Security update for several openstack-components

Announcement ID:	SUSE-SU-2016:1966-1
Rating:	low
References:	bsc#984802 bsc#988729
Cross-References:	CVE-2016-4985
CVSS scores:	CVE-2016-4985 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Server 12 SP1 SUSE OpenStack Cloud 6

An update that solves one vulnerability and has one security fix can now be installed.

Description:

This update provides the latest code from OpenStack Liberty for openstack-designate, -ironic, -neutron-vpnaas, -nova-docker, -sahara, -tempest and -trove.

Additionally the following security issue has been fixed:

openstack-ironic:

• Mask password on agent lookup according to policy (bsc#984802, CVE-2016-4985)

For a detailed description of all changes, please refer to the changelog.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 6
  zypper in -t patch SUSE-OpenStack-Cloud-6-2016-1160=1

Package List:

• SUSE OpenStack Cloud 6 (noarch)
  • openstack-designate-central-1.0.3~a0~dev10-6.1
  • openstack-designate-api-1.0.3~a0~dev10-6.1
  • python-neutron-vpnaas-7.0.5~a0~dev3-6.1
  • python-trove-4.0.1~a0~dev19-8.1
  • python-designate-1.0.3~a0~dev10-6.1
  • openstack-trove-conductor-4.0.1~a0~dev19-8.1
  • openstack-neutron-vpn-agent-7.0.5~a0~dev3-6.1
  • openstack-tempest-7.0.0-9.1
  • openstack-ironic-conductor-4.2.5-6.1
  • openstack-sahara-doc-3.0.3~a0~dev1-6.1
  • openstack-designate-1.0.3~a0~dev10-6.1
  • openstack-trove-api-4.0.1~a0~dev19-8.1
  • openstack-ironic-api-4.2.5-6.1
  • openstack-neutron-vpnaas-7.0.5~a0~dev3-6.1
  • openstack-sahara-3.0.3~a0~dev1-6.1
  • openstack-ironic-4.2.5-6.1
  • openstack-nova-docker-0.0.1~a0~dev238-4.1
  • openstack-neutron-vpnaas-doc-7.0.5~a0~dev3-6.1
  • openstack-sahara-engine-3.0.3~a0~dev1-6.1
  • openstack-designate-doc-1.0.3~a0~dev10-6.2
  • python-ironic-4.2.5-6.1
  • python-sahara-3.0.3~a0~dev1-6.1
  • python-tempest-7.0.0-9.1
  • openstack-trove-taskmanager-4.0.1~a0~dev19-8.1
  • openstack-sahara-api-3.0.3~a0~dev1-6.1
  • openstack-designate-sink-1.0.3~a0~dev10-6.1
  • openstack-ironic-doc-4.2.5-6.2
  • openstack-trove-4.0.1~a0~dev19-8.1
  • openstack-designate-agent-1.0.3~a0~dev10-6.1
  • openstack-trove-guestagent-4.0.1~a0~dev19-8.1
  • openstack-tempest-test-7.0.0-9.1
  • openstack-trove-doc-4.0.1~a0~dev19-8.1

References:

• https://www.suse.com/security/cve/CVE-2016-4985.html
• https://bugzilla.suse.com/show_bug.cgi?id=984802
• https://bugzilla.suse.com/show_bug.cgi?id=988729