Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-pu
| Announcement ID: | SUSE-SU-2021:3728-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities and contains one feature can now be installed.
Description:
This update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma contains the following fixes:
Security fixes included in this update:
rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837)
rubygem-puma: CVE-2021-41136: Fixed build of the Java state machine for parsing HTTP. (bsc#1191681)
Non-security fixes included in this update:
Changes in ardana-ansible: * Patch service.py to skip blank lines.
Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543)
Changes in documentation-suse-openstack-cloud: * CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal * DC files: Update to 2021 stylesheets (#1327) * CI: Use GitHub Actions
Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets * OpenDev Migration Patch
Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation
Changes in python-Django: - Add missing dependency for CVE-2021-31542
Changes in python-monasca-common: - Remove renderspec source service. - Retry publish once on failures. (SOC-11543)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
HPE Helion OpenStack 8
zypper in -t patch HPE-Helion-OpenStack-8-2021-3728=1 -
SUSE OpenStack Cloud 8
zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3728=1 -
SUSE OpenStack Cloud Crowbar 8
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3728=1
Package List:
-
HPE Helion OpenStack 8 (noarch)
- openstack-ec2-api-s3-5.0.1~dev12-4.9.1
- documentation-hpe-helion-openstack-operations-8.20210806-1.35.1
- openstack-ec2-api-5.0.1~dev12-4.9.1
- venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1
- documentation-hpe-helion-openstack-user-8.20210806-1.35.1
- python-ec2api-5.0.1~dev12-4.9.1
- documentation-hpe-helion-openstack-planning-8.20210806-1.35.1
- ardana-ansible-8.0+git.1632499354.a56668f-3.82.1
- documentation-hpe-helion-openstack-security-8.20210806-1.35.1
- ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1
- venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1
- openstack-ec2-api-api-5.0.1~dev12-4.9.1
- python-Django-1.11.29-3.28.1
- documentation-hpe-helion-openstack-installation-8.20210806-1.35.1
- venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1
- python-monasca-common-2.3.1~dev4-4.9.1
- openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
- documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1
- openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
-
SUSE OpenStack Cloud 8 (noarch)
- documentation-suse-openstack-cloud-user-8.20210806-1.35.1
- python-ec2api-5.0.1~dev12-4.9.1
- documentation-suse-openstack-cloud-planning-8.20210806-1.35.1
- openstack-ec2-api-api-5.0.1~dev12-4.9.1
- documentation-suse-openstack-cloud-security-8.20210806-1.35.1
- openstack-ec2-api-s3-5.0.1~dev12-4.9.1
- openstack-ec2-api-5.0.1~dev12-4.9.1
- ardana-ansible-8.0+git.1632499354.a56668f-3.82.1
- ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1
- python-Django-1.11.29-3.28.1
- documentation-suse-openstack-cloud-installation-8.20210806-1.35.1
- venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1
- venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2
- python-monasca-common-2.3.1~dev4-4.9.1
- documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1
- openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
- openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
- documentation-suse-openstack-cloud-operations-8.20210806-1.35.1
- documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1
- venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1
- documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1
- documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1
-
SUSE OpenStack Cloud Crowbar 8 (noarch)
- openstack-ec2-api-s3-5.0.1~dev12-4.9.1
- openstack-ec2-api-5.0.1~dev12-4.9.1
- documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1
- python-ec2api-5.0.1~dev12-4.9.1
- documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1
- openstack-ec2-api-api-5.0.1~dev12-4.9.1
- python-Django-1.11.29-3.28.1
- documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1
- python-monasca-common-2.3.1~dev4-4.9.1
- documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1
- openstack-ec2-api-metadata-5.0.1~dev12-4.9.1
- openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1
-
SUSE OpenStack Cloud Crowbar 8 (x86_64)
- ruby2.1-rubygem-redcarpet-3.2.3-3.3.1
- ruby2.1-rubygem-puma-2.16.0-3.15.1
- rubygem-puma-debugsource-2.16.0-3.15.1
- ruby2.1-rubygem-puma-debuginfo-2.16.0-3.15.1
- rubygem-redcarpet-debugsource-3.2.3-3.3.1
- ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-3.3.1