Security update for openstack-dashboard

SUSE Security Update: Security update for openstack-dashboard

---

Announcement ID:	SUSE-SU-2015:2064-1
Rating:	moderate
References:	#928891 #931437 #933607 #933722 #935442 #936059 #936368 #945052 #945515
Affected Products:	SUSE OpenStack Cloud 5

---

An update that solves two vulnerabilities and has 7 fixes is now available.

Description:

This update provides fixes and enhancements for openstack-dashboard,
crowbar-barclamp-nova_dashboard and python-django_openstack_auth.

openstack-dashboard:

- Reset flavors for other than "Boot from Image" source type. (bsc#945515)
- Add deactivated status for glance image.
- Fix TemplateSyntaxError at hypervisors view.
- Fix addition of plugin panel to panel group.
- Remove admin role name 'admin' hardcode. (bsc#935442)
- Escape the description param from heat template. (bsc#933722,
CVE-2015-3219)
- Enhance policy rules to workflow actions and identity project.
- Sanitation of metadata passed from Django to avoid persistent XSS.
(bsc#931437, CVE-2015-3988)
- Fix Terminate Instance on network topology page.
- Show ports from shared nets in floating IP assoc.
- Fix incorrect ca arguments for calling ceilometer client.
- Fix dynamic select layout when help block is displayed.
- Pass correct project ID to get tenant_usages. (bsc#928891)

crowbar-barclamp-nova_dashboard:

- Allow switching on multidomain support. (bsc#945052)
- Fix quoting of supported_provider_types. (bsc#936368)
- Enable the POLICY_FILES setting configuration.
- Fix attribute being fetched from wrong node. (bsc#936059)

python-django_openstack_auth:

- Remove admin role name 'admin' hardcode in User.is_superuser().

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 5:
  zypper in -t patch sleclo50sp3-openstack-crowbar-dashboard-201510-12220=1

To bring your system up-to-date, use "zypper patch".

Package List:

• SUSE OpenStack Cloud 5 (x86_64):
  • openstack-dashboard-2014.2.4~a0~dev12-13.2
  • python-django_openstack_auth-1.1.7-11.3
  • python-horizon-2014.2.4~a0~dev12-13.2
• SUSE OpenStack Cloud 5 (noarch):
  • crowbar-barclamp-nova_dashboard-1.9+git.1443622531.b2b2939-9.3

References:

• https://www.suse.com/security/cve/CVE-2015-3219.html
• https://www.suse.com/security/cve/CVE-2015-3988.html
• https://bugzilla.suse.com/928891
• https://bugzilla.suse.com/931437
• https://bugzilla.suse.com/933607
• https://bugzilla.suse.com/933722
• https://bugzilla.suse.com/935442
• https://bugzilla.suse.com/936059
• https://bugzilla.suse.com/936368
• https://bugzilla.suse.com/945052
• https://bugzilla.suse.com/945515