.2.3-3.3.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2 ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 as a component of HPE Helion OpenStack 8 ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-installation-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-operations-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-planning-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-security-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 documentation-hpe-helion-openstack-user-8.20210806-1.35.1 as a component of HPE Helion OpenStack 8 openstack-ec2-api-5.0.1~dev12-4.9.1 as a component of HPE Helion OpenStack 8 openstack-ec2-api-api-5.0.1~dev12-4.9.1 as a component of HPE Helion OpenStack 8 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 as a component of HPE Helion OpenStack 8 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 as a component of HPE Helion OpenStack 8 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 as a component of HPE Helion OpenStack 8 python-Django-1.11.29-3.28.1 as a component of HPE Helion OpenStack 8 python-ec2api-5.0.1~dev12-4.9.1 as a component of HPE Helion OpenStack 8 python-monasca-common-2.3.1~dev4-4.9.1 as a component of HPE Helion OpenStack 8 venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 as a component of HPE Helion OpenStack 8 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1 as a component of HPE Helion OpenStack 8 venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 as a component of HPE Helion OpenStack 8 ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 as a component of SUSE OpenStack Cloud 8 ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-installation-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-operations-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-planning-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-security-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-user-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud 8 openstack-ec2-api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud 8 openstack-ec2-api-api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud 8 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud 8 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud 8 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 as a component of SUSE OpenStack Cloud 8 python-Django-1.11.29-3.28.1 as a component of SUSE OpenStack Cloud 8 python-ec2api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud 8 python-monasca-common-2.3.1~dev4-4.9.1 as a component of SUSE OpenStack Cloud 8 venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 as a component of SUSE OpenStack Cloud 8 venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2 as a component of SUSE OpenStack Cloud 8 venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 as a component of SUSE OpenStack Cloud 8 documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud Crowbar 8 documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud Crowbar 8 documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud Crowbar 8 documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-ec2-api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-ec2-api-api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-Django-1.11.29-3.28.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-ec2api-5.0.1~dev12-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-monasca-common-2.3.1~dev4-4.9.1 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-puma-2.16.0-3.15.1 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-redcarpet-3.2.3-3.3.1 as a component of SUSE OpenStack Cloud Crowbar 8 Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. CVE-2020-26298 HPE Helion OpenStack 8:ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 HPE Helion OpenStack 8:ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20210806-1.35.1 HPE Helion OpenStack 8:openstack-ec2-api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 HPE Helion OpenStack 8:python-Django-1.11.29-3.28.1 HPE Helion OpenStack 8:python-ec2api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:python-monasca-common-2.3.1~dev4-4.9.1 HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1 HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20210806-1.35.1 SUSE OpenStack Cloud 8:openstack-ec2-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 SUSE OpenStack Cloud 8:python-Django-1.11.29-3.28.1 SUSE OpenStack Cloud 8:python-ec2api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:python-monasca-common-2.3.1~dev4-4.9.1 SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2 SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.28.1 SUSE OpenStack Cloud Crowbar 8:python-ec2api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:python-monasca-common-2.3.1~dev4-4.9.1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.15.1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-redcarpet-3.2.3-3.3.1 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213728-1/ https://www.suse.com/security/cve/CVE-2020-26298.html CVE-2020-26298 https://bugzilla.suse.com/1180837 SUSE Bug 1180837 Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`. CVE-2021-41136 HPE Helion OpenStack 8:ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 HPE Helion OpenStack 8:ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-installation-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-operations-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-planning-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-security-8.20210806-1.35.1 HPE Helion OpenStack 8:documentation-hpe-helion-openstack-user-8.20210806-1.35.1 HPE Helion OpenStack 8:openstack-ec2-api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 HPE Helion OpenStack 8:python-Django-1.11.29-3.28.1 HPE Helion OpenStack 8:python-ec2api-5.0.1~dev12-4.9.1 HPE Helion OpenStack 8:python-monasca-common-2.3.1~dev4-4.9.1 HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1 HPE Helion OpenStack 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-installation-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-operations-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-planning-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-security-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 SUSE OpenStack Cloud 8:documentation-suse-openstack-cloud-user-8.20210806-1.35.1 SUSE OpenStack Cloud 8:openstack-ec2-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 SUSE OpenStack Cloud 8:python-Django-1.11.29-3.28.1 SUSE OpenStack Cloud 8:python-ec2api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud 8:python-monasca-common-2.3.1~dev4-4.9.1 SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2 SUSE OpenStack Cloud 8:venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-ec2-api-s3-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.28.1 SUSE OpenStack Cloud Crowbar 8:python-ec2api-5.0.1~dev12-4.9.1 SUSE OpenStack Cloud Crowbar 8:python-monasca-common-2.3.1~dev4-4.9.1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.15.1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-redcarpet-3.2.3-3.3.1 moderate 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213728-1/ https://www.suse.com/security/cve/CVE-2021-41136.html CVE-2021-41136 https://bugzilla.suse.com/1191681 SUSE Bug 1191681