Security update for OpenStack

Announcement ID:	SUSE-SU-2018:2576-1
Rating:	moderate
References:	bsc#1084724 bsc#1095482 bsc#1099902 bsc#1100751 bsc#1102151
Cross-References:	CVE-2018-14432
CVSS scores:	CVE-2018-14432 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2018-14432 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE OpenStack Cloud 7

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for OpenStack fixes the following issues:

The following security issue with openstack-keystone has been fixed:

• CVE-2018-14432: Reduce duplication in federated authentication APIs. (bsc#1102151)

Additionally, the following non-security issues have been fixed:

openstack-dashboard:

• Fetch and show Cinder availability zones list during volume creation and volume creation from image. (bsc#1100751)

openstack-heat:

• Add Trunk resource support.

openstack-horizon-plugin-designate-ui:

• Install all designate panels that are available.

openstack-nova:

• Stop _undefine_domain erroring if domain not found. (bsc#1099902)
• Fix Nova to allow using cinder v3 endpoint. (bsc#1095482)

python-os-vif:

• Check if interface belongs to a Linux Bridge before removing. (bsc#1084724)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 7
  zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1808=1

Package List:

• SUSE OpenStack Cloud 7 (noarch)
  • openstack-nova-scheduler-14.0.11~dev13-4.25.1
  • openstack-nova-consoleauth-14.0.11~dev13-4.25.1
  • python-keystone-10.0.3~dev9-7.12.1
  • openstack-nova-cells-14.0.11~dev13-4.25.1
  • openstack-nova-serialproxy-14.0.11~dev13-4.25.1
  • python-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1
  • openstack-nova-api-14.0.11~dev13-4.25.1
  • openstack-horizon-plugin-designate-ui-3.0.2~dev1-3.6.1
  • openstack-heat-api-cfn-7.0.7~dev10-5.12.1
  • openstack-nova-novncproxy-14.0.11~dev13-4.25.1
  • openstack-keystone-doc-10.0.3~dev9-7.12.1
  • python-heat-7.0.7~dev10-5.12.1
  • openstack-heat-engine-7.0.7~dev10-5.12.1
  • python-nova-14.0.11~dev13-4.25.1
  • python-horizon-10.0.6~dev4-4.15.1
  • openstack-nova-cert-14.0.11~dev13-4.25.1
  • openstack-nova-conductor-14.0.11~dev13-4.25.1
  • openstack-nova-compute-14.0.11~dev13-4.25.1
  • openstack-heat-test-7.0.7~dev10-5.12.1
  • openstack-heat-api-cloudwatch-7.0.7~dev10-5.12.1
  • openstack-nova-doc-14.0.11~dev13-4.25.1
  • openstack-nova-console-14.0.11~dev13-4.25.1
  • openstack-dashboard-10.0.6~dev4-4.15.1
  • openstack-nova-14.0.11~dev13-4.25.1
  • python-os-vif-1.2.1-3.3.1
  • openstack-heat-api-7.0.7~dev10-5.12.1
  • openstack-nova-placement-api-14.0.11~dev13-4.25.1
  • openstack-heat-doc-7.0.7~dev10-5.12.1
  • openstack-heat-plugin-heat_docker-7.0.7~dev10-5.12.1
  • openstack-nova-vncproxy-14.0.11~dev13-4.25.1
  • openstack-keystone-10.0.3~dev9-7.12.1
  • openstack-heat-7.0.7~dev10-5.12.1

References:

• https://www.suse.com/security/cve/CVE-2018-14432.html
• https://bugzilla.suse.com/show_bug.cgi?id=1084724
• https://bugzilla.suse.com/show_bug.cgi?id=1095482
• https://bugzilla.suse.com/show_bug.cgi?id=1099902
• https://bugzilla.suse.com/show_bug.cgi?id=1100751
• https://bugzilla.suse.com/show_bug.cgi?id=1102151